All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed
@ 2025-03-24  6:54 Hongxu Jia
  2025-03-24  6:54 ` [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3 Hongxu Jia
  2025-03-24  9:52 ` [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed hongxu
  0 siblings, 2 replies; 4+ messages in thread
From: Hongxu Jia @ 2025-03-24  6:54 UTC (permalink / raw)
  To: openembedded-core, JPEWhacker

$ echo 'INHERIT:remove = "create-spdx"' >> conf/local.conf
$ echo 'INHERIT += "create-spdx-2.2"' >> conf/local.conf
$ bitbake pigz-native -ccreate_spdx -f
...
 *** 0282:    for dep_pn, dep_hashfn, in_taskhash in deps:
     0283:        # If this dependency is not calculated in the taskhash skip it.
     0284:        # Otherwise, it can result in broken links since this task won't
     0285:        # rebuild and see the new SPDX ID if the dependency changes
     0286:        if not in_taskhash:
Exception: TypeError: cannot unpack non-iterable Dep object
...

Due to commit [classes/spdx-common: Move to library] applied, function
oe.spdx_common.get_spdx_deps returns a list of class Dep, other than
original a list of (pn, hashfn, in_taskhash)

[1] https://github.com/openembedded/openembedded-core/commit/3f9b7c7f6b15493b6890031190ca8d1a10f2f384

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/classes/create-spdx-2.2.bbclass | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
index 8f988de8681..de62379c503 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -279,21 +279,21 @@ def collect_dep_recipes(d, doc, spdx_recipe):
 
     deps = oe.spdx_common.get_spdx_deps(d)
 
-    for dep_pn, dep_hashfn, in_taskhash in deps:
+    for dep in deps:
         # If this dependency is not calculated in the taskhash skip it.
         # Otherwise, it can result in broken links since this task won't
         # rebuild and see the new SPDX ID if the dependency changes
-        if not in_taskhash:
+        if not dep.in_taskhash:
             continue
 
-        dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "recipe-" + dep_pn, dep_hashfn)
+        dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "recipe-" + dep.pn, dep.hashfn)
         if not dep_recipe_path:
-            bb.fatal("Cannot find any SPDX file for recipe %s, %s" % (dep_pn, dep_hashfn))
+            bb.fatal("Cannot find any SPDX file for recipe %s, %s" % (dep.pn, dep.hashfn))
 
         spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
 
         for pkg in spdx_dep_doc.packages:
-            if pkg.name == dep_pn:
+            if pkg.name == dep.pn:
                 spdx_dep_recipe = pkg
                 break
         else:
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3
  2025-03-24  6:54 [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed Hongxu Jia
@ 2025-03-24  6:54 ` Hongxu Jia
  2025-03-24 14:56   ` Joshua Watt
  2025-03-24  9:52 ` [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed hongxu
  1 sibling, 1 reply; 4+ messages in thread
From: Hongxu Jia @ 2025-03-24  6:54 UTC (permalink / raw)
  To: openembedded-core, JPEWhacker

By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
    {
      "type": "software_Package",
       ...
      "name": "acl",
      "software_packageVersion": "2.3.2"
    },
...

Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
    {
      "type": "software_Package",
       ...
      "name": "acl",
      "software_packageVersion": "2.3.2-r0"
    },
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/classes/create-spdx-3.0.bbclass | 3 +++
 meta/lib/oe/spdx30_tasks.py          | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
index b4a5156e709..044517d9f72 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's
 SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
     is supplying artifacts produced by the build"
 
+SPDX_PACKAGE_VERSION ??= "${PV}"
+SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
+    in software_Package"
 
 IMAGE_CLASSES:append = " create-spdx-image-3.0"
 SDK_CLASSES += "create-spdx-sdk-3.0"
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 1629ed69cee..52329760b6a 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -606,7 +606,7 @@ def create_spdx(d):
                     _id=pkg_objset.new_spdxid("package", pkg_name),
                     creationInfo=pkg_objset.doc.creationInfo,
                     name=pkg_name,
-                    software_packageVersion=d.getVar("PV"),
+                    software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"),
                 )
             )
             set_timestamp_now(d, spdx_package, "builtTime")
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed
  2025-03-24  6:54 [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed Hongxu Jia
  2025-03-24  6:54 ` [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3 Hongxu Jia
@ 2025-03-24  9:52 ` hongxu
  1 sibling, 0 replies; 4+ messages in thread
From: hongxu @ 2025-03-24  9:52 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 251 bytes --]

It seems duplicated with [PATCH 1/2] classes: create-spdx-2.2: Fix dependency handling [1]

[1] https://lists.openembedded.org/g/openembedded-core/message/213481?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3ACreated%2C%2Cspdx%2C20%2C2%2C0%2C111829735

//Hongxu

[-- Attachment #2: Type: text/html, Size: 541 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3
  2025-03-24  6:54 ` [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3 Hongxu Jia
@ 2025-03-24 14:56   ` Joshua Watt
  0 siblings, 0 replies; 4+ messages in thread
From: Joshua Watt @ 2025-03-24 14:56 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

LGTM, Thanks

Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>

On Mon, Mar 24, 2025 at 12:54 AM Hongxu Jia <hongxu.jia@windriver.com> wrote:
>
> By default, still use ${PV} as the the version of a package in SBOM 3
> $ bitbake acl
> $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
> ...
>     {
>       "type": "software_Package",
>        ...
>       "name": "acl",
>       "software_packageVersion": "2.3.2"
>     },
> ...
>
> Support to override it by setting SPDX_PACKAGE_VERSION, such as
> set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
> PR to software_packageVersion in SBOM 3
> $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
> $ bitbake acl
> $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
> ...
>     {
>       "type": "software_Package",
>        ...
>       "name": "acl",
>       "software_packageVersion": "2.3.2-r0"
>     },
> ...
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---
>  meta/classes/create-spdx-3.0.bbclass | 3 +++
>  meta/lib/oe/spdx30_tasks.py          | 2 +-
>  2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
> index b4a5156e709..044517d9f72 100644
> --- a/meta/classes/create-spdx-3.0.bbclass
> +++ b/meta/classes/create-spdx-3.0.bbclass
> @@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's
>  SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
>      is supplying artifacts produced by the build"
>
> +SPDX_PACKAGE_VERSION ??= "${PV}"
> +SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
> +    in software_Package"
>
>  IMAGE_CLASSES:append = " create-spdx-image-3.0"
>  SDK_CLASSES += "create-spdx-sdk-3.0"
> diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
> index 1629ed69cee..52329760b6a 100644
> --- a/meta/lib/oe/spdx30_tasks.py
> +++ b/meta/lib/oe/spdx30_tasks.py
> @@ -606,7 +606,7 @@ def create_spdx(d):
>                      _id=pkg_objset.new_spdxid("package", pkg_name),
>                      creationInfo=pkg_objset.doc.creationInfo,
>                      name=pkg_name,
> -                    software_packageVersion=d.getVar("PV"),
> +                    software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"),
>                  )
>              )
>              set_timestamp_now(d, spdx_package, "builtTime")
> --
> 2.34.1
>


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-03-24 14:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-24  6:54 [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed Hongxu Jia
2025-03-24  6:54 ` [PATCH 2/2] spdx3: support to override the version of a package in SBOM 3 Hongxu Jia
2025-03-24 14:56   ` Joshua Watt
2025-03-24  9:52 ` [PATCH 1/2] create-spdx-2.2: fix collect dep recipes failed hongxu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.