| Message ID | 20251218120139.104155-2-stondo@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | spdx30: Add summary field and concluded license support | expand |
On Thu, Dec 18, 2025 at 5:01 AM Stefano Tondo via lists.openembedded.org <stondo=gmail.com@lists.openembedded.org> wrote: > > From: Stefano Tondo <stefano.tondo.ext@siemens.com> > > Add automatic population of summary field with intelligent fallback > chain to improve SBOM human-readability and documentation completeness. > > The summary field provides a brief description of each package in the > SBOM, making it easier for humans to understand the purpose of components > without reading full descriptions. The implementation uses a fallback > chain to ensure every package has a meaningful summary: > > SUMMARY:${package} → SUMMARY → DESCRIPTION → generated description > > This improvement addresses SBOM documentation quality requirements and > makes SBOMs more useful for security review and compliance documentation. > > Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com> LGTM thanks. Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> > --- > meta/lib/oe/spdx30_tasks.py | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py > index f731a709e3..286a08ed9b 100644 > --- a/meta/lib/oe/spdx30_tasks.py > +++ b/meta/lib/oe/spdx30_tasks.py > @@ -636,7 +636,22 @@ def create_spdx(d): > set_var_field( > "HOMEPAGE", spdx_package, "software_homePage", package=package > ) > - set_var_field("SUMMARY", spdx_package, "summary", package=package) > + > + # Add summary with fallback to DESCRIPTION > + summary = None > + if package: > + summary = d.getVar("SUMMARY:%s" % package) > + if not summary: > + summary = d.getVar("SUMMARY") > + if not summary: > + # Fallback to DESCRIPTION if SUMMARY not available > + summary = d.getVar("DESCRIPTION") > + if not summary: > + # Last resort: generate from package name > + summary = f"Package {package or d.getVar('PN')}" > + if summary: > + spdx_package.summary = summary > + > set_var_field("DESCRIPTION", spdx_package, "description", package=package) > > if d.getVar("SPDX_PACKAGE_URL:%s" % package) or d.getVar("SPDX_PACKAGE_URL"): > -- > 2.52.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#228118): https://lists.openembedded.org/g/openembedded-core/message/228118 > Mute This Topic: https://lists.openembedded.org/mt/116840956/3616693 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index f731a709e3..286a08ed9b 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -636,7 +636,22 @@ def create_spdx(d): set_var_field( "HOMEPAGE", spdx_package, "software_homePage", package=package ) - set_var_field("SUMMARY", spdx_package, "summary", package=package) + + # Add summary with fallback to DESCRIPTION + summary = None + if package: + summary = d.getVar("SUMMARY:%s" % package) + if not summary: + summary = d.getVar("SUMMARY") + if not summary: + # Fallback to DESCRIPTION if SUMMARY not available + summary = d.getVar("DESCRIPTION") + if not summary: + # Last resort: generate from package name + summary = f"Package {package or d.getVar('PN')}" + if summary: + spdx_package.summary = summary + set_var_field("DESCRIPTION", spdx_package, "description", package=package) if d.getVar("SPDX_PACKAGE_URL:%s" % package) or d.getVar("SPDX_PACKAGE_URL"):