From: "Kamel Bouhara (Schneider Electric)" <[email protected]>
Introduce a new bitbake task do_create_kernel_config_spdx that extracts
the kernel configuration from ${B}/.config and exports it into the
recipe's SPDX document as a separate build_Build object.
The kernel config parameters are stored as SPDX DictionaryEntry objects
and linked to the main kernel build using an ancestorOf relationship.
This enables the kernel build's configuration to be explicitly captured
in the SPDX document for compliance, auditing, and reproducibility.
The task is gated by SPDX_INCLUDE_KERNEL_CONFIG (default = "0").
Reviewed-by: Joshua Watt <[email protected]>
Signed-off-by: Kamel Bouhara (Schneider Electric) <[email protected]>
Signed-off-by: Mathieu Dubois-Briand <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit 228a968e7c47d811c06143279bdb0f9c5f374bef)
Signed-off-by: Steve Sakoman <[email protected]>
---
meta/classes-recipe/kernel.bbclass | 64 ++++++++++++++++++++++++++++
meta/classes/create-spdx-3.0.bbclass | 6 +++
2 files changed, 70 insertions(+)
diff --git a/meta/classes-recipe/kernel.bbclass
b/meta/classes-recipe/kernel.bbclass
index 4c1cb89a46..d557e98d65 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -873,5 +873,69 @@ addtask deploy after do_populate_sysroot do_packagedata
EXPORT_FUNCTIONS do_deploy
+python __anonymous() {
+ inherits = (d.getVar("INHERIT") or "")
+ if "create-spdx" in inherits:
+ bb.build.addtask('do_create_kernel_config_spdx', 'do_populate_lic
do_deploy', 'do_create_spdx', d)
+}
+
+python do_create_kernel_config_spdx() {
+ if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) == "1":
+ import oe.spdx30
+ import oe.spdx30_tasks
+ from pathlib import Path
+ from datetime import datetime, timezone
+
+ pkg_arch = d.getVar("SSTATE_PKGARCH")
+ deploydir = Path(d.getVar("SPDXDEPLOY"))
+ pn = d.getVar("PN")
+
+ config_path = d.expand("${B}/.config")
+ kernel_params = []
+ if not os.path.exists(config_path):
+ bb.warn(f"SPDX: Kernel config file not found at: {config_path}")
+ return
+
+ try:
+ with open(config_path, 'r') as f:
+ for line in f:
+ line = line.strip()
+ if not line or line.startswith("#"):
+ continue
+ if "=" in line:
+ key, value = line.split("=", 1)
+ kernel_params.append(oe.spdx30.DictionaryEntry(
+ key=key,
+ value=value.strip('"')
+ ))
+ bb.note(f"Parsed {len(kernel_params)} kernel config entries from
{config_path}")
+ except Exception as e:
+ bb.error(f"Failed to parse kernel config file: {e}")
+
+ build, build_objset = oe.sbom30.find_root_obj_in_jsonld(
+ d, "recipes", f"recipe-{pn}", oe.spdx30.build_Build
+ )
+
+ kernel_build = build_objset.add_root(
+ oe.spdx30.build_Build(
+ _id=build_objset.new_spdxid("kernel-config"),
+ creationInfo=build_objset.doc.creationInfo,
+
build_buildType="https://openembedded.org/kernel-configuration";,
+ build_parameter=kernel_params
+ )
+ )
+
+ oe.spdx30_tasks.set_timestamp_now(d, kernel_build,
"build_buildStartTime")
+
+ build_objset.new_relationship(
+ [build],
+ oe.spdx30.RelationshipType.ancestorOf,
+ [kernel_build]
+ )
+
+ oe.sbom30.write_jsonld_doc(d, build_objset, deploydir / pkg_arch /
"recipes" / f"recipe-{pn}.spdx.json")
+}
+do_create_kernel_config_spdx[depends] = "virtual/kernel:do_configure"
+
# Add using Device Tree support
inherit kernel-devicetree
diff --git a/meta/classes/create-spdx-3.0.bbclass
b/meta/classes/create-spdx-3.0.bbclass
index c0a5436ad6..15c31ba9a3 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -50,6 +50,12 @@ SPDX_INCLUDE_TIMESTAMPS[doc] = "Include time stamps in SPDX
output. This is \
useful if you want to know when artifacts were produced and when builds \
occurred, but will result in non-reproducible SPDX output"
+SPDX_INCLUDE_KERNEL_CONFIG ??= "0"
+SPDX_INCLUDE_KERNEL_CONFIG[doc] = "If set to '1', the .config file for the
kernel will be parsed \
+and each CONFIG_* value will be included in the Build.build_parameter list as
DictionaryEntry \
+items. Set to '0' to disable exporting kernel configuration to improve
performance or reduce \
+SPDX document size."
+
SPDX_IMPORTS ??= ""
SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable that describes how to \
reference external SPDX ids. Each import is defined as a key in this \
--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#228487):
https://lists.openembedded.org/g/openembedded-core/message/228487
Mute This Topic: https://lists.openembedded.org/mt/116921733/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
