Hey, I'm looking into a SPDX / SBOM issue in scarthgap and I'm looking for some documentation/advise. I can only assume the issue is caused by the tegra BSP layer I'm using, but I'm more curious about understanding the issue / setup beneath while fixing it.
The problem is that the do_rootfs step fails with the error message below on incremental build with every update of the kernel SHA. Cannot find any SPDX file for document http://spdx.org/spdxdocs/kernel-module-ip-tables-<version><branch>+g<git sha> <version>, <branch> and <git sha> replaced for readability there. The interesting part in here is the <git sha>: It's the SHA of the kernel that was just updated, so the previous kernel version. Upon digging (grep), I did find the reference from the error message in the ip tables build output. I can also "update" it with a simple clean/rebuild of the iptables package. It can also be fixed by adding explicit dependencies for the SPDX do_create_runtime_spdx, but it feels off that this is needed. Further search did not yield anything interesting in the BSP layer: No appends and nothing suspicious. I do see some kernel module related RRECOMMENDS in the iptables recipe in the poky meta layer. Is there any further reading material on the SBOM inner workings? Is it expected that there would be a reference to the specific kernel SHA in the iptables SBOM? Best regards Olli
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#66099): https://lists.yoctoproject.org/g/yocto/message/66099 Mute This Topic: https://lists.yoctoproject.org/mt/116676629/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
