classes/create-spdx: extend DocumentRef to include name

This will create a more uniq DocumentRef, which will allow the individual spdx files to be merged into a single SBOM file reflecting the image. Do the same with the runtime dependencies also (From OE-Core rev: df7c88a48621d32c02f328eedc314f10d475b758) Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-29 00:32:14 +02:00 · 2021-09-01 08:44:48 -05:00
parent 25e41200c7
commit 0d5c2d9f35
1 changed files with 2 additions and 2 deletions
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -427,7 +427,7 @@ python do_create_spdx() {
        package_doc.creationInfo.creators.append("Person: N/A ()")

        recipe_ref = oe.spdx.SPDXExternalDocumentRef()
-        recipe_ref.externalDocumentId = "DocumentRef-recipe"
+        recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
        recipe_ref.spdxDocument = doc.documentNamespace
        recipe_ref.checksum.algorithm = "SHA1"
        recipe_ref.checksum.checksumValue = doc_sha1
@@ -566,7 +566,7 @@ python do_create_runtime_spdx() {
        runtime_doc.creationInfo.creators.append("Person: N/A ()")

        package_ref = oe.spdx.SPDXExternalDocumentRef()
-        package_ref.externalDocumentId = "DocumentRef-package"
+        package_ref.externalDocumentId = "DocumentRef-package-" + package
        package_ref.spdxDocument = package_doc.documentNamespace
        package_ref.checksum.algorithm = "SHA1"
        package_ref.checksum.checksumValue = package_doc_sha1