Re: [OE-core][RFC v2 03/12] oe/sbom: change the write_doc to prepare for spdx3

2023-11-06 Thread Richard Purdie 
On Tue, 2023-10-31 at 23:47 +0100, Louis Rannou wrote:
> This changes the prototype of write_doc as the SPDX3 documentation does not
> specify yet which is the root element.
> 
> Signed-off-by: Louis Rannou 
> Signed-off-by: Marta Rybczynska 
> Signed-off-by: Samantha Jalabert 
> ---
>  meta/classes/create-spdx.bbclass | 2 +-
>  meta/lib/oe/sbom.py  | 6 --
>  2 files changed, 5 insertions(+), 3 deletions(-)

I was looking through the patches and a couple of things jumped out
below.

> 
> diff --git a/meta/classes/create-spdx.bbclass 
> b/meta/classes/create-spdx.bbclass
> index 19c6c0ff0b..b604973ae0 100644
> --- a/meta/classes/create-spdx.bbclass
> +++ b/meta/classes/create-spdx.bbclass
> @@ -5,4 +5,4 @@
>  #
>  # Include this class when you don't care what version of SPDX you get; it 
> will
>  # be updated to the latest stable version that is supported
> -inherit create-spdx-2.2
> +inherit create-spdx-3.0

This change probably doesn't belong in this commit but a separate one?

> diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
> index 824839378a..ec543fa43d 100644
> --- a/meta/lib/oe/sbom.py
> +++ b/meta/lib/oe/sbom.py
> @@ -68,7 +68,9 @@ def doc_path(spdx_deploy, doc_name, arch, subdir):
>  return spdx_deploy / arch / subdir / (doc_name + ".spdx.json")
>  
>  
> -def write_doc(d, spdx_doc, arch, subdir, spdx_deploy=None, indent=None):
> +# WARNING: This is for SPDX3. As long as we don't know which is the root
> +# element, this suggest a virtual graph as top of the tree
> +def write_doc(d, spdx_graph, spdx_doc, arch, subdir, spdx_deploy=None, 
> indent=None):
>  from pathlib import Path
>  
>  if spdx_deploy is None:
> @@ -77,7 +79,7 @@ def write_doc(d, spdx_doc, arch, subdir, spdx_deploy=None, 
> indent=None):
>  dest = doc_path(spdx_deploy, spdx_doc.name, arch, subdir)
>  dest.parent.mkdir(exist_ok=True, parents=True)
>  with dest.open("wb") as f:
> -doc_sha1 = spdx_doc.to_json(f, sort_keys=False, indent=indent)
> +doc_sha1 = spdx_graph.to_json(f, sort_keys=False, indent=indent)
>  
>  l = _doc_path_by_namespace(spdx_deploy, arch, spdx_doc.documentNamespace)
>  l.parent.mkdir(exist_ok=True, parents=True)

Shouldn't this patch also change users of write_doc in spdx 2.2?

Cheers,

Richard


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190234): 
https://lists.openembedded.org/g/openembedded-core/message/190234
Mute This Topic: https://lists.openembedded.org/mt/102308606/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][RFC v2 03/12] oe/sbom: change the write_doc to prepare for spdx3

2023-10-31 Thread Louis Rannou 
This changes the prototype of write_doc as the SPDX3 documentation does not
specify yet which is the root element.

Signed-off-by: Louis Rannou 
Signed-off-by: Marta Rybczynska 
Signed-off-by: Samantha Jalabert 
---
 meta/classes/create-spdx.bbclass | 2 +-
 meta/lib/oe/sbom.py  | 6 --
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 19c6c0ff0b..b604973ae0 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -5,4 +5,4 @@
 #
 # Include this class when you don't care what version of SPDX you get; it will
 # be updated to the latest stable version that is supported
-inherit create-spdx-2.2
+inherit create-spdx-3.0
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
index 824839378a..ec543fa43d 100644
--- a/meta/lib/oe/sbom.py
+++ b/meta/lib/oe/sbom.py
@@ -68,7 +68,9 @@ def doc_path(spdx_deploy, doc_name, arch, subdir):
 return spdx_deploy / arch / subdir / (doc_name + ".spdx.json")
 
 
-def write_doc(d, spdx_doc, arch, subdir, spdx_deploy=None, indent=None):
+# WARNING: This is for SPDX3. As long as we don't know which is the root
+# element, this suggest a virtual graph as top of the tree
+def write_doc(d, spdx_graph, spdx_doc, arch, subdir, spdx_deploy=None, 
indent=None):
 from pathlib import Path
 
 if spdx_deploy is None:
@@ -77,7 +79,7 @@ def write_doc(d, spdx_doc, arch, subdir, spdx_deploy=None, 
indent=None):
 dest = doc_path(spdx_deploy, spdx_doc.name, arch, subdir)
 dest.parent.mkdir(exist_ok=True, parents=True)
 with dest.open("wb") as f:
-doc_sha1 = spdx_doc.to_json(f, sort_keys=False, indent=indent)
+doc_sha1 = spdx_graph.to_json(f, sort_keys=False, indent=indent)
 
 l = _doc_path_by_namespace(spdx_deploy, arch, spdx_doc.documentNamespace)
 l.parent.mkdir(exist_ok=True, parents=True)
-- 
2.42.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189880): 
https://lists.openembedded.org/g/openembedded-core/message/189880
Mute This Topic: https://lists.openembedded.org/mt/102308606/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-