| Message ID | 20251021165936.2184794-2-jose.quaresma@oss.qualcomm.com |
|---|---|
| State | New |
| Headers | show |
| Series | spdx-common: load_spdx_license_data depends on the SPDX_LICENSES content | expand |
diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index ca0416d1c7..69ced76150 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -105,3 +105,4 @@ oe.spdx_common.collect_direct_deps[vardepsexclude] += "BB_TASKDEPDATA" oe.spdx_common.collect_direct_deps[vardeps] += "DEPENDS" oe.spdx_common.collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA" oe.spdx_common.get_patched_src[vardepsexclude] += "STAGING_KERNEL_DIR" +oe.spdx_common.load_spdx_license_data[file-checksums] += "${SPDX_LICENSES}:True"
If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives. The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file don't use the bitbake fetcher and because of this their checksum is not validated. So we need to add this file to the build dependency chain of the SPDX. For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file meta/files/spdx-licenses.json. Since the file content is not taken into account, we end up creating invalid sstate-cache artifacts on the autobuilder on master-next builds. This created sstate-cache artifacts will also be available to master branch users that are using the upstream sstate-cache mirror. If someone is using the public mirror but still following the master branch they will encounter something like the following error which this change aims to resolve. | ERROR: initramfs-rootfs-image-1.0-r0 do_create_image_sbom_spdx: http://spdxdocs.org/openembedded-alias/by-doc-hash/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc/zlib/UNIHASH/license/3_27_0/Zlib not found in /work/build/tmp/deploy/spdx/3.0.1/armv8a/by-spdxid-hash/57/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc.spdx.json Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com> --- meta/classes/spdx-common.bbclass | 1 + 1 file changed, 1 insertion(+)