@@ -23,6 +23,9 @@ def get_namespace(d, name):
namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), name, str(uuid.uuid5(namespace_uuid, name)))
+SPDX_PACKAGE_VERSION ??= "${PV}"
+SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
+ in software_Package"
def create_annotation(d, comment):
from datetime import datetime, timezone
@@ -447,7 +450,7 @@ python do_create_spdx() {
recipe = oe.spdx.SPDXPackage()
recipe.name = d.getVar("PN")
- recipe.versionInfo = d.getVar("PV")
+ recipe.versionInfo = d.getVar("SPDX_PACKAGE_VERSION")
recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
recipe.supplier = d.getVar("SPDX_SUPPLIER")
if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
@@ -556,7 +559,7 @@ python do_create_spdx() {
spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
spdx_package.name = pkg_name
- spdx_package.versionInfo = d.getVar("PV")
+ spdx_package.versionInfo = d.getVar("SPDX_PACKAGE_VERSION")
spdx_package.licenseDeclared = convert_license_to_spdx(package_license, license_data, package_doc, d, found_licenses)
spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
@@ -832,7 +835,7 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx
image = oe.spdx.SPDXPackage()
image.name = d.getVar("PN")
- image.versionInfo = d.getVar("PV")
+ image.versionInfo = d.getVar("SPDX_PACKAGE_VERSION")
image.SPDXID = rootfs_spdxid
image.supplier = d.getVar("SPDX_SUPPLIER")
By default, still use ${PV} as the the version of a package in SBOM 2 $ echo 'INHERIT:remove = "create-spdx"' >> conf/local.conf $ echo 'INHERIT += "create-spdx-2.2"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json ... "name": "acl", "summary": "Utilities for managing POSIX Access Control Lists", "supplier": "Organization: OpenEmbedded ()", "versionInfo": "2.3.2" }, ... Support to override it by setting SPDX_PACKAGE_VERSION, such as set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append PR to versionInfo in SBOM 2 $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/2.2/core2-64/recipes/recipe-acl.spdx.json ... "name": "acl", "summary": "Utilities for managing POSIX Access Control Lists", "supplier": "Organization: OpenEmbedded ()", "versionInfo": "2.3.2-r0" }, ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> --- meta/classes/create-spdx-2.2.bbclass | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)