Changes the SPDX 3 output to include a "recipe" package that describe static information available at parse time (without building). This is primarily useful for gathering SPDX 3 VEX information about some or all recipes, enabling SPDX 3 to be used in place of cve_check.bbclass and vex.bbclass.
Special thanks to Benjamin Robin <[email protected]> for helping work through this. V2: Fixes a bug where do_populate_sysroot was running when it should not be. Drops the patch to ignore ASSUME_PROVIDES recipes, since this is incorrect (this is already handled by bitbake in the taskgraph, and doesn't need to be manually removed). V3: Fixes a bug where meta-world-recipe-sbom was reporting a circular dependency. meta-world-recipe-sbom also no longer runs in world builds, as there's no reason to this. Finally, fixes a bug where NO_GENERIC_LICENSE files would fail to be found in do_create_spdx (because do_unpack was not run). Joshua Watt (8): llvm-project-source: Use allarch.bbclass gcc-source: Use allarch.bbclass spdx3: Add recipe SPDX data spdx3: Add recipe SBoM task spdx3: Add is-native property spdx30: Include patch file information in VEX spdx: De-duplicate CreationInfo spdx_common: Check for dependent task in task flags meta/classes-global/sstate.bbclass | 4 +- .../create-spdx-image-3.0.bbclass | 4 +- .../create-spdx-sdk-3.0.bbclass | 4 +- meta/classes-recipe/kernel.bbclass | 2 +- meta/classes-recipe/nospdx.bbclass | 1 + meta/classes/create-spdx-2.2.bbclass | 12 +- meta/classes/create-spdx-3.0.bbclass | 76 ++- meta/classes/spdx-common.bbclass | 16 +- meta/lib/oe/sbom30.py | 192 ++++--- meta/lib/oe/spdx30.py | 2 +- meta/lib/oe/spdx30_tasks.py | 487 +++++++++++++----- meta/lib/oe/spdx_common.py | 11 + .../meta/meta-world-recipe-sbom.bb | 28 + .../clang/llvm-project-source.inc | 8 +- meta/recipes-devtools/gcc/gcc-source.inc | 16 +- 15 files changed, 618 insertions(+), 245 deletions(-) create mode 100644 meta/recipes-core/meta/meta-world-recipe-sbom.bb -- 2.53.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232046): https://lists.openembedded.org/g/openembedded-core/message/232046 Mute This Topic: https://lists.openembedded.org/mt/118016226/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
