diff options
| author |   Andres Beltran <abeltran@linux.microsoft.com> | 2021-11-04 16:48:56 +0000 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-11-05 11:40:56 +0000 |
| commit | f239814f3f5d9bd54de54b0f2a5081067336e32b (patch) | |
| tree | f96c0a2e87f13ea5bb2137c4d22569b57ea8c24e | |
| parent | a8c4ba727251e53494a4aec483fcc51982e6fb75 (diff) | |
| download | openembedded-core-contrib-f239814f3f5d9bd54de54b0f2a5081067336e32b.tar.gz | |
create-spdx: Set the Organization field via a variable
Currently, the "Organization" field for SBOMs is hard-coded in
create-spdx. Create a new variable SPDX_ORG to make this field more
generic.
Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/create-spdx.bbclass | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index c35dbe1184..eb1d446f3f 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass @@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc" SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" +SPDX_ORG ??= "OpenEmbedded ()" + do_image_complete[depends] = "virtual/kernel:do_create_spdx" def get_doc_namespace(d, doc): @@ -415,7 +417,7 @@ python do_create_spdx() { doc.creationInfo.comment = "This document was created by analyzing recipe files during the build." doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") - doc.creationInfo.creators.append("Organization: OpenEmbedded ()") + doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG")) doc.creationInfo.creators.append("Person: N/A ()") recipe = oe.spdx.SPDXPackage() @@ -519,7 +521,7 @@ python do_create_spdx() { package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build." package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") - package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") + package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG")) package_doc.creationInfo.creators.append("Person: N/A ()") package_doc.externalDocumentRefs.append(recipe_ref) @@ -653,7 +655,7 @@ python do_create_runtime_spdx() { runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies." runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") - runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") + runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG")) runtime_doc.creationInfo.creators.append("Person: N/A ()") package_ref = oe.spdx.SPDXExternalDocumentRef() @@ -813,7 +815,7 @@ python image_combine_spdx() { doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build." doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") - doc.creationInfo.creators.append("Organization: OpenEmbedded ()") + doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG")) doc.creationInfo.creators.append("Person: N/A ()") image = oe.spdx.SPDXPackage() |