From 5fe543b9ceec971cf0297ff0ae3b0ccc4703cece Mon Sep 17 00:00:00 2001 From: Joshua Watt Date: Fri, 15 Jul 2022 08:47:47 -0500 Subject: sstatesig: Include all dependencies in SPDX task signatures SDPX generation involves looking through BB_TASKDEPDATA for dependencies, then linking to the generated documents for those dependencies. These document links use a checksum to validate the document, which means that if a upstream document changes, all downstream documents must be regenerated to get the new checksum, otherwise the compendium of documents produced by the build will have broken links; therefore all dependent task should be included in the signature (even from "ABI safe" recipes). Signed-off-by: Joshua Watt Signed-off-by: Alexandre Belloni --- meta/lib/oe/sstatesig.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'meta/lib/oe/sstatesig.py') diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 7150bd0929..de65244932 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -24,10 +24,19 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches): return "/allarch.bbclass" in inherits def isImage(mc, fn): return "/image.bbclass" in " ".join(dataCaches[mc].inherits[fn]) + def isSPDXTask(task): + return task in ("do_create_spdx", "do_create_runtime_spdx") depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep) mc, _ = bb.runqueue.split_mc(fn) + # Keep all dependencies between SPDX tasks in the signature. SPDX documents + # are linked together by hashes, which means if a dependent document changes, + # all downstream documents must be re-written (even if they are "safe" + # dependencies). + if isSPDXTask(task) and isSPDXTask(deptaskname): + return True + # (Almost) always include our own inter-task dependencies (unless it comes # from a mcdepends). The exception is the special # do_kernel_configme->do_unpack_and_patch dependency from archiver.bbclass. -- cgit 1.2.3-korg