On Thu, Dec 18, 2025 at 5:01 AM Stefano Tondo via lists.openembedded.org <[email protected]> wrote: > > From: Stefano Tondo <[email protected]> > > Add automatic population of summary field with intelligent fallback > chain to improve SBOM human-readability and documentation completeness. > > The summary field provides a brief description of each package in the > SBOM, making it easier for humans to understand the purpose of components > without reading full descriptions. The implementation uses a fallback > chain to ensure every package has a meaningful summary: > > SUMMARY:${package} → SUMMARY → DESCRIPTION → generated description > > This improvement addresses SBOM documentation quality requirements and > makes SBOMs more useful for security review and compliance documentation. > > Signed-off-by: Stefano Tondo <[email protected]>
LGTM thanks. Reviewed-by: Joshua Watt <[email protected]> > --- > meta/lib/oe/spdx30_tasks.py | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py > index f731a709e3..286a08ed9b 100644 > --- a/meta/lib/oe/spdx30_tasks.py > +++ b/meta/lib/oe/spdx30_tasks.py > @@ -636,7 +636,22 @@ def create_spdx(d): > set_var_field( > "HOMEPAGE", spdx_package, "software_homePage", > package=package > ) > - set_var_field("SUMMARY", spdx_package, "summary", > package=package) > + > + # Add summary with fallback to DESCRIPTION > + summary = None > + if package: > + summary = d.getVar("SUMMARY:%s" % package) > + if not summary: > + summary = d.getVar("SUMMARY") > + if not summary: > + # Fallback to DESCRIPTION if SUMMARY not available > + summary = d.getVar("DESCRIPTION") > + if not summary: > + # Last resort: generate from package name > + summary = f"Package {package or d.getVar('PN')}" > + if summary: > + spdx_package.summary = summary > + > set_var_field("DESCRIPTION", spdx_package, "description", > package=package) > > if d.getVar("SPDX_PACKAGE_URL:%s" % package) or > d.getVar("SPDX_PACKAGE_URL"): > -- > 2.52.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#228874): https://lists.openembedded.org/g/openembedded-core/message/228874 Mute This Topic: https://lists.openembedded.org/mt/116840956/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
