@@ -1115,11 +1115,28 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None):
logit("Considering setscene task: %s" % (str(taskdependees[task])), log)
- directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_create_recipe_spdx", "do_deploy_archives"]
+ directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_deploy_archives"]
+
+ # SPDX tasks are only needed if depended on directly, unless they are
+ # needed by another task that is creating SPDX documents
+ SPDX_TASKS = {"do_create_spdx", "do_create_recipe_spdx", "do_create_package_spdx"}
def isNativeCross(x):
return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross")
+ def isSpdxTask(key):
+ taskname = taskdependees[key][1]
+ # Tasks that start with "do_deploy" might be included in
+ # SPDX_DEPLOY_TASKS and should be kept
+ if taskname.startswith("do_deploy"):
+ return True
+
+ # Tasks that are don't start with do_deploy, but still deploy SPDX data
+ if taskname in {"do_image_complete", "do_populate_sdk", "do_populate_sdk_ext"}:
+ return True
+
+ return taskname in SPDX_TASKS
+
# We only need to trigger deploy_source_date_epoch through direct dependencies
if taskdependees[task][1] in directtasks:
return True
@@ -1132,6 +1149,8 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None):
return False
return True
+ spdx_deps = []
+
for dep in taskdependees:
logit(" considering dependency: %s" % (str(taskdependees[dep])), log)
if task == dep:
@@ -1188,12 +1207,27 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None):
# Target populate_sysroot need their dependencies
return False
- if taskdependees[dep][1] in directtasks:
+ # Collect dependees that create SPDX documents
+ if isSpdxTask(dep):
+ spdx_deps.append(dep)
+ continue
+
+ if taskdependees[dep][1] in directtasks or taskdependees[dep][1] in SPDX_TASKS:
continue
# Safe fallthrough default
logit(" Default setscene dependency fall through due to dependency: %s" % (str(taskdependees[dep])), log)
return False
+
+ # SPDX generating tasks can refer to the SPDXID from the SPDX output of
+ # their dependencies. Therefore if the current task can generate SPDX and
+ # is depended on by another SPDX generating task, it must be kept so that
+ # the IDs can be correctly resolved when merging SPDX output into a
+ # complete SBoM
+ if spdx_deps and isSpdxTask(task):
+ logit(f"Keeping SPDX task {taskdependees[task]} needed by SPDX task(s) {', '.join(str(taskdependees[k]) for k in spdx_deps)}", log)
+ return False
+
return True
addhandler sstate_eventhandler
Tasks that create SPDX documents can reference SPDX ids from documents created by any task they depend on. When it comes time to create the final SBoM, these referenced SPDX ids must be present so that they can be merged into the SBoM. Specifically, when a task that restores from sstate (a setscene task) is one that can create an SPDX document, and that task is depended on by at least one other task that can create an SPDX document, it must always be restored. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> --- meta/classes-global/sstate.bbclass | 38 ++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-)