From: Joshua Watt <jpewhacker@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Joshua Watt <JPEWhacker@gmail.com>
Subject: [OE-core][PATCH 2/4] spdx 3.0: Map gitsm URI to git
Date: Fri, 27 Sep 2024 09:51:55 -0600 [thread overview]
Message-ID: <20240927155247.1012846-3-JPEWhacker@gmail.com> (raw)
In-Reply-To: <20240927155247.1012846-1-JPEWhacker@gmail.com>
"gitsm" is not a recognized URI protocol (outside of bitbake), so map it
to "git" when writing. This should be OK since we report all of the
submodule source code (if enabled), and it's still possible for 3rd
party analyzers to determine that submodules are in use by looking at
.gitmodules.
The code to do the mapping is moved to a common location so it covers
SPDX 2.2 also
[YOCTO #15582]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx-2.2.bbclass | 11 +----------
meta/lib/oe/spdx30_tasks.py | 13 +++----------
meta/lib/oe/spdx_common.py | 20 +++++++++++++++++++-
3 files changed, 23 insertions(+), 21 deletions(-)
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
index 795ba1a8826..cd1d6819bf7 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -354,15 +354,6 @@ def add_download_packages(d, doc, recipe):
if f.type == "file":
continue
- uri = f.type
- proto = getattr(f, "proto", None)
- if proto is not None:
- uri = uri + "+" + proto
- uri = uri + "://" + f.host + f.path
-
- if f.method.supports_srcrev():
- uri = uri + "@" + f.revisions[name]
-
if f.method.supports_checksum(f):
for checksum_id in CHECKSUM_LIST:
if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
@@ -377,7 +368,7 @@ def add_download_packages(d, doc, recipe):
c.checksumValue = expected_checksum
package.checksums.append(c)
- package.downloadLocation = uri
+ package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, name)
doc.packages.append(package)
doc.add_relationship(doc, "DESCRIBES", package)
# In the future, we might be able to do more fancy dependencies,
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 70d1bc7e8ae..1ae13b4af82 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -379,22 +379,15 @@ def add_download_files(d, objset):
inputs.add(file)
else:
- uri = fd.type
- proto = getattr(fd, "proto", None)
- if proto is not None:
- uri = uri + "+" + proto
- uri = uri + "://" + fd.host + fd.path
-
- if fd.method.supports_srcrev():
- uri = uri + "@" + fd.revisions[name]
-
dl = objset.add(
oe.spdx30.software_Package(
_id=objset.new_spdxid("source", str(download_idx + 1)),
creationInfo=objset.doc.creationInfo,
name=file_name,
software_primaryPurpose=primary_purpose,
- software_downloadLocation=uri,
+ software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
+ fd, name
+ ),
)
)
diff --git a/meta/lib/oe/spdx_common.py b/meta/lib/oe/spdx_common.py
index dfe90f96cf9..1ea55419aeb 100644
--- a/meta/lib/oe/spdx_common.py
+++ b/meta/lib/oe/spdx_common.py
@@ -42,7 +42,6 @@ def is_work_shared_spdx(d):
def load_spdx_license_data(d):
-
with open(d.getVar("SPDX_LICENSES"), "r") as f:
data = json.load(f)
# Transform the license array to a dictionary
@@ -225,3 +224,22 @@ def get_patched_src(d):
bb.utils.mkdirhier(spdx_workdir)
finally:
d.setVar("WORKDIR", workdir)
+
+
+def fetch_data_to_uri(fd, name):
+ """
+ Translates a bitbake FetchData to a string URI
+ """
+ uri = fd.type
+ # Map gitsm to git, since gitsm:// is not a valid URI protocol
+ if uri == "gitsm":
+ uri = "git"
+ proto = getattr(fd, "proto", None)
+ if proto is not None:
+ uri = uri + "+" + proto
+ uri = uri + "://" + fd.host + fd.path
+
+ if fd.method.supports_srcrev():
+ uri = uri + "@" + fd.revisions[name]
+
+ return uri
--
2.46.0
next prev parent reply other threads:[~2024-09-27 15:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-27 15:51 [OE-core][PATCH 0/4] SPDX 3.0 improvements Joshua Watt
2024-09-27 15:51 ` [OE-core][PATCH 1/4] spdx 3.0: Find local sources when searching for debug sources Joshua Watt
2024-09-27 15:51 ` Joshua Watt [this message]
2024-09-27 15:51 ` [OE-core][PATCH 3/4] create-spdx-3.0: Upgrade to SPDX 3.0.1 Joshua Watt
2024-09-27 16:02 ` Ross Burton
2024-09-27 18:26 ` Joshua Watt
2024-09-27 16:08 ` Patchtest results for " patchtest
2024-09-27 15:51 ` [OE-core][PATCH 4/4] Add script to make SPDX bindings Joshua Watt
2024-09-27 16:08 ` Patchtest results for " patchtest
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240927155247.1012846-3-JPEWhacker@gmail.com \
--to=jpewhacker@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox