Changes the SPDX 3 output to include a "recipe" package that describe static information available at parse time (without building). This is primarily useful for gathering SPDX 3 VEX information about some or all recipes, enabling SPDX 3 to be used in place of cve_check.bbclass and vex.bbclass.
Special thanks to Benjamin Robin <[email protected]> for helping work through this. Joshua Watt (9): llvm-project-source: Use allarch.bbclass gcc-source: Use allarch.bbclass spdx3: Add recipe SPDX data spdx3: Add recipe SBoM task spdx3: Add is-native property spdx30: Include patch file information in VEX spdx: De-duplicate CreationInfo spdx: Ignore ASSUME_PROVIDED recipes spdx_common: Check for dependent task in task flags meta/classes-global/sstate.bbclass | 4 +- meta/classes-global/staging.bbclass | 2 +- .../create-spdx-image-3.0.bbclass | 4 +- .../create-spdx-sdk-3.0.bbclass | 4 +- meta/classes-recipe/kernel.bbclass | 2 +- meta/classes-recipe/nospdx.bbclass | 1 + meta/classes/create-spdx-2.2.bbclass | 12 +- meta/classes/create-spdx-3.0.bbclass | 77 ++- meta/classes/spdx-common.bbclass | 14 +- meta/lib/oe/sbom30.py | 192 ++++--- meta/lib/oe/spdx30.py | 2 +- meta/lib/oe/spdx30_tasks.py | 487 +++++++++++++----- meta/lib/oe/spdx_common.py | 16 +- .../meta/meta-world-recipe-sbom.bb | 26 + .../clang/llvm-project-source.inc | 8 +- meta/recipes-devtools/gcc/gcc-source.inc | 16 +- 16 files changed, 620 insertions(+), 247 deletions(-) create mode 100644 meta/recipes-core/meta/meta-world-recipe-sbom.bb -- 2.53.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231519): https://lists.openembedded.org/g/openembedded-core/message/231519 Mute This Topic: https://lists.openembedded.org/mt/117911572/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
