From: Luca Ceresoli <luca.ceresoli@bootlin.com>
To: "Alberto Pianon" <alberto@pianon.eu>
Cc: bitbake-devel@lists.openembedded.org,
richard.purdie@linuxfoundation.org, jpewhacker@gmail.com,
carlo@piana.eu
Subject: Re: [bitbake-devel] [PATCH] upstream source tracing: base process (patch 1/3)
Date: Fri, 21 Apr 2023 09:15:55 +0200 [thread overview]
Message-ID: <20230421091555.6599abc9@booty> (raw)
In-Reply-To: <20230420062024.134035-1-alberto@pianon.eu>
Ciao Alberto,
On Thu, 20 Apr 2023 08:20:24 +0200
"Alberto Pianon" <alberto@pianon.eu> wrote:
> From: Alberto Pianon <alberto@pianon.eu>
>
> License compliance, SBoM generation and CVE checking require to be able
> to trace each source file back to its corresponding upstream source. The
> current implementation of bb.fetch2 makes it difficult, especially when
> multiple sources are combined together.
>
> This series of patches provides a solution to the issue by implementing
> a process that unpacks each SRC_URI element into a temporary directory,
> collects relevant provenance metadata on each source file, moves
> everything to the recipe rootdir, and saves metadata in a JSON file.
>
> The proposed solution is split into a series of patches, with the first
> patch containing required modifications to fetchers' code and a
> TraceUnpackBase class that implements the process, and the second patch
> implementing the data collecting logic in a separate TraceUnpack
> subclass. The final patch includes test data and test cases to
> demonstrate the solution's efficacy.
>
> Signed-off-by: Alberto Pianon <alberto@pianon.eu>
Testing this patchset on the autobuilders triggered failures on the
oe-selftest builds. Here are the logs:
https://autobuilder.yoctoproject.org/typhoon/#/builders/79/builds/5085/steps/14/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/5034/steps/14/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/5076/steps/14/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/5114/steps/14/logs/stdio
https://autobuilder.yoctoproject.org/typhoon/#/builders/127/builds/1296/steps/15/logs/stdio
May you have a look at that?
Best regards,
Luca
--
Luca Ceresoli, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
prev parent reply other threads:[~2023-04-21 7:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 6:20 [PATCH] upstream source tracing: base process (patch 1/3) alberto
2023-04-20 8:56 ` [bitbake-devel] " Luca Ceresoli
2023-04-20 10:30 ` Alberto Pianon
2023-04-21 7:15 ` Luca Ceresoli [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230421091555.6599abc9@booty \
--to=luca.ceresoli@bootlin.com \
--cc=alberto@pianon.eu \
--cc=bitbake-devel@lists.openembedded.org \
--cc=carlo@piana.eu \
--cc=jpewhacker@gmail.com \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.