| Message ID | 20260420-spdx3-improvements-v1-0-27e0d5edcdbe@bootlin.com |
|---|---|
| Headers | show
Return-Path: <benjamin.robin@bootlin.com> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D99EF36C53 for <webhook@archiver.kernel.org>; Mon, 20 Apr 2026 07:45:00 +0000 (UTC) Received: from smtpout-03.galae.net (smtpout-03.galae.net [185.246.85.4]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.14868.1776671087983090768 for <openembedded-core@lists.openembedded.org>; Mon, 20 Apr 2026 00:44:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=2YsxMLsN; spf=pass (domain: bootlin.com, ip: 185.246.85.4, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-03.galae.net (Postfix) with ESMTPS id E25F44E42A72; Mon, 20 Apr 2026 07:44:45 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id A07B45FFA5; Mon, 20 Apr 2026 07:44:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 16E5A10460890; Mon, 20 Apr 2026 09:44:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1776671084; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding; bh=Vx3SMUNUrys1dRmL7WwqT4+VdYXf5BlYsaY3o8qaHis=; b=2YsxMLsNNBndtkKnItLhiE3EzljbLo1OXoUckk3vkBLAPVULjwLVpweAIkIJjnDYuPdH9Y G/Ld/zkCmqGFwcOWwFsFKYphVx8wsU+BpkzoLZ4eFSUZ8cvbwT0zDDSa45rvctBCWvcfa3 0V8LWNNx6/BK1pWz5QMPYlT9lWJmECZrpNn/D00kigDC8Ajcjjb0GL4G0jVrY1FjA5Fc2J IP8+9uEwk92wjyUnUx9qRKLWfM4RbcBNacUurICoGxrgGTV0oT+RjBR5edaBDcZe+TENOY Yx6FhfjVjBfj1jghFeELaqH9gT0xHWuA0MZP0s6n93/zeNNZ2eixqcUkv5DnUw== From: "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com> Subject: [PATCH 00/10] spdx3: Bug fixes and improvements Date: Mon, 20 Apr 2026 09:44:31 +0200 Message-Id: <20260420-spdx3-improvements-v1-0-27e0d5edcdbe@bootlin.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-B4-Tracking: v=1; b=H4sIAAAAAAAC/yXMwQ5EMBCA4VeROW+TqqasV9k4VA1mE9V0EIl4d 8XxO/z/AYyRkKHODoi4EdPsE/JPBm60fkBBXTIoqYzUSgoO3V4ImkKcN5zQLywq43pbqq/VRkM KQ8Se9mf6a17z2v7RLfcJzvMCs5MAcXYAAAA= X-Change-ID: 20260420-spdx3-improvements-86cfa729a464 To: openembedded-core@lists.openembedded.org Cc: richard.purdie@linuxfoundation.org, peter.marko@siemens.com, ross.burton@arm.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, "Benjamin Robin (Schneider Electric)" <benjamin.robin@bootlin.com> X-Mailer: b4 0.15.2 X-Last-TLS-Session-Version: TLSv1.3 List-Id: <openembedded-core.lists.openembedded.org> X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for <openembedded-core@lists.openembedded.org>; Mon, 20 Apr 2026 07:45:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/235541 |
| Series |
spdx3: Bug fixes and improvements
|
expand
|
This series tries to improve the generation of SPDX3 SBOM. I am sorry, this series arrives a bit late... There are various cleanup commits: - Simplify how to reference OEDocumentExtension class. - Simplify the sorting of a license dictionary - Remove unused local variables - Remove redundant '\d' in RegExp There are 2 bug fixes: - Fix undeclared variables in import_bitbake_build() - Fix return value of get_package_sources_from_debug() There are 2 improvements: - Add status notes to VEX relationship. Without this improvement the message provided in CVE_STATUS is lost. The generated JSON generated by the VEX Yocto class provides the information, but the goal is to have everything inside the SPDX3 SBOM file. - Prevents duplication of sources in "hasInput" relationships. Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com> --- Benjamin Robin (Schneider Electric) (10): oe/sbom30: Remove unneeded oe.sbom30. to reference local symbol oe/sbom30: Simplify sorting of license_text_map oe/sbom30: Fix undeclared variable in import_bitbake_build() oe/spdx30_tasks: Remove unused license_ref_idx variable oe/spdx30_tasks: Fix return value of get_package_sources_from_debug oe/spdx30_tasks: Remove unused local variables oe/spdx_common: Remove redundant '\d' in RegExp oe/spdx_common: Remove unused local variables oe/spdx30_task: Add status notes to VEX relationship oe/spdx30_task: Prevent duplication of sources in hasInput rel meta/lib/oe/sbom30.py | 25 +++++++++++++++---------- meta/lib/oe/spdx30_tasks.py | 38 ++++++++++++++++++-------------------- meta/lib/oe/spdx_common.py | 5 +---- 3 files changed, 34 insertions(+), 34 deletions(-) --- base-commit: d9b69d0a2d69e003b9432e1473830a89ff5a06c4 change-id: 20260420-spdx3-improvements-86cfa729a464 Best regards, -- Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>