* [PATCH] create-spdx: Set the Organization field via a variable
@ 2021-11-04 16:48 Andres Beltran
2021-11-04 17:46 ` [OE-core] " Joshua Watt
0 siblings, 1 reply; 2+ messages in thread
From: Andres Beltran @ 2021-11-04 16:48 UTC (permalink / raw)
To: openembedded-core; +Cc: Andres Beltran
Currently, the "Organization" field for SBOMs is hard-coded in
create-spdx. Create a new variable SPDX_ORG to make this field more
generic.
Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
---
meta/classes/create-spdx.bbclass | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index c35dbe11849..eb1d446f3fb 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
+SPDX_ORG ??= "OpenEmbedded ()"
+
do_image_complete[depends] = "virtual/kernel:do_create_spdx"
def get_doc_namespace(d, doc):
@@ -415,7 +417,7 @@ python do_create_spdx() {
doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
doc.creationInfo.creators.append("Person: N/A ()")
recipe = oe.spdx.SPDXPackage()
@@ -519,7 +521,7 @@ python do_create_spdx() {
package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
package_doc.creationInfo.creators.append("Person: N/A ()")
package_doc.externalDocumentRefs.append(recipe_ref)
@@ -653,7 +655,7 @@ python do_create_runtime_spdx() {
runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
runtime_doc.creationInfo.creators.append("Person: N/A ()")
package_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -813,7 +815,7 @@ python image_combine_spdx() {
doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
doc.creationInfo.creators.append("Person: N/A ()")
image = oe.spdx.SPDXPackage()
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [OE-core] [PATCH] create-spdx: Set the Organization field via a variable
2021-11-04 16:48 [PATCH] create-spdx: Set the Organization field via a variable Andres Beltran
@ 2021-11-04 17:46 ` Joshua Watt
0 siblings, 0 replies; 2+ messages in thread
From: Joshua Watt @ 2021-11-04 17:46 UTC (permalink / raw)
To: Andres Beltran; +Cc: OE-core
On Thu, Nov 4, 2021 at 11:49 AM Andres Beltran
<abeltran@linux.microsoft.com> wrote:
>
> Currently, the "Organization" field for SBOMs is hard-coded in
> create-spdx. Create a new variable SPDX_ORG to make this field more
> generic.
>
> Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com>
LGTM
Reviewed-By: Joshua Watt <JPEWhacker@gmail.com>
> ---
> meta/classes/create-spdx.bbclass | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
> index c35dbe11849..eb1d446f3fb 100644
> --- a/meta/classes/create-spdx.bbclass
> +++ b/meta/classes/create-spdx.bbclass
> @@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
>
> SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
>
> +SPDX_ORG ??= "OpenEmbedded ()"
> +
> do_image_complete[depends] = "virtual/kernel:do_create_spdx"
>
> def get_doc_namespace(d, doc):
> @@ -415,7 +417,7 @@ python do_create_spdx() {
> doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
> doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> - doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
> + doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> doc.creationInfo.creators.append("Person: N/A ()")
>
> recipe = oe.spdx.SPDXPackage()
> @@ -519,7 +521,7 @@ python do_create_spdx() {
> package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
> package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> - package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
> + package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> package_doc.creationInfo.creators.append("Person: N/A ()")
> package_doc.externalDocumentRefs.append(recipe_ref)
>
> @@ -653,7 +655,7 @@ python do_create_runtime_spdx() {
> runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
> runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> - runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
> + runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> runtime_doc.creationInfo.creators.append("Person: N/A ()")
>
> package_ref = oe.spdx.SPDXExternalDocumentRef()
> @@ -813,7 +815,7 @@ python image_combine_spdx() {
> doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
> doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> - doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
> + doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> doc.creationInfo.creators.append("Person: N/A ()")
>
> image = oe.spdx.SPDXPackage()
> --
> 2.17.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#157854): https://lists.openembedded.org/g/openembedded-core/message/157854
> Mute This Topic: https://lists.openembedded.org/mt/86820747/3616693
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-04 17:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-04 16:48 [PATCH] create-spdx: Set the Organization field via a variable Andres Beltran
2021-11-04 17:46 ` [OE-core] " Joshua Watt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.