mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-04 23:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

spdx30: Link license and build by alias

Browse Source 
The license information and Build created by do_create_spdx are changed
to be referenced by their link alias instead of the actual SPDX ID. This
fixes a case where do_create_package_spdx would pull these from
mismatching sstate, and then the SPDX IDs would be unresolved when
assembling the final document

(From OE-Core rev: c0fcdc72a7c8fca86a874d1b04298fe9e500c796)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Joshua Watt
2024-10-07 10:24:15 -06:00
committed by Richard Purdie
parent ca5472cd2c
commit 19aa2c0a99
2 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
meta/lib/oe/sbom30.py
View File

@@ -305,24 +305,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
def add_aliases(self):
for o in self.foreach_type(oe.spdx30.Element):
if not o._id or o._id.startswith("_:"):
continue
alias_ext = get_alias(o)
if alias_ext is None:
unihash = self.d.getVar("BB_UNIHASH")
namespace = self.get_namespace()
if unihash not in o._id:
bb.warn(f"Unihash {unihash} not found in {o._id}")
elif namespace not in o._id:
bb.warn(f"Namespace {namespace} not found in {o._id}")
else:
alias_ext = set_alias(
o,
o._id.replace(unihash, "UNIHASH").replace(
namespace, self.d.getVar("PN")
),
)
self.set_element_alias(o)
def remove_internal_extensions(self):
def remove(o):
@@ -345,6 +328,26 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
str(uuid.uuid5(namespace_uuid, pn)),
)
def set_element_alias(self, e):
if not e._id or e._id.startswith("_:"):
return
alias_ext = get_alias(e)
if alias_ext is None:
unihash = self.d.getVar("BB_UNIHASH")
namespace = self.get_namespace()
if unihash not in e._id:
bb.warn(f"Unihash {unihash} not found in {e._id}")
elif namespace not in e._id:
bb.warn(f"Namespace {namespace} not found in {e._id}")
else:
alias_ext = set_alias(
e,
e._id.replace(unihash, "UNIHASH").replace(
namespace, self.d.getVar("PN")
),
)
def new_spdxid(self, *suffix, include_unihash=True):
items = [self.get_namespace()]
if include_unihash:
@@ -557,7 +560,9 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
scope=scope,
)
def new_license_expression(self, license_expression, license_data, license_text_map={}):
def new_license_expression(
self, license_expression, license_data, license_text_map={}
):
license_list_version = license_data["licenseListVersion"]
# SPDX 3 requires that the license list version be a semver
# MAJOR.MINOR.MICRO, but the actual license version might be

10
meta/lib/oe/spdx30_tasks.py
View File

@@ -119,9 +119,11 @@ def add_license_expression(d, objset, license_expression, license_data):
)
spdx_license_expression = " ".join(convert(l) for l in lic_split)
return objset.new_license_expression(
o = objset.new_license_expression(
spdx_license_expression, license_data, license_text_map
)
objset.set_element_alias(o)
return o
def add_package_files(
@@ -462,6 +464,8 @@ def create_spdx(d):
build_objset = oe.sbom30.ObjectSet.new_objset(d, d.getVar("PN"))
build = build_objset.new_task_build("recipe", "recipe")
build_objset.set_element_alias(build)
build_objset.doc.rootElement.append(build)
build_objset.set_is_native(is_native)
@@ -603,7 +607,7 @@ def create_spdx(d):
set_var_field("DESCRIPTION", spdx_package, "description", package=package)
pkg_objset.new_scoped_relationship(
[build._id],
[oe.sbom30.get_element_link_id(build)],
oe.spdx30.RelationshipType.hasOutput,
oe.spdx30.LifecycleScopeType.build,
[spdx_package],
@@ -650,7 +654,7 @@ def create_spdx(d):
pkg_objset.new_relationship(
[spdx_package],
oe.spdx30.RelationshipType.hasConcludedLicense,
[package_spdx_license._id],
[oe.sbom30.get_element_link_id(package_spdx_license)],
)
# NOTE: CVE Elements live in the recipe collection