@@ -589,12 +589,14 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
file_licenses = set()
for extracted_lic in oe.spdx_common.extract_licenses(filepath):
- file_licenses.add(self.new_license_expression(extracted_lic, license_data))
+ lic = self.new_license_expression(extracted_lic, license_data)
+ self.set_element_alias(lic)
+ file_licenses.add(lic)
self.new_relationship(
[spdx_file],
oe.spdx30.RelationshipType.hasDeclaredLicense,
- file_licenses,
+ [oe.sbom30.get_element_link_id(lic_alias) for lic_alias in file_licenses],
)
spdx_file.extension.append(OELicenseScannedExtension())
when using SPDX_INCLUDE_SOURCES, it calls scan_declared_licenses to scan licenses from source file, set alias for the newly added license and and license alias to hasDeclaredLicense relationship $ echo 'MACHINE = "qemux86-64"' >> conf/local.conf $ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf $ bitbake shadow $ vim tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json Before this commit ... { "type": "Relationship", ... "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048", "relationshipType": "hasDeclaredLicense", "to": [ "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/license/3_24_0/BSD-3-Clause", ] }, ... After this commit ... { "type": "Relationship", ... "from": "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048", "relationshipType": "hasDeclaredLicense", "to": [ "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause" ] }, ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- meta/lib/oe/sbom30.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)