From: João Marcos Costa (Schneider Electric) <[email protected]>
Hello,
Currently, a SPDX3 SBoM including the compiled sources [1] is incomplete due to
a path mismatch between what is provided by package.py and what is expected by
SPDX3 (spdx30_tasks.py, spdx_common.py). Example:
- package.py provides: "linux-yocto-6.6.123+git-r0/drivers/base/soc.c"
- SPDX3 expects: "linux-yocto-6.6.127+git/drivers/base/soc.c"
This patch fixes this mismatch, and ensures the SPDX v2.2 code is changed
accordingly.
Best regards,
[1] SPDX_INCLUDE_COMPILED_SOURCES:pn-linux-yocto = "1"
João Marcos Costa (Schneider Electric) (1):
meta/lib/oe/package.py: fix path to kernel sources in
save_debugsources_info
meta/classes/create-spdx-2.2.bbclass | 2 +-
meta/lib/oe/package.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
--
2.47.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#237539):
https://lists.openembedded.org/g/openembedded-core/message/237539
Mute This Topic: https://lists.openembedded.org/mt/119438909/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
