diff options
-rw-r--r-- | meta/lib/oe/spdx30_tasks.py | 59 |
1 files changed, 32 insertions, 27 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 6a2858c665..70d1bc7e8a 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py | |||
@@ -119,7 +119,9 @@ def add_license_expression(d, objset, license_expression, license_data): | |||
119 | ) | 119 | ) |
120 | spdx_license_expression = " ".join(convert(l) for l in lic_split) | 120 | spdx_license_expression = " ".join(convert(l) for l in lic_split) |
121 | 121 | ||
122 | return objset.new_license_expression(spdx_license_expression, license_data, license_text_map) | 122 | return objset.new_license_expression( |
123 | spdx_license_expression, license_data, license_text_map | ||
124 | ) | ||
123 | 125 | ||
124 | 126 | ||
125 | def add_package_files( | 127 | def add_package_files( |
@@ -202,6 +204,7 @@ def get_package_sources_from_debug( | |||
202 | return False | 204 | return False |
203 | 205 | ||
204 | debug_search_paths = [ | 206 | debug_search_paths = [ |
207 | Path(d.getVar("SPDXWORK")), | ||
205 | Path(d.getVar("PKGD")), | 208 | Path(d.getVar("PKGD")), |
206 | Path(d.getVar("STAGING_DIR_TARGET")), | 209 | Path(d.getVar("STAGING_DIR_TARGET")), |
207 | Path(d.getVar("STAGING_DIR_NATIVE")), | 210 | Path(d.getVar("STAGING_DIR_NATIVE")), |
@@ -286,8 +289,24 @@ def collect_dep_objsets(d, build): | |||
286 | return dep_objsets, dep_builds | 289 | return dep_objsets, dep_builds |
287 | 290 | ||
288 | 291 | ||
289 | def collect_dep_sources(dep_objsets): | 292 | def index_sources_by_hash(sources, dest): |
290 | sources = {} | 293 | for s in sources: |
294 | if not isinstance(s, oe.spdx30.software_File): | ||
295 | continue | ||
296 | |||
297 | if s.software_primaryPurpose != oe.spdx30.software_SoftwarePurpose.source: | ||
298 | continue | ||
299 | |||
300 | for v in s.verifiedUsing: | ||
301 | if v.algorithm == oe.spdx30.HashAlgorithm.sha256: | ||
302 | if not v.hashValue in dest: | ||
303 | dest[v.hashValue] = s | ||
304 | break | ||
305 | else: | ||
306 | bb.fatal(f"No SHA256 found for {s.name}") | ||
307 | |||
308 | |||
309 | def collect_dep_sources(dep_objsets, dest): | ||
291 | for objset in dep_objsets: | 310 | for objset in dep_objsets: |
292 | # Don't collect sources from native recipes as they | 311 | # Don't collect sources from native recipes as they |
293 | # match non-native sources also. | 312 | # match non-native sources also. |
@@ -307,26 +326,7 @@ def collect_dep_sources(dep_objsets): | |||
307 | if e.relationshipType != oe.spdx30.RelationshipType.hasInputs: | 326 | if e.relationshipType != oe.spdx30.RelationshipType.hasInputs: |
308 | continue | 327 | continue |
309 | 328 | ||
310 | for to in e.to: | 329 | index_sources_by_hash(e.to, dest) |
311 | if not isinstance(to, oe.spdx30.software_File): | ||
312 | continue | ||
313 | |||
314 | if ( | ||
315 | to.software_primaryPurpose | ||
316 | != oe.spdx30.software_SoftwarePurpose.source | ||
317 | ): | ||
318 | continue | ||
319 | |||
320 | for v in to.verifiedUsing: | ||
321 | if v.algorithm == oe.spdx30.HashAlgorithm.sha256: | ||
322 | sources[v.hashValue] = to | ||
323 | break | ||
324 | else: | ||
325 | bb.fatal( | ||
326 | "No SHA256 found for %s in %s" % (to.name, objset.doc.name) | ||
327 | ) | ||
328 | |||
329 | return sources | ||
330 | 330 | ||
331 | 331 | ||
332 | def add_download_files(d, objset): | 332 | def add_download_files(d, objset): |
@@ -511,18 +511,21 @@ def create_spdx(d): | |||
511 | source_files = add_download_files(d, build_objset) | 511 | source_files = add_download_files(d, build_objset) |
512 | build_inputs |= source_files | 512 | build_inputs |= source_files |
513 | 513 | ||
514 | recipe_spdx_license = add_license_expression(d, build_objset, d.getVar("LICENSE"), license_data) | 514 | recipe_spdx_license = add_license_expression( |
515 | d, build_objset, d.getVar("LICENSE"), license_data | ||
516 | ) | ||
515 | build_objset.new_relationship( | 517 | build_objset.new_relationship( |
516 | source_files, | 518 | source_files, |
517 | oe.spdx30.RelationshipType.hasConcludedLicense, | 519 | oe.spdx30.RelationshipType.hasConcludedLicense, |
518 | [recipe_spdx_license], | 520 | [recipe_spdx_license], |
519 | ) | 521 | ) |
520 | 522 | ||
523 | dep_sources = {} | ||
521 | if oe.spdx_common.process_sources(d) and include_sources: | 524 | if oe.spdx_common.process_sources(d) and include_sources: |
522 | bb.debug(1, "Adding source files to SPDX") | 525 | bb.debug(1, "Adding source files to SPDX") |
523 | oe.spdx_common.get_patched_src(d) | 526 | oe.spdx_common.get_patched_src(d) |
524 | 527 | ||
525 | build_inputs |= add_package_files( | 528 | files = add_package_files( |
526 | d, | 529 | d, |
527 | build_objset, | 530 | build_objset, |
528 | spdx_workdir, | 531 | spdx_workdir, |
@@ -535,6 +538,8 @@ def create_spdx(d): | |||
535 | ignore_top_level_dirs=["temp"], | 538 | ignore_top_level_dirs=["temp"], |
536 | archive=None, | 539 | archive=None, |
537 | ) | 540 | ) |
541 | build_inputs |= files | ||
542 | index_sources_by_hash(files, dep_sources) | ||
538 | 543 | ||
539 | dep_objsets, dep_builds = collect_dep_objsets(d, build) | 544 | dep_objsets, dep_builds = collect_dep_objsets(d, build) |
540 | if dep_builds: | 545 | if dep_builds: |
@@ -555,7 +560,7 @@ def create_spdx(d): | |||
555 | # TODO: Handle native recipe output | 560 | # TODO: Handle native recipe output |
556 | if not is_native: | 561 | if not is_native: |
557 | bb.debug(1, "Collecting Dependency sources files") | 562 | bb.debug(1, "Collecting Dependency sources files") |
558 | sources = collect_dep_sources(dep_objsets) | 563 | collect_dep_sources(dep_objsets, dep_sources) |
559 | 564 | ||
560 | bb.build.exec_func("read_subpackage_metadata", d) | 565 | bb.build.exec_func("read_subpackage_metadata", d) |
561 | 566 | ||
@@ -726,7 +731,7 @@ def create_spdx(d): | |||
726 | 731 | ||
727 | if include_sources: | 732 | if include_sources: |
728 | debug_sources = get_package_sources_from_debug( | 733 | debug_sources = get_package_sources_from_debug( |
729 | d, package, package_files, sources, source_hash_cache | 734 | d, package, package_files, dep_sources, source_hash_cache |
730 | ) | 735 | ) |
731 | debug_source_ids |= set( | 736 | debug_source_ids |= set( |
732 | oe.sbom30.get_element_link_id(d) for d in debug_sources | 737 | oe.sbom30.get_element_link_id(d) for d in debug_sources |