Adds initial support for generating SBoMs in SPDX json format. SBoM generation can be enabled by adding:
INHERIT += "create-spdx" to local.conf Joshua Watt (30): classes/package: Add extended packaged data classes/create-spdx: Add class classes/create-spdx: Change creator classes/create-spdx: Add SHA1 to index file classes/create-spdx: Add index to DEPLOYDIR classes/create-spdx: Add runtime dependency mapping classes/create-spdx: Add NOASSERTION for unknown debug sources classes/create-spdx: Fix another creator Add SPDX licenses classes/create-spdx: Fix up license reporting classes/create-spdx: Speed up hash calculations classes/create-spdx: Fix file:// in downloadLocation classes/create-spdx: Add special exception for Public Domain license classes/create-spdx: Collect all task dependencies classes/create-spdx: Skip package processing for native recipes classes/create-spdx: Comment out placeholder license warning conf/licenses: Add FreeType SPDX mapping tzdata: Remove BSD License specifier glib-2.0: Use specific BSD license variant e2fsprogs: Use specific BSD license variant shadow: Use specific BSD license variant sudo: Use specific BSD license variant libcap: Use specific BSD license variant libpam: Use specific BSD license variant libxfont2: Use specific BSD license variant libjitterentropy: Use specific BSD license variant libx11: Use specific BSD license variant font-util: Use specific BSD license variant flac: Use specific BSD license variant swig: Use specific BSD license variant Saul Wold (1): classes/create-spdx: extend DocumentRef to include name meta/classes/create-spdx.bbclass | 901 +++ meta/classes/package.bbclass | 39 +- meta/conf/licenses.conf | 1 + meta/files/spdx-licenses.json | 5938 +++++++++++++++++ meta/lib/oe/packagedata.py | 12 + meta/lib/oe/sbom.py | 74 + meta/lib/oe/spdx.py | 271 + meta/recipes-core/glib-2.0/glib.inc | 2 +- meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- meta/recipes-devtools/swig/swig.inc | 2 +- meta/recipes-extended/pam/libpam_1.5.1.bb | 2 +- meta/recipes-extended/shadow/shadow.inc | 2 +- meta/recipes-extended/sudo/sudo.inc | 2 +- meta/recipes-extended/timezone/timezone.inc | 2 +- .../xorg-font/font-util_1.3.2.bb | 2 +- .../recipes-graphics/xorg-lib/libx11_1.7.2.bb | 2 +- .../xorg-lib/libxfont2_2.0.5.bb | 2 +- meta/recipes-multimedia/flac/flac_1.3.3.bb | 2 +- meta/recipes-support/libcap/libcap_2.51.bb | 2 +- .../libjitterentropy_3.1.0.bb | 2 +- 20 files changed, 7246 insertions(+), 16 deletions(-) create mode 100644 meta/classes/create-spdx.bbclass create mode 100644 meta/files/spdx-licenses.json create mode 100644 meta/lib/oe/sbom.py create mode 100644 meta/lib/oe/spdx.py -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155561): https://lists.openembedded.org/g/openembedded-core/message/155561 Mute This Topic: https://lists.openembedded.org/mt/85302487/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-