| Message ID | 20250619085215.1942667-1-daniel.turull@ericsson.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Add SPDX_INCLUDE_COMPILED_SOURCES documentation | expand |
On Thu Jun 19, 2025 at 10:52 AM CEST, Daniel Turull via lists.yoctoproject.org wrote: > From: Daniel Turull <daniel.turull@ericsson.com> > > Adding documentation for the new feature to store in SPDX > only the compiled sources. > > Merged in Oe-core: c6a2f1fca76fae4c3ea471a0c63d0b453beea968 > - spdx: add option to include only compiled sources > > Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> > --- > documentation/dev-manual/sbom.rst | 3 +++ > documentation/ref-manual/variables.rst | 13 +++++++++++++ > 2 files changed, 16 insertions(+) > > diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst > index e6806ce92..ca0fc8b9d 100644 > --- a/documentation/dev-manual/sbom.rst > +++ b/documentation/dev-manual/sbom.rst > @@ -60,6 +60,9 @@ more information in the output :term:`SPDX` data: > - Add a description of the source files used to generate host tools and target > packages (:term:`SPDX_INCLUDE_SOURCES`) > > +- Add a description of the **compiled** source files used to generate host tools > + and target packages (:term:`SPDX_INCLUDE_COMPILED_SOURCES`) > + > - Add archives of these source files themselves (:term:`SPDX_ARCHIVE_SOURCES`). > > Though the toplevel :term:`SPDX` output is available in > diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst > index 5c18b852d..39a134a09 100644 > --- a/documentation/ref-manual/variables.rst > +++ b/documentation/ref-manual/variables.rst > @@ -8764,6 +8764,19 @@ system and gives an overview of their function and contents. > image), compared to just using the :ref:`ref-classes-create-spdx` class > with no option. > > + :term:`SPDX_INCLUDE_COMPILED_SOURCES` > + This option allows the same as :term:`SPDX_INCLUDE_SOURCES` but including > + only the sources used to compiled the host tools and the target packages. s/compiled/compile/ Reading the description of SPDX_INCLUDE_SOURCES: This option allows to add a description of the source files used to build the host tools and the target packages, to the ``spdx.json`` files in ... The only difference seems to be "to build". Your description uses "to compile"... so I don't really get the difference. Maybe bad phrasing in the description of SPDX_INCLUDE_SOURCES? Can you clarify? > + > + Enable this option as follows:: > + > + SPDX_INCLUDE_COMPILED_SOURCES = "1" > + > + According to our tests on release master, building 'master' is not really a release. Can you simplify to "According to our tests, building..."? > + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling > + this option compated with the :term:`SPDX_INCLUDE_SOURCES` reduces the size s/compated/compared/ > + of the ``tmp/deploy/spdx`` directory from 2GB to 1.6GB. > + > :term:`SPDX_NAMESPACE_PREFIX` > This option could be used in order to change the prefix of ``spdxDocument`` > and the prefix of ``documentNamespace``. It is set by default to Thanks, Antonin
Thanks for looking into it. I'll fix the typo and I'll clarify the description, explain the difference in a clear way and incorporate your suggestion. Daniel > -----Original Message----- > From: Antonin Godard <antonin.godard@bootlin.com> > Sent: Thursday, 19 June 2025 11:14 > To: Daniel Turull <daniel.turull@ericsson.com>; docs@lists.yoctoproject.org > Subject: Re: [docs] [PATCH] Add SPDX_INCLUDE_COMPILED_SOURCES > documentation > > [You don't often get email from antonin.godard@bootlin.com. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > On Thu Jun 19, 2025 at 10:52 AM CEST, Daniel Turull via lists.yoctoproject.org > wrote: > > From: Daniel Turull <daniel.turull@ericsson.com> > > > > Adding documentation for the new feature to store in SPDX only the > > compiled sources. > > > > Merged in Oe-core: c6a2f1fca76fae4c3ea471a0c63d0b453beea968 > > - spdx: add option to include only compiled sources > > > > Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> > > --- > > documentation/dev-manual/sbom.rst | 3 +++ > > documentation/ref-manual/variables.rst | 13 +++++++++++++ > > 2 files changed, 16 insertions(+) > > > > diff --git a/documentation/dev-manual/sbom.rst > > b/documentation/dev-manual/sbom.rst > > index e6806ce92..ca0fc8b9d 100644 > > --- a/documentation/dev-manual/sbom.rst > > +++ b/documentation/dev-manual/sbom.rst > > @@ -60,6 +60,9 @@ more information in the output :term:`SPDX` data: > > - Add a description of the source files used to generate host tools and target > > packages (:term:`SPDX_INCLUDE_SOURCES`) > > > > +- Add a description of the **compiled** source files used to generate host > tools > > + and target packages (:term:`SPDX_INCLUDE_COMPILED_SOURCES`) > > + > > - Add archives of these source files themselves > (:term:`SPDX_ARCHIVE_SOURCES`). > > > > Though the toplevel :term:`SPDX` output is available in diff --git > > a/documentation/ref-manual/variables.rst > > b/documentation/ref-manual/variables.rst > > index 5c18b852d..39a134a09 100644 > > --- a/documentation/ref-manual/variables.rst > > +++ b/documentation/ref-manual/variables.rst > > @@ -8764,6 +8764,19 @@ system and gives an overview of their function and > contents. > > image), compared to just using the :ref:`ref-classes-create-spdx` class > > with no option. > > > > + :term:`SPDX_INCLUDE_COMPILED_SOURCES` > > + This option allows the same as :term:`SPDX_INCLUDE_SOURCES` but > including > > + only the sources used to compiled the host tools and the target packages. > > s/compiled/compile/ > > Reading the description of SPDX_INCLUDE_SOURCES: > > This option allows to add a description of the source files used to build > the host tools and the target packages, to the ``spdx.json`` files in ... > > The only difference seems to be "to build". Your description uses "to compile"... > so I don't really get the difference. Maybe bad phrasing in the description of > SPDX_INCLUDE_SOURCES? Can you clarify? > > > + > > + Enable this option as follows:: > > + > > + SPDX_INCLUDE_COMPILED_SOURCES = "1" > > + > > + According to our tests on release master, building > > 'master' is not really a release. Can you simplify to "According to our tests, > building..."? > > > + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling > > + this option compated with the :term:`SPDX_INCLUDE_SOURCES` > > + reduces the size > > s/compated/compared/ > > > + of the ``tmp/deploy/spdx`` directory from 2GB to 1.6GB. > > + > > :term:`SPDX_NAMESPACE_PREFIX` > > This option could be used in order to change the prefix of ``spdxDocument`` > > and the prefix of ``documentNamespace``. It is set by default > > to > > > Thanks, > Antonin > > -- > Antonin Godard, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.co/ > m%2F&data=05%7C02%7Cdaniel.turull%40ericsson.com%7C213b9d0285b3412f > afef08ddaf119232%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638 > 859212179037319%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydW > UsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D > %7C0%7C%7C%7C&sdata=g6mZ1giOIaR%2BBoFjr1ryh0S4Ab70k5Q5VGCgyskUSJ > w%3D&reserved=0
diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst index e6806ce92..ca0fc8b9d 100644 --- a/documentation/dev-manual/sbom.rst +++ b/documentation/dev-manual/sbom.rst @@ -60,6 +60,9 @@ more information in the output :term:`SPDX` data: - Add a description of the source files used to generate host tools and target packages (:term:`SPDX_INCLUDE_SOURCES`) +- Add a description of the **compiled** source files used to generate host tools + and target packages (:term:`SPDX_INCLUDE_COMPILED_SOURCES`) + - Add archives of these source files themselves (:term:`SPDX_ARCHIVE_SOURCES`). Though the toplevel :term:`SPDX` output is available in diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 5c18b852d..39a134a09 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -8764,6 +8764,19 @@ system and gives an overview of their function and contents. image), compared to just using the :ref:`ref-classes-create-spdx` class with no option. + :term:`SPDX_INCLUDE_COMPILED_SOURCES` + This option allows the same as :term:`SPDX_INCLUDE_SOURCES` but including + only the sources used to compiled the host tools and the target packages. + + Enable this option as follows:: + + SPDX_INCLUDE_COMPILED_SOURCES = "1" + + According to our tests on release master, building + ``core-image-minimal`` for the ``qemux86-64`` machine, enabling + this option compated with the :term:`SPDX_INCLUDE_SOURCES` reduces the size + of the ``tmp/deploy/spdx`` directory from 2GB to 1.6GB. + :term:`SPDX_NAMESPACE_PREFIX` This option could be used in order to change the prefix of ``spdxDocument`` and the prefix of ``documentNamespace``. It is set by default to