On Wed, May 15, 2024 at 8:09 PM Joshua Watt <jpewhac...@gmail.com> wrote:
> On Wed, May 15, 2024 at 11:11 AM Marta Rybczynska <rybczyn...@gmail.com> > wrote: > > > > Hello all, > > As this discussion might be interesting to multiple people, I post it to > YP list and the OE architecture list. > > > > In the VEX work (the status will go out in a moment in a separate > message), we're collecting SPDX and CVE files for builds to re-run the CVE > checks later (potentially months later). The CVE check file is generated > for both the image and the build as it is (including the SDK). > > > > On the other hand, the SPDX archive is generated for the image only, and > contains only packages from the system image itself, omitting the build > system. This is possible for us to get all the partial SPDX files from the > build dir, but we do not expect the complete build dir to be kept for > months. > > Can you clarify what you mean by "build" here? We do generate SPDX for > the "native" recipes used during the build, and they are in the final > SPDX generated for an image, so we do have some idea of the "build" > tools used to generate an image. > Hello Joshua, This is still unclear to me. When I build an image eg bitbake core-image-minimal I get the spdx archive as expected: ./tmp-glibc/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs.spdx.tar.zst ./tmp-glibc/deploy/images/qemux86-64/core-image-minimal-qemux86-64.rootfs-20240522164207.spdx.tar.zst ./tmp-glibc/work/qemux86_64-oe-linux/core-image-minimal/1.0/deploy-core-image-minimal-image-complete/core-image-minimal-qemux86-64.rootfs.spdx.tar.zst ./tmp-glibc/work/qemux86_64-oe-linux/core-image-minimal/1.0/deploy-core-image-minimal-image-complete/core-image-minimal-qemux86-64.rootfs-20240522164207.spdx.tar.zst However, there's no archive for the world build (not going to mention how long it lasted). Is it on purpose? Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2020): https://lists.openembedded.org/g/openembedded-architecture/message/2020 Mute This Topic: https://lists.openembedded.org/mt/106118369/21656 Group Owner: openembedded-architecture+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
