summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/lib/oe/spdx30_tasks.py59
1 files changed, 32 insertions, 27 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 6a2858c665..70d1bc7e8a 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -119,7 +119,9 @@ def add_license_expression(d, objset, license_expression, license_data):
119 ) 119 )
120 spdx_license_expression = " ".join(convert(l) for l in lic_split) 120 spdx_license_expression = " ".join(convert(l) for l in lic_split)
121 121
122 return objset.new_license_expression(spdx_license_expression, license_data, license_text_map) 122 return objset.new_license_expression(
123 spdx_license_expression, license_data, license_text_map
124 )
123 125
124 126
125def add_package_files( 127def add_package_files(
@@ -202,6 +204,7 @@ def get_package_sources_from_debug(
202 return False 204 return False
203 205
204 debug_search_paths = [ 206 debug_search_paths = [
207 Path(d.getVar("SPDXWORK")),
205 Path(d.getVar("PKGD")), 208 Path(d.getVar("PKGD")),
206 Path(d.getVar("STAGING_DIR_TARGET")), 209 Path(d.getVar("STAGING_DIR_TARGET")),
207 Path(d.getVar("STAGING_DIR_NATIVE")), 210 Path(d.getVar("STAGING_DIR_NATIVE")),
@@ -286,8 +289,24 @@ def collect_dep_objsets(d, build):
286 return dep_objsets, dep_builds 289 return dep_objsets, dep_builds
287 290
288 291
289def collect_dep_sources(dep_objsets): 292def index_sources_by_hash(sources, dest):
290 sources = {} 293 for s in sources:
294 if not isinstance(s, oe.spdx30.software_File):
295 continue
296
297 if s.software_primaryPurpose != oe.spdx30.software_SoftwarePurpose.source:
298 continue
299
300 for v in s.verifiedUsing:
301 if v.algorithm == oe.spdx30.HashAlgorithm.sha256:
302 if not v.hashValue in dest:
303 dest[v.hashValue] = s
304 break
305 else:
306 bb.fatal(f"No SHA256 found for {s.name}")
307
308
309def collect_dep_sources(dep_objsets, dest):
291 for objset in dep_objsets: 310 for objset in dep_objsets:
292 # Don't collect sources from native recipes as they 311 # Don't collect sources from native recipes as they
293 # match non-native sources also. 312 # match non-native sources also.
@@ -307,26 +326,7 @@ def collect_dep_sources(dep_objsets):
307 if e.relationshipType != oe.spdx30.RelationshipType.hasInputs: 326 if e.relationshipType != oe.spdx30.RelationshipType.hasInputs:
308 continue 327 continue
309 328
310 for to in e.to: 329 index_sources_by_hash(e.to, dest)
311 if not isinstance(to, oe.spdx30.software_File):
312 continue
313
314 if (
315 to.software_primaryPurpose
316 != oe.spdx30.software_SoftwarePurpose.source
317 ):
318 continue
319
320 for v in to.verifiedUsing:
321 if v.algorithm == oe.spdx30.HashAlgorithm.sha256:
322 sources[v.hashValue] = to
323 break
324 else:
325 bb.fatal(
326 "No SHA256 found for %s in %s" % (to.name, objset.doc.name)
327 )
328
329 return sources
330 330
331 331
332def add_download_files(d, objset): 332def add_download_files(d, objset):
@@ -511,18 +511,21 @@ def create_spdx(d):
511 source_files = add_download_files(d, build_objset) 511 source_files = add_download_files(d, build_objset)
512 build_inputs |= source_files 512 build_inputs |= source_files
513 513
514 recipe_spdx_license = add_license_expression(d, build_objset, d.getVar("LICENSE"), license_data) 514 recipe_spdx_license = add_license_expression(
515 d, build_objset, d.getVar("LICENSE"), license_data
516 )
515 build_objset.new_relationship( 517 build_objset.new_relationship(
516 source_files, 518 source_files,
517 oe.spdx30.RelationshipType.hasConcludedLicense, 519 oe.spdx30.RelationshipType.hasConcludedLicense,
518 [recipe_spdx_license], 520 [recipe_spdx_license],
519 ) 521 )
520 522
523 dep_sources = {}
521 if oe.spdx_common.process_sources(d) and include_sources: 524 if oe.spdx_common.process_sources(d) and include_sources:
522 bb.debug(1, "Adding source files to SPDX") 525 bb.debug(1, "Adding source files to SPDX")
523 oe.spdx_common.get_patched_src(d) 526 oe.spdx_common.get_patched_src(d)
524 527
525 build_inputs |= add_package_files( 528 files = add_package_files(
526 d, 529 d,
527 build_objset, 530 build_objset,
528 spdx_workdir, 531 spdx_workdir,
@@ -535,6 +538,8 @@ def create_spdx(d):
535 ignore_top_level_dirs=["temp"], 538 ignore_top_level_dirs=["temp"],
536 archive=None, 539 archive=None,
537 ) 540 )
541 build_inputs |= files
542 index_sources_by_hash(files, dep_sources)
538 543
539 dep_objsets, dep_builds = collect_dep_objsets(d, build) 544 dep_objsets, dep_builds = collect_dep_objsets(d, build)
540 if dep_builds: 545 if dep_builds:
@@ -555,7 +560,7 @@ def create_spdx(d):
555 # TODO: Handle native recipe output 560 # TODO: Handle native recipe output
556 if not is_native: 561 if not is_native:
557 bb.debug(1, "Collecting Dependency sources files") 562 bb.debug(1, "Collecting Dependency sources files")
558 sources = collect_dep_sources(dep_objsets) 563 collect_dep_sources(dep_objsets, dep_sources)
559 564
560 bb.build.exec_func("read_subpackage_metadata", d) 565 bb.build.exec_func("read_subpackage_metadata", d)
561 566
@@ -726,7 +731,7 @@ def create_spdx(d):
726 731
727 if include_sources: 732 if include_sources:
728 debug_sources = get_package_sources_from_debug( 733 debug_sources = get_package_sources_from_debug(
729 d, package, package_files, sources, source_hash_cache 734 d, package, package_files, dep_sources, source_hash_cache
730 ) 735 )
731 debug_source_ids |= set( 736 debug_source_ids |= set(
732 oe.sbom30.get_element_link_id(d) for d in debug_sources 737 oe.sbom30.get_element_link_id(d) for d in debug_sources
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-10 14:19:17 +0000