From: Saul Wold <saul.w...@windriver.com> This will create a more uniq DocumentRef, which will allow the individual spdx files to be merged into a single SBOM file reflecting the image. Do the same with the runtime dependencies also
Signed-off-by: Saul Wold <saul.w...@windriver.com> Signed-off-by: Joshua Watt <jpewhac...@gmail.com> --- meta/classes/create-spdx.bbclass | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index aa3e977b02..72c1385feb 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass @@ -427,7 +427,7 @@ python do_create_spdx() { package_doc.creationInfo.creators.append("Person: N/A ()") recipe_ref = oe.spdx.SPDXExternalDocumentRef() - recipe_ref.externalDocumentId = "DocumentRef-recipe" + recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name recipe_ref.spdxDocument = doc.documentNamespace recipe_ref.checksum.algorithm = "SHA1" recipe_ref.checksum.checksumValue = doc_sha1 @@ -566,7 +566,7 @@ python do_create_runtime_spdx() { runtime_doc.creationInfo.creators.append("Person: N/A ()") package_ref = oe.spdx.SPDXExternalDocumentRef() - package_ref.externalDocumentId = "DocumentRef-package" + package_ref.externalDocumentId = "DocumentRef-package-" + package package_ref.spdxDocument = package_doc.documentNamespace package_ref.checksum.algorithm = "SHA1" package_ref.checksum.checksumValue = package_doc_sha1 -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155570): https://lists.openembedded.org/g/openembedded-core/message/155570 Mute This Topic: https://lists.openembedded.org/mt/85302500/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-