On Tue, Feb 13, 2024 at 6:33 PM <[email protected]> wrote: > > From: BELOUARGA Mohamed <[email protected]> > > This patch corrects the default value of SPDX_NAMESPACE_PREFIX as the previous > value is not expected to exist. > It adds also the documentation of the variable SPDX_NAMESPACE_PREFIX. > This patch can also be linked to the bug: > https://bugzilla.yoctoproject.org/show_bug.cgi?id=15398 > > Signed-off-by: BELOUARGA Mohamed <[email protected]> > --- > documentation/ref-manual/variables.rst | 5 +++++ > meta/classes/create-spdx-2.2.bbclass | 2 +- > 2 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/documentation/ref-manual/variables.rst > b/documentation/ref-manual/variables.rst > index 6f7d6ff01e..907575ba82 100644 > --- a/documentation/ref-manual/variables.rst > +++ b/documentation/ref-manual/variables.rst > @@ -7913,6 +7913,11 @@ system and gives an overview of their function and > contents. > image), compared to just using the :ref:`ref-classes-create-spdx` class > with no option. > > + :term:`SPDX_NAMESPACE_PREFIX` > + This option could be used in order to change the prefix of > ``spdxDocument`` > + and the prefix of ``documentNamespace``. It is set by default to: > + ``https://spdx.org/spdxdocs`` . > + > :term:`SPDX_PRETTY` > This option makes the SPDX output more human-readable, using > identation and newlines, instead of the default output in a > diff --git a/meta/classes/create-spdx-2.2.bbclass > b/meta/classes/create-spdx-2.2.bbclass > index 486efadba9..dedaffc043 100644 > --- a/meta/classes/create-spdx-2.2.bbclass > +++ b/meta/classes/create-spdx-2.2.bbclass > @@ -28,7 +28,7 @@ SPDX_ARCHIVE_SOURCES ??= "0" > SPDX_ARCHIVE_PACKAGED ??= "0" > > SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" > -SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"; > +SPDX_NAMESPACE_PREFIX ??= "https://spdx.org/spdxdocs";
Per the spec [1], the recommended form is "http://[CreatorWebsite]/[pathToSpdx]/[DocumentName]-[UUID]";. If a creator doesn't own a website for publishing, "spdx.org/spdxdocs" can used for CreatorWebsite. Therefore, while the "spdxdocs" is required, https:// isn't. I'd prefer to keep it that way in case anyone wants to use that prefix to decide if the document can be downloaded or not. [1]: https://spdx.github.io/spdx-spec/v2.2.2/document-creation-information/#652-intent > SPDX_PRETTY ??= "0" > > SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" > -- > 2.25.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#195519): https://lists.openembedded.org/g/openembedded-core/message/195519 Mute This Topic: https://lists.openembedded.org/mt/104345729/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
