@@ -137,6 +137,11 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
spdx_files = []
file_counter = 1
+
+ check_compiled_sources = d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1"
+ if check_compiled_sources:
+ compiled_sources, types = oe.spdx_common.get_compiled_sources(d)
+ bb.debug(1, f"Total compiled files: {len(compiled_sources)}")
for subdir, dirs, files in os.walk(topdir):
dirs[:] = [d for d in dirs if d not in ignore_dirs]
if subdir == str(topdir):
@@ -147,6 +152,10 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
filename = str(filepath.relative_to(topdir))
if not filepath.is_symlink() and filepath.is_file():
+ # Check if file is compiled
+ if check_compiled_sources:
+ if not oe.spdx_common.is_compiled_source(filename, compiled_sources, types):
+ continue
spdx_file = oe.spdx.SPDXFile()
spdx_file.SPDXID = get_spdxid(file_counter)
for t in get_types(filepath):
@@ -26,6 +26,7 @@ SPDX_TOOL_VERSION ??= "1.0"
SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
SPDX_INCLUDE_SOURCES ??= "0"
+SPDX_INCLUDE_COMPILED_SOURCES ??= "0"
SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs"
@@ -40,6 +41,8 @@ SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}"
python () {
from oe.cve_check import extend_cve_status
extend_cve_status(d)
+ if d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1":
+ d.setVar("SPDX_INCLUDE_SOURCES", "1")
}
def create_spdx_source_deps(d):
@@ -156,6 +156,11 @@ def add_package_files(
bb.note(f"Skip {topdir}")
return spdx_files
+ check_compiled_sources = d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1"
+ if check_compiled_sources:
+ compiled_sources, types = oe.spdx_common.get_compiled_sources(d)
+ bb.debug(1, f"Total compiled files: {len(compiled_sources)}")
+
for subdir, dirs, files in os.walk(topdir, onerror=walk_error):
dirs[:] = [d for d in dirs if d not in ignore_dirs]
if subdir == str(topdir):
@@ -171,6 +176,11 @@ def add_package_files(
filename = str(filepath.relative_to(topdir))
file_purposes = get_purposes(filepath)
+ # Check if file is compiled
+ if check_compiled_sources:
+ if not oe.spdx_common.is_compiled_source(filename, compiled_sources, types):
+ continue
+
spdx_file = objset.new_file(
get_spdxid(file_counter),
filename,
@@ -242,3 +242,52 @@ def fetch_data_to_uri(fd, name):
uri = uri + "@" + fd.revision
return uri
+
+def is_compiled_source (filename, compiled_sources, types):
+ """
+ Check if the file, is a compiled file
+ """
+ import os
+ # If we don't have compiled source, we assume all are compiled.
+ if len(compiled_sources) == 0:
+ return True
+ # We remove the top directory, to match the format in compiled sources
+ relative = filename[filename.find("/")+1:]
+ basename = os.path.basename(filename)
+ # We return always true if the file type is not in the list of compiled files
+ if basename[basename.find("."):] not in types:
+ return True
+ # Check that the file is in the list
+ return relative in compiled_sources
+
+def get_compiled_sources(d):
+ """
+ Get list of compiled sources from debug information and normalize the paths
+ """
+ sourcefile = d.expand("${PKGDESTWORK}/debugsources/${PN}-debugsources.list")
+ pn = d.getVar('PN')
+ pv = d.getVar('PV')
+
+ if not os.path.isfile(sourcefile):
+ bb.debug(1, "Do not have debugsources.list. Skipping")
+ return [], []
+ with open(sourcefile, 'r') as sf:
+ # We need to normalize the path to match the one in the package
+ # kernel is special case that doesn't match pn
+ # filenames are null-separated - this is an artefact of the previous use
+ # of rpm's debugedit
+ sources = sf.readline()\
+ .replace(f"/usr/src/debug/{pn}/","")\
+ .replace(f"/usr/src/kernel/","")\
+ .replace(f"/usr/src/{pn}/","")\
+ .replace(f"{pv}/","")\
+ .split('\0')
+ # Check extensions of files
+ types = []
+ for src in sources:
+ basename = os.path.basename(src)
+ ext = basename[basename.find("."):]
+ if ext not in types and len(ext)>0:
+ types.append(ext)
+ bb.debug(1, f"Num of sources: {len(sources)} and types: {len(types)} {str(types)}")
+ return sources, types