[PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship

Openembedded Core Discussions
 help / color / mirror / Atom feed

* [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship
@ 2024-12-26  5:43 Hongxu Jia
  2024-12-26  5:43 ` [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses Hongxu Jia
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Hongxu Jia @ 2024-12-26  5:43 UTC (permalink / raw)
  To: openembedded-core, jpewhacker

Set license alias other than spdxId to hasConcludedLicense relationship

$ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
$ bitbake shadow
$ In tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
Before this commit
...
    {
      "type": "Relationship",
      ...
      "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
      "relationshipType": "hasConcludedLicense",
      "to": [
        "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/license/3_24_0/BSD-3-Clause"
      ]
    },
...

After this commit
...
    {
      "type": "Relationship",
      ...
      "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
      "relationshipType": "hasConcludedLicense",
      "to": [
        "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause"
      ]
    },
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/lib/oe/spdx30_tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index ae75311ed1..12588b3949 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -524,7 +524,7 @@ def create_spdx(d):
     build_objset.new_relationship(
         source_files,
         oe.spdx30.RelationshipType.hasConcludedLicense,
-        [recipe_spdx_license],
+        [oe.sbom30.get_element_link_id(recipe_spdx_license)],
     )
 
     dep_sources = {}
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses
  2024-12-26  5:43 [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Hongxu Jia
@ 2024-12-26  5:43 ` Hongxu Jia
  2025-01-07 16:43   ` Joshua Watt
  2024-12-27  8:55 ` [OE-core] [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Mathieu Dubois-Briand
  2025-01-07 16:44 ` Joshua Watt
  2 siblings, 1 reply; 6+ messages in thread
From: Hongxu Jia @ 2024-12-26  5:43 UTC (permalink / raw)
  To: openembedded-core, jpewhacker

when using SPDX_INCLUDE_SOURCES, it calls scan_declared_licenses
to scan licenses from source file, set alias for the newly added
license and and license alias to hasDeclaredLicense relationship

$ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
$ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf
$ bitbake shadow
$ vim tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
Before this commit
...
    {
      "type": "Relationship",
      ...
      "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048",
      "relationshipType": "hasDeclaredLicense",
      "to": [
        "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/license/3_24_0/BSD-3-Clause",
      ]
    },
...

After this commit
...
    {
      "type": "Relationship",
      ...
      "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048",
      "relationshipType": "hasDeclaredLicense",
      "to": [
        "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause"
      ]
    },
...

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
---
 meta/lib/oe/sbom30.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
index 0004447066..7993e1fbef 100644
--- a/meta/lib/oe/sbom30.py
+++ b/meta/lib/oe/sbom30.py
@@ -589,12 +589,14 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
 
         file_licenses = set()
         for extracted_lic in oe.spdx_common.extract_licenses(filepath):
-            file_licenses.add(self.new_license_expression(extracted_lic, license_data))
+            lic = self.new_license_expression(extracted_lic, license_data)
+            self.set_element_alias(lic)
+            file_licenses.add(lic)
 
         self.new_relationship(
             [spdx_file],
             oe.spdx30.RelationshipType.hasDeclaredLicense,
-            file_licenses,
+            [oe.sbom30.get_element_link_id(lic_alias) for lic_alias in file_licenses],
         )
         spdx_file.extension.append(OELicenseScannedExtension())
 
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [OE-core] [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship
  2024-12-26  5:43 [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Hongxu Jia
  2024-12-26  5:43 ` [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses Hongxu Jia
@ 2024-12-27  8:55 ` Mathieu Dubois-Briand
  2024-12-27 12:26   ` hongxu
  2025-01-07 16:44 ` Joshua Watt
  2 siblings, 1 reply; 6+ messages in thread
From: Mathieu Dubois-Briand @ 2024-12-27  8:55 UTC (permalink / raw)
  To: hongxu.jia, openembedded-core, jpewhacker

On Thu Dec 26, 2024 at 6:43 AM CET, hongxu via lists.openembedded.org wrote:
> Set license alias other than spdxId to hasConcludedLicense relationship
>
> $ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
> $ bitbake shadow
> $ In tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
> Before this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
>       "relationshipType": "hasConcludedLicense",
>       "to": [
>         "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/license/3_24_0/BSD-3-Clause"
>       ]
>     },
> ...
>
> After this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
>       "relationshipType": "hasConcludedLicense",
>       "to": [
>         "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause"
>       ]
>     },
> ...
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---

Hi Hongxu,

Just to let you know, I took both this series and the other one, and I
had a successful build on the autobuilder, without any of the SPDX
warnings we had previously.

So I believe issues are now solved.

-- 
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship
  2024-12-27  8:55 ` [OE-core] [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Mathieu Dubois-Briand
@ 2024-12-27 12:26   ` hongxu
  0 siblings, 0 replies; 6+ messages in thread
From: hongxu @ 2024-12-27 12:26 UTC (permalink / raw)
  To: openembedded-core

[-- Attachment #1: Type: text/plain, Size: 42 bytes --]

Got it, thanks for the reply

//Hongxu

[-- Attachment #2: Type: text/html, Size: 81 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses
  2024-12-26  5:43 ` [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses Hongxu Jia
@ 2025-01-07 16:43   ` Joshua Watt
  0 siblings, 0 replies; 6+ messages in thread
From: Joshua Watt @ 2025-01-07 16:43 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>

On Wed, Dec 25, 2024 at 10:43 PM Hongxu Jia <hongxu.jia@windriver.com> wrote:
>
> when using SPDX_INCLUDE_SOURCES, it calls scan_declared_licenses
> to scan licenses from source file, set alias for the newly added
> license and and license alias to hasDeclaredLicense relationship
>
> $ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
> $ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf
> $ bitbake shadow
> $ vim tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
> Before this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048",
>       "relationshipType": "hasDeclaredLicense",
>       "to": [
>         "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/license/3_24_0/BSD-3-Clause",
>       ]
>     },
> ...
>
> After this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048",
>       "relationshipType": "hasDeclaredLicense",
>       "to": [
>         "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause"
>       ]
>     },
> ...
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---
>  meta/lib/oe/sbom30.py | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
> index 0004447066..7993e1fbef 100644
> --- a/meta/lib/oe/sbom30.py
> +++ b/meta/lib/oe/sbom30.py
> @@ -589,12 +589,14 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
>
>          file_licenses = set()
>          for extracted_lic in oe.spdx_common.extract_licenses(filepath):
> -            file_licenses.add(self.new_license_expression(extracted_lic, license_data))
> +            lic = self.new_license_expression(extracted_lic, license_data)
> +            self.set_element_alias(lic)
> +            file_licenses.add(lic)
>
>          self.new_relationship(
>              [spdx_file],
>              oe.spdx30.RelationshipType.hasDeclaredLicense,
> -            file_licenses,
> +            [oe.sbom30.get_element_link_id(lic_alias) for lic_alias in file_licenses],
>          )
>          spdx_file.extension.append(OELicenseScannedExtension())
>
> --
> 2.34.1
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship
  2024-12-26  5:43 [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Hongxu Jia
  2024-12-26  5:43 ` [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses Hongxu Jia
  2024-12-27  8:55 ` [OE-core] [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Mathieu Dubois-Briand
@ 2025-01-07 16:44 ` Joshua Watt
  2 siblings, 0 replies; 6+ messages in thread
From: Joshua Watt @ 2025-01-07 16:44 UTC (permalink / raw)
  To: Hongxu Jia; +Cc: openembedded-core

Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>

On Wed, Dec 25, 2024 at 10:43 PM Hongxu Jia <hongxu.jia@windriver.com> wrote:
>
> Set license alias other than spdxId to hasConcludedLicense relationship
>
> $ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
> $ bitbake shadow
> $ In tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
> Before this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
>       "relationshipType": "hasConcludedLicense",
>       "to": [
>         "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/license/3_24_0/BSD-3-Clause"
>       ]
>     },
> ...
>
> After this commit
> ...
>     {
>       "type": "Relationship",
>       ...
>       "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/c34a0920c2f689375e786a80ab3176b844997d543b73dd5f99e6ffa8fcc72fee/source/8",
>       "relationshipType": "hasConcludedLicense",
>       "to": [
>         "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause"
>       ]
>     },
> ...
>
> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ---
>  meta/lib/oe/spdx30_tasks.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
> index ae75311ed1..12588b3949 100644
> --- a/meta/lib/oe/spdx30_tasks.py
> +++ b/meta/lib/oe/spdx30_tasks.py
> @@ -524,7 +524,7 @@ def create_spdx(d):
>      build_objset.new_relationship(
>          source_files,
>          oe.spdx30.RelationshipType.hasConcludedLicense,
> -        [recipe_spdx_license],
> +        [oe.sbom30.get_element_link_id(recipe_spdx_license)],
>      )
>
>      dep_sources = {}
> --
> 2.34.1
>


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2025-01-07 16:44 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-26  5:43 [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Hongxu Jia
2024-12-26  5:43 ` [PATCH 2/2] meta/lib/oe/sbom30.py: set alias for scan declared licenses Hongxu Jia
2025-01-07 16:43   ` Joshua Watt
2024-12-27  8:55 ` [OE-core] [PATCH 1/2] meta/lib/oe/spdx30_tasks.py: set license alias to hasConcludedLicense relationship Mathieu Dubois-Briand
2024-12-27 12:26   ` hongxu
2025-01-07 16:44 ` Joshua Watt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox