classes/create-spdx: Add SPDX_PRETTY option

Adds an option to make the SPDX more human-readable (at the expense of a larger files) (From OE-Core rev: e680a7402edec2803b03c56590c9d08d07497c73) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4799594b26f77ed259dc661bf077519b338390c8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-05-31 00:39:46 +00:00 · 2022-06-13 21:30:47 -05:00
parent 4f3a354071
commit 99483cff5c
2 changed files with 18 additions and 8 deletions
@@ -24,6 +24,7 @@ SPDX_ARCHIVE_PACKAGED ??= "0"

 SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
 SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+SPDX_PRETTY ??= "0"

 SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"

@@ -75,6 +76,11 @@ def recipe_spdx_is_native(d, recipe):
 def is_work_shared_spdx(d):
    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))

+def get_json_indent(d):
+    if d.getVar("SPDX_PRETTY") == "1":
+        return 2
+    return None
+
 python() {
    import json
    if d.getVar("SPDX_LICENSE_DATA"):
@@ -514,7 +520,7 @@ python do_create_spdx() {

    dep_recipes = collect_dep_recipes(d, doc, recipe)

-    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes")
+    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))

    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -579,7 +585,7 @@ python do_create_spdx() {

            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)

-            oe.sbom.write_doc(d, package_doc, "packages")
+            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
 }
 # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
 addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
@@ -743,7 +749,7 @@ python do_create_runtime_spdx() {
                )
                seen_deps.add(dep)

-            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
 }

 addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
@@ -939,7 +945,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):
    image_spdx_path = rootfs_deploydir / (rootfs_name + ".spdx.json")

    with image_spdx_path.open("wb") as f:
-        doc.to_json(f, sort_keys=True)
+        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))

    num_threads = int(d.getVar("BB_NUMBER_THREADS"))

@@ -997,7 +1003,11 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):

            index["documents"].sort(key=lambda x: x["filename"])

-            index_str = io.BytesIO(json.dumps(index, sort_keys=True).encode("utf-8"))
+            index_str = io.BytesIO(json.dumps(
+                index,
+                sort_keys=True,
+                indent=get_json_indent(d),
+            ).encode("utf-8"))

            info = tarfile.TarInfo()
            info.name = "index.json"
@@ -1011,4 +1021,4 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages):

    spdx_index_path = rootfs_deploydir / (rootfs_name + ".spdx.index.json")
    with spdx_index_path.open("w") as f:
-        json.dump(index, f, sort_keys=True)
+        json.dump(index, f, sort_keys=True, indent=get_json_indent(d))