@@ -352,34 +352,33 @@ def add_download_packages(d, doc, recipe):
for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
f = bb.fetch2.FetchData(src_uri, d)
- for name in f.names:
- package = oe.spdx.SPDXPackage()
- package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
- package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
+ package = oe.spdx.SPDXPackage()
+ package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
+ package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
- if f.type == "file":
- continue
+ if f.type == "file":
+ continue
+
+ if f.method.supports_checksum(f):
+ for checksum_id in CHECKSUM_LIST:
+ if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+ continue
+
+ expected_checksum = getattr(f, "%s_expected" % checksum_id)
+ if expected_checksum is None:
+ continue
- if f.method.supports_checksum(f):
- for checksum_id in CHECKSUM_LIST:
- if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
- continue
-
- expected_checksum = getattr(f, "%s_expected" % checksum_id)
- if expected_checksum is None:
- continue
-
- c = oe.spdx.SPDXChecksum()
- c.algorithm = checksum_id.upper()
- c.checksumValue = expected_checksum
- package.checksums.append(c)
-
- package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, name)
- doc.packages.append(package)
- doc.add_relationship(doc, "DESCRIBES", package)
- # In the future, we might be able to do more fancy dependencies,
- # but this should be sufficient for now
- doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
+ c = oe.spdx.SPDXChecksum()
+ c.algorithm = checksum_id.upper()
+ c.checksumValue = expected_checksum
+ package.checksums.append(c)
+
+ package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, f.name)
+ doc.packages.append(package)
+ doc.add_relationship(doc, "DESCRIBES", package)
+ # In the future, we might be able to do more fancy dependencies,
+ # but this should be sufficient for now
+ doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
def get_license_list_version(license_data, d):
# Newer versions of the SPDX license list are SemVer ("MAJOR.MINOR.MICRO"),
@@ -356,78 +356,77 @@ def add_download_files(d, objset):
for download_idx, src_uri in enumerate(urls):
fd = fetch.ud[src_uri]
- for name in fd.names:
- file_name = os.path.basename(fetch.localpath(src_uri))
- if oe.patch.patch_path(src_uri, fetch, "", expand=False):
- primary_purpose = oe.spdx30.software_SoftwarePurpose.patch
- else:
- primary_purpose = oe.spdx30.software_SoftwarePurpose.source
-
- if fd.type == "file":
- if os.path.isdir(fd.localpath):
- walk_idx = 1
- for root, dirs, files in os.walk(fd.localpath, onerror=walk_error):
- dirs.sort()
- files.sort()
- for f in files:
- f_path = os.path.join(root, f)
- if os.path.islink(f_path):
- # TODO: SPDX doesn't support symlinks yet
- continue
-
- file = objset.new_file(
- objset.new_spdxid(
- "source", str(download_idx + 1), str(walk_idx)
- ),
- os.path.join(
- file_name, os.path.relpath(f_path, fd.localpath)
- ),
- f_path,
- purposes=[primary_purpose],
- )
+ file_name = os.path.basename(fetch.localpath(src_uri))
+ if oe.patch.patch_path(src_uri, fetch, "", expand=False):
+ primary_purpose = oe.spdx30.software_SoftwarePurpose.patch
+ else:
+ primary_purpose = oe.spdx30.software_SoftwarePurpose.source
+
+ if fd.type == "file":
+ if os.path.isdir(fd.localpath):
+ walk_idx = 1
+ for root, dirs, files in os.walk(fd.localpath, onerror=walk_error):
+ dirs.sort()
+ files.sort()
+ for f in files:
+ f_path = os.path.join(root, f)
+ if os.path.islink(f_path):
+ # TODO: SPDX doesn't support symlinks yet
+ continue
- inputs.add(file)
- walk_idx += 1
+ file = objset.new_file(
+ objset.new_spdxid(
+ "source", str(download_idx + 1), str(walk_idx)
+ ),
+ os.path.join(
+ file_name, os.path.relpath(f_path, fd.localpath)
+ ),
+ f_path,
+ purposes=[primary_purpose],
+ )
- else:
- file = objset.new_file(
- objset.new_spdxid("source", str(download_idx + 1)),
- file_name,
- fd.localpath,
- purposes=[primary_purpose],
- )
- inputs.add(file)
+ inputs.add(file)
+ walk_idx += 1
else:
- dl = objset.add(
- oe.spdx30.software_Package(
- _id=objset.new_spdxid("source", str(download_idx + 1)),
- creationInfo=objset.doc.creationInfo,
- name=file_name,
- software_primaryPurpose=primary_purpose,
- software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
- fd, name
- ),
- )
+ file = objset.new_file(
+ objset.new_spdxid("source", str(download_idx + 1)),
+ file_name,
+ fd.localpath,
+ purposes=[primary_purpose],
)
+ inputs.add(file)
- if fd.method.supports_checksum(fd):
- # TODO Need something better than hard coding this
- for checksum_id in ["sha256", "sha1"]:
- expected_checksum = getattr(
- fd, "%s_expected" % checksum_id, None
- )
- if expected_checksum is None:
- continue
+ else:
+ dl = objset.add(
+ oe.spdx30.software_Package(
+ _id=objset.new_spdxid("source", str(download_idx + 1)),
+ creationInfo=objset.doc.creationInfo,
+ name=file_name,
+ software_primaryPurpose=primary_purpose,
+ software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
+ fd, fd.name
+ ),
+ )
+ )
- dl.verifiedUsing.append(
- oe.spdx30.Hash(
- algorithm=getattr(oe.spdx30.HashAlgorithm, checksum_id),
- hashValue=expected_checksum,
- )
+ if fd.method.supports_checksum(fd):
+ # TODO Need something better than hard coding this
+ for checksum_id in ["sha256", "sha1"]:
+ expected_checksum = getattr(
+ fd, "%s_expected" % checksum_id, None
+ )
+ if expected_checksum is None:
+ continue
+
+ dl.verifiedUsing.append(
+ oe.spdx30.Hash(
+ algorithm=getattr(oe.spdx30.HashAlgorithm, checksum_id),
+ hashValue=expected_checksum,
)
+ )
- inputs.add(dl)
+ inputs.add(dl)
return inputs
@@ -239,6 +239,6 @@ def fetch_data_to_uri(fd, name):
uri = uri + "://" + fd.host + fd.path
if fd.method.supports_srcrev():
- uri = uri + "@" + fd.revisions[name]
+ uri = uri + "@" + fd.revision
return uri
Bitbake is dropping the need for fetcher name iteration and multiple revisions per url. Update the code to match (removal of the for loop). Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- meta/classes/create-spdx-2.2.bbclass | 51 ++++++----- meta/lib/oe/spdx30_tasks.py | 125 +++++++++++++-------------- meta/lib/oe/spdx_common.py | 2 +- 3 files changed, 88 insertions(+), 90 deletions(-)