mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-24 02:19:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
03395abc2c2b8ade5204da57be794b4e351fda8c
poky/meta/lib/oe/sbom.py
Joshua Watt ceb95cf9c2 classes/create-spdx-2.2: Report downloads as separate packages 
Moves the downloaded items from SRC_URI into separate packages in the
recipe document. This is much better than the previous implementation
because:
 1) It can report multiple download locations in SRC_URI, instead of
    just the first one reported.
 2) It prevents the assumption that the source files listed in the
    recipe are the exact file from the source URL; in particular, files
    that come from file:// SRC_URI entries, and source files that have
    been patched were problematic, since these aren't from the upstream
    source.
 3) It allows the checksums to be specified

(From OE-Core rev: 1dd4369b3638637a2cbba2a3c37c6b6f4df335cd)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-02-19 07:47:53 +00:00

85 lines
2.0 KiB
Python
Raw Blame History

#
# Copyright OpenEmbedded Contributors
#
# SPDX-License-Identifier: GPL-2.0-only
#
import collections
DepRecipe = collections.namedtuple("DepRecipe", ("doc", "doc_sha1", "recipe"))
DepSource = collections.namedtuple("DepSource", ("doc", "doc_sha1", "recipe", "file"))
def get_recipe_spdxid(d):
return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN"))
def get_download_spdxid(d, idx):
return "SPDXRef-Download-%s-%d" % (d.getVar("PN"), idx)
def get_package_spdxid(pkg):
return "SPDXRef-Package-%s" % pkg
def get_source_file_spdxid(d, idx):
return "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), idx)
def get_packaged_file_spdxid(pkg, idx):
return "SPDXRef-PackagedFile-%s-%d" % (pkg, idx)
def get_image_spdxid(img):
return "SPDXRef-Image-%s" % img
def get_sdk_spdxid(sdk):
return "SPDXRef-SDK-%s" % sdk
def write_doc(d, spdx_doc, subdir, spdx_deploy=None, indent=None):
from pathlib import Path
if spdx_deploy is None:
spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
dest.parent.mkdir(exist_ok=True, parents=True)
with dest.open("wb") as f:
doc_sha1 = spdx_doc.to_json(f, sort_keys=True, indent=indent)
l = spdx_deploy / "by-namespace" / spdx_doc.documentNamespace.replace("/", "_")
l.parent.mkdir(exist_ok=True, parents=True)
l.symlink_to(os.path.relpath(dest, l.parent))
return doc_sha1
def read_doc(fn):
import hashlib
import oe.spdx
import io
import contextlib
@contextlib.contextmanager
def get_file():
if isinstance(fn, io.IOBase):
yield fn
else:
with fn.open("rb") as f:
yield f
with get_file() as f:
sha1 = hashlib.sha1()
while True:
chunk = f.read(4096)
if not chunk:
break
sha1.update(chunk)
f.seek(0)
doc = oe.spdx.SPDXDocument.from_json(f)
return (doc, sha1.hexdigest())
Reference in New Issue View Git Blame Copy Permalink