mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-30 12:29:55 +00:00
Code Issues Projects Releases Wiki Activity

spdx30: Link license and build by alias

Browse Source 
The license information and Build created by do_create_spdx are changed
to be referenced by their link alias instead of the actual SPDX ID. This
fixes a case where do_create_package_spdx would pull these from
mismatching sstate, and then the SPDX IDs would be unresolved when
assembling the final document

(From OE-Core rev: c0fcdc72a7c8fca86a874d1b04298fe9e500c796)

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Joshua Watt
2024-10-07 10:24:15 -06:00
committed by Richard Purdie
parent ca5472cd2c
commit 19aa2c0a99
2 changed files with 31 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/lib/oe/sbom30.py
+24 -19
View File
@@ -305,24 +305,7 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
def add_aliases(self): def add_aliases(self):
for o in self.foreach_type(oe.spdx30.Element): for o in self.foreach_type(oe.spdx30.Element):
if not o._id or o._id.startswith("_:"): self.set_element_alias(o)
continue
alias_ext = get_alias(o)
if alias_ext is None:
unihash = self.d.getVar("BB_UNIHASH")
namespace = self.get_namespace()
if unihash not in o._id:
bb.warn(f"Unihash {unihash} not found in {o._id}")
elif namespace not in o._id:
bb.warn(f"Namespace {namespace} not found in {o._id}")
else:
alias_ext = set_alias(
o,
o._id.replace(unihash, "UNIHASH").replace(
namespace, self.d.getVar("PN")
),
)
def remove_internal_extensions(self): def remove_internal_extensions(self):
def remove(o): def remove(o):
@@ -345,6 +328,26 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
str(uuid.uuid5(namespace_uuid, pn)), str(uuid.uuid5(namespace_uuid, pn)),
) )
def set_element_alias(self, e):
if not e._id or e._id.startswith("_:"):
return
alias_ext = get_alias(e)
if alias_ext is None:
unihash = self.d.getVar("BB_UNIHASH")
namespace = self.get_namespace()
if unihash not in e._id:
bb.warn(f"Unihash {unihash} not found in {e._id}")
elif namespace not in e._id:
bb.warn(f"Namespace {namespace} not found in {e._id}")
else:
alias_ext = set_alias(
e,
e._id.replace(unihash, "UNIHASH").replace(
namespace, self.d.getVar("PN")
),
)
def new_spdxid(self, *suffix, include_unihash=True): def new_spdxid(self, *suffix, include_unihash=True):
items = [self.get_namespace()] items = [self.get_namespace()]
if include_unihash: if include_unihash:
@@ -557,7 +560,9 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
scope=scope, scope=scope,
) )
def new_license_expression(self, license_expression, license_data, license_text_map={}): def new_license_expression(
self, license_expression, license_data, license_text_map={}
):
license_list_version = license_data["licenseListVersion"] license_list_version = license_data["licenseListVersion"]
# SPDX 3 requires that the license list version be a semver # SPDX 3 requires that the license list version be a semver
# MAJOR.MINOR.MICRO, but the actual license version might be # MAJOR.MINOR.MICRO, but the actual license version might be
meta/lib/oe/spdx30_tasks.py
+7 -3
View File
@@ -119,9 +119,11 @@ def add_license_expression(d, objset, license_expression, license_data):
) )
spdx_license_expression = " ".join(convert(l) for l in lic_split) spdx_license_expression = " ".join(convert(l) for l in lic_split)
return objset.new_license_expression( o = objset.new_license_expression(
spdx_license_expression, license_data, license_text_map spdx_license_expression, license_data, license_text_map
) )
objset.set_element_alias(o)
return o
def add_package_files( def add_package_files(
@@ -462,6 +464,8 @@ def create_spdx(d):
build_objset = oe.sbom30.ObjectSet.new_objset(d, d.getVar("PN")) build_objset = oe.sbom30.ObjectSet.new_objset(d, d.getVar("PN"))
build = build_objset.new_task_build("recipe", "recipe") build = build_objset.new_task_build("recipe", "recipe")
build_objset.set_element_alias(build)
build_objset.doc.rootElement.append(build) build_objset.doc.rootElement.append(build)
build_objset.set_is_native(is_native) build_objset.set_is_native(is_native)
@@ -603,7 +607,7 @@ def create_spdx(d):
set_var_field("DESCRIPTION", spdx_package, "description", package=package) set_var_field("DESCRIPTION", spdx_package, "description", package=package)
pkg_objset.new_scoped_relationship( pkg_objset.new_scoped_relationship(
[build._id], [oe.sbom30.get_element_link_id(build)],
oe.spdx30.RelationshipType.hasOutput, oe.spdx30.RelationshipType.hasOutput,
oe.spdx30.LifecycleScopeType.build, oe.spdx30.LifecycleScopeType.build,
[spdx_package], [spdx_package],
@@ -650,7 +654,7 @@ def create_spdx(d):
pkg_objset.new_relationship( pkg_objset.new_relationship(
[spdx_package], [spdx_package],
oe.spdx30.RelationshipType.hasConcludedLicense, oe.spdx30.RelationshipType.hasConcludedLicense,
[package_spdx_license._id], [oe.sbom30.get_element_link_id(package_spdx_license)],
) )
# NOTE: CVE Elements live in the recipe collection # NOTE: CVE Elements live in the recipe collection