From df7c88a48621d32c02f328eedc314f10d475b758 Mon Sep 17 00:00:00 2001
From: Saul Wold <saul.wold@windriver.com>
Date: Wed, 1 Sep 2021 08:44:48 -0500
Subject: classes/create-spdx: extend DocumentRef to include name

This will create a more uniq DocumentRef, which will allow
the individual spdx files to be merged into a single SBOM
file reflecting the image. Do the same with the runtime dependencies
also

Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/classes/create-spdx.bbclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index aa3e977b02..72c1385feb 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -427,7 +427,7 @@ python do_create_spdx() {
         package_doc.creationInfo.creators.append("Person: N/A ()")
 
         recipe_ref = oe.spdx.SPDXExternalDocumentRef()
-        recipe_ref.externalDocumentId = "DocumentRef-recipe"
+        recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
         recipe_ref.spdxDocument = doc.documentNamespace
         recipe_ref.checksum.algorithm = "SHA1"
         recipe_ref.checksum.checksumValue = doc_sha1
@@ -566,7 +566,7 @@ python do_create_runtime_spdx() {
         runtime_doc.creationInfo.creators.append("Person: N/A ()")
 
         package_ref = oe.spdx.SPDXExternalDocumentRef()
-        package_ref.externalDocumentId = "DocumentRef-package"
+        package_ref.externalDocumentId = "DocumentRef-package-" + package
         package_ref.spdxDocument = package_doc.documentNamespace
         package_ref.checksum.algorithm = "SHA1"
         package_ref.checksum.checksumValue = package_doc_sha1
-- 
cgit 1.2.3-korg