diff options
| author |   Saul Wold <Saul.Wold@windriver.com> | 2021-09-27 10:22:17 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-28 00:14:46 +0100 |
| commit | ba5ec03986a0bce8dccbc381fd34e44b8a135e66 (patch) | |
| tree | 1706ef9da84bc37dc0f487832f013877509f830a /meta/classes/create-spdx.bbclass | |
| parent | 8db551bba619f3b3612c59270043148214a462cc (diff) | |
| download | openembedded-core-contrib-ba5ec03986a0bce8dccbc381fd34e44b8a135e66.tar.gz | |
create-spdx: Use SPDXAnnotation to track native recipes
Create a small function that checks for 'isNative' as part of an Annotation
When the collect_dep_sources() runs, it collects sources from both native
and non-native recipes. Later when the GENERATED_FROM matching occurs it
may find the file (via checksum) from the native recipe since it's the
same checksum as the target file. The that are generated DocumentRefs
point to the native recipe rather than the target recipe DocumentRef.
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/create-spdx.bbclass')
| -rw-r--r-- | meta/classes/create-spdx.bbclass | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index 3c73c21c04..739b46e9b3 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass @@ -13,6 +13,9 @@ SPDXDIR ??= "${WORKDIR}/spdx" SPDXDEPLOY = "${SPDXDIR}/deploy" SPDXWORK = "${SPDXDIR}/work" +SPDX_TOOL_NAME ??= "oe-spdx-creator" +SPDX_TOOL_VERSION ??= "1.0" + SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" SPDX_INCLUDE_SOURCES ??= "0" @@ -32,6 +35,10 @@ def get_doc_namespace(d, doc): namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE")) return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name))) +def recipe_spdx_is_native(d, recipe): + return any(a.annotationType == "OTHER" and + a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and + a.comment == "isNative" for a in recipe.annotations) def is_work_shared(d): pn = d.getVar('PN') @@ -336,6 +343,10 @@ def collect_dep_sources(d, dep_recipes): sources = {} for dep in dep_recipes: + # Don't collect sources from native recipes as they + # match non-native sources also. + if recipe_spdx_is_native(d, dep.recipe): + continue recipe_files = set(dep.recipe.hasFiles) for spdx_file in dep.doc.files: @@ -382,7 +393,6 @@ python do_create_spdx() { include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" - is_native = bb.data.inherits_class("native", d) creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") @@ -401,6 +411,13 @@ python do_create_spdx() { recipe.name = d.getVar("PN") recipe.versionInfo = d.getVar("PV") recipe.SPDXID = oe.sbom.get_recipe_spdxid(d) + if bb.data.inherits_class("native", d): + annotation = oe.spdx.SPDXAnnotation() + annotation.annotationDate = creation_time + annotation.annotationType = "OTHER" + annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) + annotation.comment = "isNative" + recipe.annotations.append(annotation) for s in d.getVar('SRC_URI').split(): if not s.startswith("file://"): @@ -480,7 +497,7 @@ python do_create_spdx() { sources = collect_dep_sources(d, dep_recipes) found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos} - if not is_native: + if not recipe_spdx_is_native(d, recipe): bb.build.exec_func("read_subpackage_metadata", d) pkgdest = Path(d.getVar("PKGDEST")) |