mirror of
https://git.yoctoproject.org/poky
synced 2026-04-14 08:02:30 +02:00
8cde17408f
When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the source code files that are used during compilation. It uses debugsource information generated during do_package. This enables an external tool to use the SPDX information to disregard vulnerabilities that are not compiled. As example, when used with the default config with linux-yocto, the spdx size is reduced from 156MB to 61MB. (From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968) Adapted to existing files for SPDX3.0 Tested with: - bitbake world on oe-core - oe-selftest --run-tests spdx.SPDX30Check Regarding SPDX2.2, the respective backport was already performed in OE-Core rev: a2866934e58fb377a73e87576c8594988a63ad1b (From OE-Core rev: 1c7dfab26d69a87bb026e05b3bbf6a266858c0d1) Signed-off-by: João Marcos Costa (Schneider Electric) <joaomarcos.costa@bootlin.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>