From patchwork Tue Jun 9 22:15:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 89610 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FD77CD98C6 for ; Tue, 9 Jun 2026 22:23:49 +0000 (UTC) Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com [209.85.160.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.7677.1781043824914108722 for ; Tue, 09 Jun 2026 15:23:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=IksIcCFx; spf=pass (domain: gmail.com, ip: 209.85.160.51, mailfrom: jpewhacker@gmail.com) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-43d2ff651f2so4940713fac.2 for ; Tue, 09 Jun 2026 15:23:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1781043824; x=1781648624; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qTsexwYYowGfqXylTEFJrylMlmDVzBfXHqyb2GoRavE=; b=IksIcCFxD9ldLCIo0juvMHOM209ao9/XRfnh31I//t17G3dAeVZ9Qe9WZEKbyZDcHC RoG9zNdT5fTNg8cSuuLE8gCpY9T6VpHxAhRU8UHeLD3wkuyynpNHY/K2izB8NZkk6dUU 1ll3zVwtoFprzYtwl2LN+JydYPGh3rftItFajQUFj/jBEHBuLMfDF8C/mzQwYDD0jlfH yrcKTm1NfYfWzJfDAUZSsoSU5szrekBE3XYJ92xc1lM+Pq7HEix6h/LMS1leRXFD0X0h sFs5Tkw5Ic1nRQa7hIezBhO4EgRg8q60ROOhkdA7TG7v14INOLG0M0sDL7Z/OntuIlh1 AVwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781043824; x=1781648624; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qTsexwYYowGfqXylTEFJrylMlmDVzBfXHqyb2GoRavE=; b=GF3LgPQCGmjGT94+MUCWN6BgybqbMNd7u3Nv5eUEO2mdO1xM3xeamc4fp6O7zM00UO wPPno9jnNVX9knrwDWmBjxAKWcGgcotibuLeudvXwg6oK4g2bDEzeYNvgx9NxmBMH9OT X75i/noOs1r315TIJf4VTrdkUEsFSfTgaMcyOg/hz39t7oHzfqXVBR6O2Igj6KhJhMeQ LaH/WSt7H4NYGR0mh/BOxnOhfUGLN8ozIMu+7SDSz4ll3dWKx4iX+vbWPRxkhjfJpDqQ NKoqXlOkbas3eoSpHpH8l3Ywep95lmSNMA1KR77XQvIg6w2Rae60g1Dgfnx2+xnvf69P 15xQ== X-Gm-Message-State: AOJu0Yy8+AROBt5vpuzeGGtmMaQNMytRIetByZXcxBxvaREaIMBIQ2PQ cB41KtvlurN0KMhmkw3ukTzJRNwkvdEeA0xvKPhNAhQHdSF8AbVD+syOn5nNog== X-Gm-Gg: Acq92OGtuGXZVeuizzFHxdnLKrM+ZY5ZOtC9HGV1Fwh60WKp4/8YmHaCXCLdIEb2AjL VDuk+7SqNuAaAGc4R7MEMKrPmPxMnpHUBDgbeW4Owg04NJyIzDdrnQZhHNhjJEYyQ3XaLk7K8li m/L9ArSbHheRIqLDpInyi2AnXeRwxwQSAce9g34dAMtHIK1c/5szOSwQVjQllvMOsvyfr+vyme7 /q0l5bbTzuTzbnHGdHAtUXdEQl+iXCyT1lIBQTEbwsfqwflJYojzME0u8Ae1T+99KBmbWOR2cxi gvdkekN5hSxs6zL99rfpEiddSYP/UIzJX1SH9ZfUBDpefYuU44jlAr0fJpM59J+yGaWBB35jctR 85dpXzxmA8D4kGqroUZIOinYAUoR6Qptp2TXcctCDDU8BTE5UfZfnaf1RHsR0IFFPX94hB14U4a nDHQ/7qRzvtsU7uFQvc+acFl1bKk/5WQ== X-Received: by 2002:a05:687c:22d4:20b0:442:892:9aea with SMTP id 586e51a60fabf-44208936b87mr975752fac.32.1781043824060; Tue, 09 Jun 2026 15:23:44 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::ce1]) by smtp.gmail.com with ESMTPSA id 586e51a60fabf-440d7d4f449sm19122610fac.8.2026.06.09.15.23.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jun 2026 15:23:42 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH 5/5] spdx: Replace do_create_image_spdx with deploy task Date: Tue, 9 Jun 2026 16:15:56 -0600 Message-ID: <20260609222331.1293007-6-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260609222331.1293007-1-JPEWhacker@gmail.com> References: <20260609222331.1293007-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 09 Jun 2026 22:23:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/238308 Replaces the dedicated do_create_image_spdx task with a deploy task tied to do_image_complete (which is task that deploys images). This has the advantage that images recipe SPDX dependencies are now completely automatically detected in the task graph, and the SPDX documents are merged in automatically when dependencies on do_image_complete are detected Signed-off-by: Joshua Watt --- .../create-spdx-image-3.0.bbclass | 30 +++++++------------ meta/classes-recipe/nospdx.bbclass | 1 - meta/classes/create-spdx-3.0.bbclass | 3 -- meta/classes/spdx-common.bbclass | 1 - meta/lib/oe/spdx30_tasks.py | 21 ++++++++----- 5 files changed, 24 insertions(+), 32 deletions(-) diff --git a/meta/classes-recipe/create-spdx-image-3.0.bbclass b/meta/classes-recipe/create-spdx-image-3.0.bbclass index a96cfb25ed..708981a0c0 100644 --- a/meta/classes-recipe/create-spdx-image-3.0.bbclass +++ b/meta/classes-recipe/create-spdx-image-3.0.bbclass @@ -30,7 +30,7 @@ python do_create_rootfs_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_rootfs_spdx(d) } -addtask do_create_rootfs_spdx after do_rootfs do_create_recipe_spdx before do_image +addtask do_create_rootfs_spdx after do_rootfs do_create_recipe_spdx before do_image do_image_complete SSTATETASKS += "do_create_rootfs_spdx" do_create_rootfs_spdx[sstate-inputdirs] = "${SPDXROOTFSDEPLOY}" do_create_rootfs_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}" @@ -43,33 +43,23 @@ python do_create_rootfs_spdx_setscene() { } addtask do_create_rootfs_spdx_setscene -python do_create_image_spdx() { +python create_image_spdx() { import oe.spdx30_tasks - oe.spdx30_tasks.create_image_spdx(d) -} -addtask do_create_image_spdx after do_image_complete do_create_rootfs_spdx do_create_recipe_spdx before do_build -SSTATETASKS += "do_create_image_spdx" -SSTATE_SKIP_CREATION:task-create-image-spdx = "1" -do_create_image_spdx[sstate-inputdirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}" -do_create_image_spdx[cleandirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[dirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[file-checksums] += "${SPDX3_DEP_FILES}" -do_create_image_spdx[vardeps] += "\ - SPDX_IMAGE_PURPOSE \ - " + from pathlib import Path + current_task = "do_" + d.getVar("BB_CURRENTTASK") -python do_create_image_spdx_setscene() { - sstate_setscene(d) -} -addtask do_create_image_spdx_setscene + spdxdeploydir = Path(d.getVar("SPDXDIR") + "/deploy-" + current_task) + oe.spdx30_tasks.create_image_spdx(d, spdxdeploydir) +} +oe.spdx30_tasks.create_image_spdx[vardeps] += "SPDX_IMAGE_PURPOSE" +SPDX_DEPLOY_TASKS += "do_image_complete:create_image_spdx" python do_create_image_sbom_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_image_sbom_spdx(d) } -addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_create_image_spdx before do_build +addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_image_complete before do_build SSTATETASKS += "do_create_image_sbom_spdx" SSTATE_SKIP_CREATION:task-create-image-sbom = "1" do_create_image_sbom_spdx[sstate-inputdirs] = "${SPDXIMAGEDEPLOYDIR}" diff --git a/meta/classes-recipe/nospdx.bbclass b/meta/classes-recipe/nospdx.bbclass index b405f57d11..9c30c4d2c0 100644 --- a/meta/classes-recipe/nospdx.bbclass +++ b/meta/classes-recipe/nospdx.bbclass @@ -9,6 +9,5 @@ deltask do_create_spdx deltask do_create_spdx_runtime deltask do_create_package_spdx deltask do_create_rootfs_spdx -deltask do_create_image_spdx deltask do_create_image_sbom deltask do_create_deploy_sbom diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 19d5a45eba..c0263e4277 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -358,9 +358,6 @@ python () { # for the recipe, at least until it's possible for do_populate_sysroot # to describe it's own output. "do_populate_sysroot": "do_create_spdx", - # If an image is needed, also depend on the task to create the SBoM for - # the image - "do_image_complete": "do_create_image_spdx", } def map_task_deps(task, flag): diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index bca169670d..13839aac3a 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -15,7 +15,6 @@ CVE_VERSION ??= "${PV}" SPDXDIR ??= "${WORKDIR}/spdx/${SPDX_VERSION}" SPDXDEPLOY = "${SPDXDIR}/deploy" SPDXWORK = "${SPDXDIR}/work" -SPDXIMAGEWORK = "${SPDXDIR}/image-work" SPDXSDKWORK = "${SPDXDIR}/sdk-work" SPDXSDKEXTWORK = "${SPDXDIR}/sdk-ext-work" SPDXDEPS = "${SPDXDIR}/deps.json" diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 3dae502e64..f5717b3919 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -1539,19 +1539,19 @@ def create_rootfs_spdx(d): ) -def create_image_spdx(d): +def create_image_spdx(d, spdx_deploy_dir): import oe.sbom30 + pn = d.getVar("PN") + current_task = "do_" + d.getVar("BB_CURRENTTASK") + image_deploy_dir = Path(d.getVar("IMGDEPLOYDIR")) manifest_path = Path(d.getVar("IMAGE_OUTPUT_MANIFEST")) - spdx_work_dir = Path(d.getVar("SPDXIMAGEWORK")) image_basename = d.getVar("IMAGE_BASENAME") machine = d.getVar("MACHINE") - objset = oe.sbom30.ObjectSet.new_objset( - d, "%s-%s-image" % (image_basename, machine) - ) + objset = oe.sbom30.ObjectSet.new_objset(d, f"{pn}-{current_task}-deploy") with manifest_path.open("r") as f: manifest = json.load(f) @@ -1644,13 +1644,18 @@ def create_image_spdx(d): objset.add_aliases() objset.link() oe.sbom30.write_recipe_jsonld_doc( - d, objset, "image", spdx_work_dir, create_task_link=True + d, + objset, + "deploy", + spdx_deploy_dir, + create_task_link=True, ) def create_image_sbom_spdx(d): import oe.sbom30 + pn = d.getVar("PN") image_name = d.getVar("IMAGE_NAME") image_basename = d.getVar("IMAGE_BASENAME") image_link_name = d.getVar("IMAGE_LINK_NAME") @@ -1672,7 +1677,9 @@ def create_image_sbom_spdx(d): root_elements.append(oe.sbom30.get_element_link_id(rootfs_image)) image_objset, _ = oe.sbom30.find_jsonld( - d, "image", "%s-%s-image" % (image_basename, machine), required=True + d, + "deploy", + f"{pn}-do_image_complete-deploy", ) for o in image_objset.foreach_root(oe.spdx30.software_File): root_elements.append(oe.sbom30.get_element_link_id(o))