This patch does not look correct as it basically reverts previous patch, returning to broken builds with empty image link name.
There is I think a better patch for this on the mailing list - https://lists.openembedded.org/g/openembedded-core/message/239739 The main problem is that spdx tasks create sstate objects for images. Image tasks are not supposed to do that. I think I’ll send a patch for that some day. Peter From: [email protected] <[email protected]> On Behalf Of Yoann Congal via lists.openembedded.org Sent: Wednesday, July 1, 2026 12:31 PM To: [email protected] Cc: [email protected]; Ryan Eatmon <[email protected]> Subject: Re: [OE-core] [PATCH] classes-recipe/sbom-cve-check: fix sstate cache mismatch in sbom path Le mer. 1 juil. 2026 à 12:00, Anna-Lena Marx via lists.openembedded.org<http://lists.openembedded.org> <[email protected]<mailto:[email protected]>> a écrit : Using ${IMAGE_NAME} to construct the sbom_path causes the do_sbom_cve_check task to fail in subsequent builds when the image generation is restored from the sstate cache. ${IMAGE_NAME} utilizes the DATETIME variable via ${IMAGE_VERSION_SUFFIX}, which is re-evaluated during the current execution. This results in a timestamp mismatch with the actually deployed cached SPDX artifact. Switching the path construction to use ${IMAGE_LINK_NAME} ensures the task reliably targets the stable symlink in the deploy directory, restoring cache determinism and preventing "No such file or directory" errors on rebuilds. Signed-off-by: Anna-Lena Marx <[email protected]<mailto:[email protected]>> --- Ping Ryan, isn't what you worked on as well? That patch from Anna-Lena looks like a fix for the regression created by [0] you talked about. Anna-Lena, do you think your fix is linked to [0]? [0]: https://git.openembedded.org/openembedded-core/commit/?id=b9f060ea6d54cc419df9ff5f8822a3536934606f meta/classes-recipe/sbom-cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass index 451595f1d7..fe145a2212 100644 --- a/meta/classes-recipe/sbom-cve-check.bbclass +++ b/meta/classes-recipe/sbom-cve-check.bbclass @@ -14,7 +14,7 @@ python do_sbom_cve_check() { """ Task: Run sbom-cve-check analysis on SBOM. """ - sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.spdx.json") + sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.spdx.json") image_name = d.getVar("IMAGE_NAME") link_name = d.getVar("IMAGE_LINK_NAME") run_sbom_cve_check(d, sbom_path, image_name, link_name) -- 2.55.0 -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#239961): https://lists.openembedded.org/g/openembedded-core/message/239961 Mute This Topic: https://lists.openembedded.org/mt/120061528/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
