classes/create-spdx: Add SPDX_PRETTY option

Adds an option to make the SPDX more human-readable (at the expense of a larger files) (From OE-Core rev: 4799594b26f77ed259dc661bf077519b338390c8) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-18 12:32:12 +02:00 · 2022-06-13 21:30:47 -05:00
parent ee0d001b81
commit ec2f329787
2 changed files with 18 additions and 8 deletions
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -25,6 +25,7 @@ SPDX_ARCHIVE_PACKAGED ??= "0"

 SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
 SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+SPDX_PRETTY ??= "0"

 SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"

@@ -76,6 +77,11 @@ def recipe_spdx_is_native(d, recipe):
 def is_work_shared_spdx(d):
    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))

+def get_json_indent(d):
+    if d.getVar("SPDX_PRETTY") == "1":
+        return 2
+    return None
+
 python() {
    import json
    if d.getVar("SPDX_LICENSE_DATA"):
@@ -515,7 +521,7 @@ python do_create_spdx() {

    dep_recipes = collect_dep_recipes(d, doc, recipe)

-    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes")
+    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))

    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -579,7 +585,7 @@ python do_create_spdx() {

            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)

-            oe.sbom.write_doc(d, package_doc, "packages")
+            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
 }
 # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
 addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
@@ -743,7 +749,7 @@ python do_create_runtime_spdx() {
                )
                seen_deps.add(dep)

-            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
 }

 addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
@@ -938,7 +944,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
    image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json")

    with image_spdx_path.open("wb") as f:
-        doc.to_json(f, sort_keys=True)
+        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))

    num_threads = int(d.getVar("BB_NUMBER_THREADS"))

@@ -996,7 +1002,11 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):

            index["documents"].sort(key=lambda x: x["filename"])

-            index_str = io.BytesIO(json.dumps(index, sort_keys=True).encode("utf-8"))
+            index_str = io.BytesIO(json.dumps(
+                index,
+                sort_keys=True,
+                indent=get_json_indent(d),
+            ).encode("utf-8"))

            info = tarfile.TarInfo()
            info.name = "index.json"
@@ -1010,4 +1020,4 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):

    spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json")
    with spdx_index_path.open("w") as f:
-        json.dump(index, f, sort_keys=True)
+        json.dump(index, f, sort_keys=True, indent=get_json_indent(d))
--- a/meta/lib/oe/sbom.py
+++ b/meta/lib/oe/sbom.py
@@ -32,7 +32,7 @@ def get_sdk_spdxid(sdk):
    return "SPDXRef-SDK-%s" % sdk


-def write_doc(d, spdx_doc, subdir, spdx_deploy=None):
+def write_doc(d, spdx_doc, subdir, spdx_deploy=None, indent=None):
    from pathlib import Path

    if spdx_deploy is None:
@@ -41,7 +41,7 @@ def write_doc(d, spdx_doc, subdir, spdx_deploy=None):
    dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
    dest.parent.mkdir(exist_ok=True, parents=True)
    with dest.open("wb") as f:
-        doc_sha1 = spdx_doc.to_json(f, sort_keys=True)
+        doc_sha1 = spdx_doc.to_json(f, sort_keys=True, indent=indent)

    l = spdx_deploy / "by-namespace" / spdx_doc.documentNamespace.replace("/", "_")
    l.parent.mkdir(exist_ok=True, parents=True)