On 9/23/21 2:05 PM, Joshua Watt wrote:
On 9/23/21 3:53 PM, Saul Wold wrote:
Extend the SPDXPackage to include is_native so it can be used later in
the processing.
When the collect_dep_sources() runs, it collects sources from both native
and non-native recipes. Later when the GENERATED_FROM matching occurs it
may find the file (via checksum) from the native recipe since it's the
same checksum as the target file. The that are generated DocumentRefs
point to the native recipe rather than the target recipe DocumentRef.
Signed-off-by: Saul Wold <saul.w...@windriver.com>
---
meta/classes/create-spdx.bbclass | 11 +++++++++--
meta/lib/oe/spdx.py | 1 +
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass
b/meta/classes/create-spdx.bbclass
index 3c73c21c04..e565f0bf6c 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -336,6 +336,10 @@ def collect_dep_sources(d, dep_recipes):
sources = {}
for dep in dep_recipes:
+ # Don't collect sources from native recipes as they
+ # match non-native sources also.
+ if dep.recipe.is_native == "True":
+ continue
recipe_files = set(dep.recipe.hasFiles)
for spdx_file in dep.doc.files:
@@ -382,7 +386,6 @@ python do_create_spdx() {
include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
- is_native = bb.data.inherits_class("native", d)
creation_time =
datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -401,6 +404,10 @@ python do_create_spdx() {
recipe.name = d.getVar("PN")
recipe.versionInfo = d.getVar("PV")
recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
+ if bb.data.inherits_class("native", d):
+ recipe.is_native = "True"
+ else:
+ recipe.is_native = "False"
for s in d.getVar('SRC_URI').split():
if not s.startswith("file://"):
@@ -480,7 +487,7 @@ python do_create_spdx() {
sources = collect_dep_sources(d, dep_recipes)
found_licenses = {license.name:recipe_ref.externalDocumentId +
":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
- if not is_native:
+ if recipe.is_native is "False":
bb.build.exec_func("read_subpackage_metadata", d)
pkgdest = Path(d.getVar("PKGDEST"))
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
index 9814fbfd66..452148f339 100644
--- a/meta/lib/oe/spdx.py
+++ b/meta/lib/oe/spdx.py
@@ -164,6 +164,7 @@ class SPDXPackage(SPDXObject):
packageVerificationCode = _Object(SPDXPackageVerificationCode)
hasFiles = _StringList()
packageFileName = _String()
+ is_native = _String()
It's probably not well documented in this file, but this has to match to
the SPDX standard; we can't add arbitrary fields here. When I was
referring to an "annotation" I was specifcially referring to an SPDX
annotation:
I should have figured that!
https://spdx.github.io/spdx-spec/8-annotations/
We'd need to decide on some schema for encoding the data in the annotation
So we need to create an SPDXAnnotation type on spdx.py and define what
we want in the AnnotationComment field?
Sua!
class SPDXFile(SPDXObject):
--
Sau!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#156277):
https://lists.openembedded.org/g/openembedded-core/message/156277
Mute This Topic: https://lists.openembedded.org/mt/85824376/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
