From ce1cefc34704ecf7165479f66f4bc18e3195d127 Mon Sep 17 00:00:00 2001 From: Antonin Godard Date: Thu, 27 Mar 2025 15:22:13 +0100 Subject: dev-manual/sbom.rst: fix wrong build outputs This document was written with SPDX 3.0 in mind (create-spdx-3.0 class) on OE-Core's master, but Kirkstone only supports SPDX 2.2 (named simply create-spdx). The create-spdx class only generate a tar.zst output, so remove the other outputs listed here. Also, ancillary outputs are not only deployed in tmp/deploy/spdx/MACHINE but tmp/deploy/spdx in general. (From yocto-docs rev: 25b5ec4c71c97228f8386f5b6c4fbe272c207ed6) Signed-off-by: Antonin Godard Signed-off-by: Steve Sakoman --- documentation/dev-manual/sbom.rst | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'documentation/dev-manual') diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst index 6949675c25..3d72a689e9 100644 --- a/documentation/dev-manual/sbom.rst +++ b/documentation/dev-manual/sbom.rst @@ -30,16 +30,9 @@ To make this happen, you must inherit the INHERIT += "create-spdx" -Upon building an image, you will then get: - -- :term:`SPDX` output in JSON format as an ``IMAGE-MACHINE.spdx.json`` file in - ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`. - -- This toplevel file is accompanied by an ``IMAGE-MACHINE.spdx.index.json`` - containing an index of JSON :term:`SPDX` files for individual recipes. - -- The compressed archive ``IMAGE-MACHINE.spdx.tar.zst`` contains the index - and the files for the single recipes. +Upon building an image, you will then get the compressed archive +``IMAGE-MACHINE.spdx.tar.zst`` contains the index and the files for the single +recipes. The :ref:`ref-classes-create-spdx` class offers options to include more information in the output :term:`SPDX` data: @@ -56,7 +49,7 @@ more information in the output :term:`SPDX` data: Though the toplevel :term:`SPDX` output is available in ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary -generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as: +generated files are available in ``tmp/deploy/spdx`` too, such as: - The individual :term:`SPDX` JSON files in the ``IMAGE-MACHINE.spdx.tar.zst`` archive. -- cgit v1.2.3-54-g00ecf