From: "Joshua Watt" <JPEWhacker@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: ross.burton@arm.com, saul.wold@windriver.com,
Joshua Watt <JPEWhacker@gmail.com>
Subject: [OE-core][PATCH 16/31] classes/create-spdx: Skip package processing for native recipes
Date: Wed, 1 Sep 2021 08:44:55 -0500 [thread overview]
Message-ID: <20210901134510.29561-17-JPEWhacker@gmail.com> (raw)
In-Reply-To: <20210901134510.29561-1-JPEWhacker@gmail.com>
Native recipes do not produce packages and should not process them,
otherwise it can trigger an error in read_subpackage_metadata
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 263 ++++++++++++++++---------------
1 file changed, 134 insertions(+), 129 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index db1d1756c9..6af4181087 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -344,7 +344,6 @@ python do_create_spdx() {
else:
yield None
- bb.build.exec_func("read_subpackage_metadata", d)
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_workdir = Path(d.getVar("SPDXWORK"))
@@ -352,6 +351,7 @@ python do_create_spdx() {
include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
+ is_native = bb.data.inherits_class("native", d)
creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -442,62 +442,65 @@ python do_create_spdx() {
sources = collect_dep_sources(d, dep_recipes)
- pkgdest = Path(d.getVar("PKGDEST"))
- for package in d.getVar("PACKAGES").split():
- if not oe.packagedata.packaged(package, d):
- continue
-
- package_doc = oe.spdx.SPDXDocument()
- pkg_name = d.getVar("PKG:%s" % package) or package
- package_doc.name = pkg_name
- package_doc.documentNamespace = get_doc_namespace(d, package_doc)
- package_doc.creationInfo.created = creation_time
- package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
- package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
- package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
- package_doc.creationInfo.creators.append("Person: N/A ()")
-
- recipe_ref = oe.spdx.SPDXExternalDocumentRef()
- recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
- recipe_ref.spdxDocument = doc.documentNamespace
- recipe_ref.checksum.algorithm = "SHA1"
- recipe_ref.checksum.checksumValue = doc_sha1
-
- package_doc.externalDocumentRefs.append(recipe_ref)
-
- package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+ if not is_native:
+ bb.build.exec_func("read_subpackage_metadata", d)
- spdx_package = oe.spdx.SPDXPackage()
-
- spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
- spdx_package.name = pkg_name
- spdx_package.versionInfo = d.getVar("PV")
- spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d)
-
- package_doc.packages.append(spdx_package)
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ if not oe.packagedata.packaged(package, d):
+ continue
- package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
- package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+ package_doc = oe.spdx.SPDXDocument()
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ package_doc.name = pkg_name
+ package_doc.documentNamespace = get_doc_namespace(d, package_doc)
+ package_doc.creationInfo.created = creation_time
+ package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
+ package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+ package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ package_doc.creationInfo.creators.append("Person: N/A ()")
+
+ recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+ recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
+ recipe_ref.spdxDocument = doc.documentNamespace
+ recipe_ref.checksum.algorithm = "SHA1"
+ recipe_ref.checksum.checksumValue = doc_sha1
+
+ package_doc.externalDocumentRefs.append(recipe_ref)
+
+ package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+
+ spdx_package = oe.spdx.SPDXPackage()
+
+ spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
+ spdx_package.name = pkg_name
+ spdx_package.versionInfo = d.getVar("PV")
+ spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d)
+
+ package_doc.packages.append(spdx_package)
+
+ package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
+ package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+
+ package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
+ with optional_tarfile(package_archive, archive_packaged) as archive:
+ package_files = add_package_files(
+ d,
+ package_doc,
+ spdx_package,
+ pkgdest / package,
+ lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
+ lambda filepath: ["BINARY"],
+ archive=archive,
+ )
- package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
- with optional_tarfile(package_archive, archive_packaged) as archive:
- package_files = add_package_files(
- d,
- package_doc,
- spdx_package,
- pkgdest / package,
- lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
- lambda filepath: ["BINARY"],
- archive=archive,
- )
-
- if archive is not None:
- spdx_package.packageFileName = str(package_archive.name)
+ if archive is not None:
+ spdx_package.packageFileName = str(package_archive.name)
- add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
+ add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
- oe.sbom.write_doc(d, package_doc, "packages")
+ oe.sbom.write_doc(d, package_doc, "packages")
}
# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
addtask do_create_spdx after do_package do_packagedata do_unpack before do_build do_rm_work
@@ -557,106 +560,108 @@ python do_create_runtime_spdx() {
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
+ is_native = bb.data.inherits_class("native", d)
creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
providers = collect_package_providers(d)
- bb.build.exec_func("read_subpackage_metadata", d)
+ if not is_native:
+ bb.build.exec_func("read_subpackage_metadata", d)
- dep_package_cache = {}
+ dep_package_cache = {}
- pkgdest = Path(d.getVar("PKGDEST"))
- for package in d.getVar("PACKAGES").split():
- localdata = bb.data.createCopy(d)
- pkg_name = d.getVar("PKG:%s" % package) or package
- localdata.setVar("PKG", pkg_name)
- localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ localdata = bb.data.createCopy(d)
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ localdata.setVar("PKG", pkg_name)
+ localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
- if not oe.packagedata.packaged(package, localdata):
- continue
+ if not oe.packagedata.packaged(package, localdata):
+ continue
- pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
+ pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
- package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+ package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
- for p in package_doc.packages:
- if p.name == pkg_name:
- spdx_package = p
- break
- else:
- bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
-
- runtime_doc = oe.spdx.SPDXDocument()
- runtime_doc.name = "runtime-" + pkg_name
- runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
- runtime_doc.creationInfo.created = creation_time
- runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
- runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
- runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
- runtime_doc.creationInfo.creators.append("Person: N/A ()")
-
- package_ref = oe.spdx.SPDXExternalDocumentRef()
- package_ref.externalDocumentId = "DocumentRef-package-" + package
- package_ref.spdxDocument = package_doc.documentNamespace
- package_ref.checksum.algorithm = "SHA1"
- package_ref.checksum.checksumValue = package_doc_sha1
-
- runtime_doc.externalDocumentRefs.append(package_ref)
-
- runtime_doc.add_relationship(
- runtime_doc.SPDXID,
- "AMENDS",
- "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
- )
-
- deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
- seen_deps = set()
- for dep, _ in deps.items():
- if dep in seen_deps:
- continue
+ for p in package_doc.packages:
+ if p.name == pkg_name:
+ spdx_package = p
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
+
+ runtime_doc = oe.spdx.SPDXDocument()
+ runtime_doc.name = "runtime-" + pkg_name
+ runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
+ runtime_doc.creationInfo.created = creation_time
+ runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
+ runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+ runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ runtime_doc.creationInfo.creators.append("Person: N/A ()")
+
+ package_ref = oe.spdx.SPDXExternalDocumentRef()
+ package_ref.externalDocumentId = "DocumentRef-package-" + package
+ package_ref.spdxDocument = package_doc.documentNamespace
+ package_ref.checksum.algorithm = "SHA1"
+ package_ref.checksum.checksumValue = package_doc_sha1
+
+ runtime_doc.externalDocumentRefs.append(package_ref)
- dep = providers[dep]
+ runtime_doc.add_relationship(
+ runtime_doc.SPDXID,
+ "AMENDS",
+ "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
+ )
- if not oe.packagedata.packaged(dep, localdata):
- continue
+ deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
+ seen_deps = set()
+ for dep, _ in deps.items():
+ if dep in seen_deps:
+ continue
- dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
- dep_pkg = dep_pkg_data["PKG"]
+ dep = providers[dep]
- if dep in dep_package_cache:
- (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
- else:
- dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
+ if not oe.packagedata.packaged(dep, localdata):
+ continue
- spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
+ dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
+ dep_pkg = dep_pkg_data["PKG"]
- for pkg in spdx_dep_doc.packages:
- if pkg.name == dep_pkg:
- dep_spdx_package = pkg
- break
+ if dep in dep_package_cache:
+ (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
else:
- bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
+ dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
- dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
- dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
- dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
- dep_package_ref.checksum.algorithm = "SHA1"
- dep_package_ref.checksum.checksumValue = spdx_dep_sha1
+ spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
- dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+ for pkg in spdx_dep_doc.packages:
+ if pkg.name == dep_pkg:
+ dep_spdx_package = pkg
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
- runtime_doc.externalDocumentRefs.append(dep_package_ref)
+ dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
+ dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
+ dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
+ dep_package_ref.checksum.algorithm = "SHA1"
+ dep_package_ref.checksum.checksumValue = spdx_dep_sha1
- runtime_doc.add_relationship(
- "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
- "RUNTIME_DEPENDENCY_OF",
- "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
- )
- seen_deps.add(dep)
+ dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+
+ runtime_doc.externalDocumentRefs.append(dep_package_ref)
+
+ runtime_doc.add_relationship(
+ "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
+ "RUNTIME_DEPENDENCY_OF",
+ "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
+ )
+ seen_deps.add(dep)
- oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+ oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
}
addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
--
2.32.0
next prev parent reply other threads:[~2021-09-01 13:45 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 01/31] classes/package: Add extended packaged data Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 02/31] classes/create-spdx: Add class Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 03/31] classes/create-spdx: Change creator Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 04/31] classes/create-spdx: Add SHA1 to index file Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 05/31] classes/create-spdx: Add index to DEPLOYDIR Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 06/31] classes/create-spdx: Add runtime dependency mapping Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 07/31] classes/create-spdx: Add NOASSERTION for unknown debug sources Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 08/31] classes/create-spdx: Fix another creator Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 09/31] classes/create-spdx: extend DocumentRef to include name Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 10/31] Add SPDX licenses Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 11/31] classes/create-spdx: Fix up license reporting Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 12/31] classes/create-spdx: Speed up hash calculations Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 13/31] classes/create-spdx: Fix file:// in downloadLocation Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 14/31] classes/create-spdx: Add special exception for Public Domain license Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 15/31] classes/create-spdx: Collect all task dependencies Joshua Watt
2021-09-01 13:44 ` Joshua Watt [this message]
2021-09-01 13:44 ` [OE-core][PATCH 17/31] classes/create-spdx: Comment out placeholder license warning Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 18/31] conf/licenses: Add FreeType SPDX mapping Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier Joshua Watt
2021-09-01 23:00 ` Denys Dmytriyenko
2021-09-02 6:52 ` Richard Purdie
2021-09-01 13:44 ` [OE-core][PATCH 20/31] glib-2.0: Use specific BSD license variant Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 21/31] e2fsprogs: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 22/31] shadow: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 23/31] sudo: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 24/31] libcap: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 25/31] libpam: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 26/31] libxfont2: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 27/31] libjitterentropy: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 28/31] libx11: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 29/31] font-util: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 30/31] flac: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 31/31] swig: " Joshua Watt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210901134510.29561-17-JPEWhacker@gmail.com \
--to=jpewhacker@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=ross.burton@arm.com \
--cc=saul.wold@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.