mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 04:03:03 +01:00
ce192383d5
Originally, while SPDX_INCLUDE_SOURCES = "1" [1], there is bug in scan
for gcc, libgcc in which the sources locates in work-share directory.
Copy source from ${WORKDIR} to ${SPDXWORK} did not satisfy the situation
while ${S} was not included in ${WORKDIR}
This commit aim to support SPDX include source for work-share directory
1. If is_work_shared_spdx, Copy source from ${S} to ${SPDXWORK},
normally the dest dir in ${SPDXWORK} has the same basename dir of ${S};
but for kernel source, rename basename dir 'kernel-source' to ${BP} (${BPN}-${PV})
2. For SPDX source copy, do hard link copy to save copy time
3. Move do_patch to no work shared situation along with do_unpack
4. Tweak task do_create_spdx dependencies to assure the patched source
in work share is ready for SPDX source copy
5. Remove bb.data.inherits_class('kernel', d) from is_work_shared_spdx,
the kernel source locates in 'work-shared', test kernel.bbclass is not
necessary
[1] https://docs.yoctoproject.org/dev/ref-manual/variables.html#term-SPDX_INCLUDE_SOURCES
(From OE-Core rev: 64454b1956a9b50d6c89a3f3d7c594c1272cb289)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
100 lines
3.4 KiB
Plaintext
100 lines
3.4 KiB
Plaintext
#
|
|
# Copyright OpenEmbedded Contributors
|
|
#
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
#
|
|
|
|
SPDX_VERSION ??= ""
|
|
DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${SPDX_VERSION}"
|
|
|
|
# The product name that the CVE database uses. Defaults to BPN, but may need to
|
|
# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
|
|
CVE_PRODUCT ??= "${BPN}"
|
|
CVE_VERSION ??= "${PV}"
|
|
|
|
SPDXDIR ??= "${WORKDIR}/spdx/${SPDX_VERSION}"
|
|
SPDXDEPLOY = "${SPDXDIR}/deploy"
|
|
SPDXWORK = "${SPDXDIR}/work"
|
|
SPDXIMAGEWORK = "${SPDXDIR}/image-work"
|
|
SPDXSDKWORK = "${SPDXDIR}/sdk-work"
|
|
SPDXSDKEXTWORK = "${SPDXDIR}/sdk-ext-work"
|
|
SPDXDEPS = "${SPDXDIR}/deps.json"
|
|
|
|
SPDX_TOOL_NAME ??= "oe-spdx-creator"
|
|
SPDX_TOOL_VERSION ??= "1.0"
|
|
|
|
SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
|
|
|
|
SPDX_INCLUDE_SOURCES ??= "0"
|
|
SPDX_ARCHIVE_SOURCES ??= "0"
|
|
SPDX_ARCHIVE_PACKAGED ??= "0"
|
|
|
|
SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
|
|
SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"
|
|
SPDX_PRETTY ??= "0"
|
|
|
|
SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
|
|
|
|
SPDX_CUSTOM_ANNOTATION_VARS ??= ""
|
|
|
|
SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
|
|
|
|
def create_spdx_source_deps(d):
|
|
import oe.spdx_common
|
|
|
|
deps = []
|
|
if d.getVar("SPDX_INCLUDE_SOURCES") == "1":
|
|
pn = d.getVar('PN')
|
|
# do_unpack is a hack for now; we only need it to get the
|
|
# dependencies do_unpack already has so we can extract the source
|
|
# ourselves
|
|
if oe.spdx_common.has_task(d, "do_unpack"):
|
|
deps.append("%s:do_unpack" % pn)
|
|
|
|
if oe.spdx_common.is_work_shared_spdx(d) and \
|
|
oe.spdx_common.process_sources(d):
|
|
# For kernel source code
|
|
if oe.spdx_common.has_task(d, "do_shared_workdir"):
|
|
deps.append("%s:do_shared_workdir" % pn)
|
|
|
|
# For gcc-source-${PV} source code
|
|
if oe.spdx_common.has_task(d, "do_preconfigure"):
|
|
deps.append("%s:do_preconfigure" % pn)
|
|
elif oe.spdx_common.has_task(d, "do_patch"):
|
|
deps.append("%s:do_patch" % pn)
|
|
# For gcc-cross-x86_64 source code
|
|
elif oe.spdx_common.has_task(d, "do_configure"):
|
|
deps.append("%s:do_configure" % pn)
|
|
|
|
return " ".join(deps)
|
|
|
|
|
|
python do_collect_spdx_deps() {
|
|
# This task calculates the build time dependencies of the recipe, and is
|
|
# required because while a task can deptask on itself, those dependencies
|
|
# do not show up in BB_TASKDEPDATA. To work around that, this task does the
|
|
# deptask on do_create_spdx and writes out the dependencies it finds, then
|
|
# do_create_spdx reads in the found dependencies when writing the actual
|
|
# SPDX document
|
|
import json
|
|
import oe.spdx_common
|
|
from pathlib import Path
|
|
|
|
spdx_deps_file = Path(d.getVar("SPDXDEPS"))
|
|
|
|
deps = oe.spdx_common.collect_direct_deps(d, "do_create_spdx")
|
|
|
|
with spdx_deps_file.open("w") as f:
|
|
json.dump(deps, f)
|
|
}
|
|
# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
|
|
addtask do_collect_spdx_deps after do_unpack
|
|
do_collect_spdx_deps[depends] += "${PATCHDEPENDENCY}"
|
|
do_collect_spdx_deps[deptask] = "do_create_spdx"
|
|
do_collect_spdx_deps[dirs] = "${SPDXDIR}"
|
|
|
|
oe.spdx_common.collect_direct_deps[vardepsexclude] += "BB_TASKDEPDATA"
|
|
oe.spdx_common.collect_direct_deps[vardeps] += "DEPENDS"
|
|
oe.spdx_common.collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
|
|
oe.spdx_common.get_patched_src[vardepsexclude] += "STAGING_KERNEL_DIR"
|