| Message ID | 20251022090647.419543-4-jose.quaresma@foundries.io |
|---|---|
| State | Accepted, archived |
| Commit | 10669f6f615058293671fb16454601580b7b34e9 |
| Headers | show |
| Series | [v2,1/2] spdx-3.0: replace SPDX3_LIB_DEP_FILES with SPDX3_DEP_FILES | expand |
On Wed, Oct 22, 2025 at 3:07 AM Jose Quaresma via lists.openembedded.org <quaresma.jose=gmail.com@lists.openembedded.org> wrote: > > From: Jose Quaresma <jose.quaresma@oss.qualcomm.com> > > If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives. > The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file > don't use the bitbake fetcher and because of this their checksum is not validated. > So we need to add this file to the build dependency chain of the SPDX. > > For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file > meta/files/spdx-licenses.json. Since the file content is not taken into account, we end > up creating invalid sstate-cache artifacts on the autobuilder on master-next builds. > This created sstate-cache artifacts will also be available to master branch users > that are using the upstream sstate-cache mirror. > > If someone is using the public mirror but still following the master branch > they will encounter something like the following error which this change aims to resolve. > > | ERROR: initramfs-rootfs-image-1.0-r0 do_create_image_sbom_spdx: http://spdxdocs.org/openembedded-alias/by-doc-hash/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc/zlib/UNIHASH/license/3_27_0/Zlib not found in /work/build/tmp/deploy/spdx/3.0.1/armv8a/by-spdxid-hash/57/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc.spdx.json Ah excellent. I think we've seen this error before sporadically. Thanks! LGTM to me Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> > > Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com> > --- > meta/classes/create-spdx-3.0.bbclass | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass > index 3a8a97eca4..a6d2d44e34 100644 > --- a/meta/classes/create-spdx-3.0.bbclass > +++ b/meta/classes/create-spdx-3.0.bbclass > @@ -136,6 +136,7 @@ oe.spdx30_tasks.collect_dep_objsets[vardepsexclude] = "SPDX_MULTILIB_SSTATE_ARCH > SPDX3_DEP_FILES = "\ > ${COREBASE}/meta/lib/oe/sbom30.py:True \ > ${COREBASE}/meta/lib/oe/spdx30.py:True \ > + ${SPDX_LICENSES}:True \ > " > > python do_create_spdx() { > -- > 2.51.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#225180): https://lists.openembedded.org/g/openembedded-core/message/225180 > Mute This Topic: https://lists.openembedded.org/mt/115889319/3616693 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 3a8a97eca4..a6d2d44e34 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -136,6 +136,7 @@ oe.spdx30_tasks.collect_dep_objsets[vardepsexclude] = "SPDX_MULTILIB_SSTATE_ARCH SPDX3_DEP_FILES = "\ ${COREBASE}/meta/lib/oe/sbom30.py:True \ ${COREBASE}/meta/lib/oe/spdx30.py:True \ + ${SPDX_LICENSES}:True \ " python do_create_spdx() {