| Message ID | 20250324065407.1055382-2-hongxu.jia@windriver.com |
|---|---|
| State | Accepted, archived |
| Commit | e6ff5f4d870624795bd36572f5c2bfeec90d83ce |
| Headers | show |
| Series | [1/2] create-spdx-2.2: fix collect dep recipes failed | expand |
LGTM, Thanks Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> On Mon, Mar 24, 2025 at 12:54 AM Hongxu Jia <hongxu.jia@windriver.com> wrote: > > By default, still use ${PV} as the the version of a package in SBOM 3 > $ bitbake acl > $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json > ... > { > "type": "software_Package", > ... > "name": "acl", > "software_packageVersion": "2.3.2" > }, > ... > > Support to override it by setting SPDX_PACKAGE_VERSION, such as > set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append > PR to software_packageVersion in SBOM 3 > $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf > $ bitbake acl > $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json > ... > { > "type": "software_Package", > ... > "name": "acl", > "software_packageVersion": "2.3.2-r0" > }, > ... > > Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> > --- > meta/classes/create-spdx-3.0.bbclass | 3 +++ > meta/lib/oe/spdx30_tasks.py | 2 +- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass > index b4a5156e709..044517d9f72 100644 > --- a/meta/classes/create-spdx-3.0.bbclass > +++ b/meta/classes/create-spdx-3.0.bbclass > @@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's > SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \ > is supplying artifacts produced by the build" > > +SPDX_PACKAGE_VERSION ??= "${PV}" > +SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \ > + in software_Package" > > IMAGE_CLASSES:append = " create-spdx-image-3.0" > SDK_CLASSES += "create-spdx-sdk-3.0" > diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py > index 1629ed69cee..52329760b6a 100644 > --- a/meta/lib/oe/spdx30_tasks.py > +++ b/meta/lib/oe/spdx30_tasks.py > @@ -606,7 +606,7 @@ def create_spdx(d): > _id=pkg_objset.new_spdxid("package", pkg_name), > creationInfo=pkg_objset.doc.creationInfo, > name=pkg_name, > - software_packageVersion=d.getVar("PV"), > + software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"), > ) > ) > set_timestamp_now(d, spdx_package, "builtTime") > -- > 2.34.1 >
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index b4a5156e709..044517d9f72 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \ is supplying artifacts produced by the build" +SPDX_PACKAGE_VERSION ??= "${PV}" +SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \ + in software_Package" IMAGE_CLASSES:append = " create-spdx-image-3.0" SDK_CLASSES += "create-spdx-sdk-3.0" diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 1629ed69cee..52329760b6a 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -606,7 +606,7 @@ def create_spdx(d): _id=pkg_objset.new_spdxid("package", pkg_name), creationInfo=pkg_objset.doc.creationInfo, name=pkg_name, - software_packageVersion=d.getVar("PV"), + software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"), ) ) set_timestamp_now(d, spdx_package, "builtTime")
By default, still use ${PV} as the the version of a package in SBOM 3 $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2" }, ... Support to override it by setting SPDX_PACKAGE_VERSION, such as set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append PR to software_packageVersion in SBOM 3 $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2-r0" }, ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- meta/classes/create-spdx-3.0.bbclass | 3 +++ meta/lib/oe/spdx30_tasks.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-)