@@ -588,6 +588,15 @@ def set_purposes(d, element, *var_names, force_purposes=[]):
]
+def add_custom_annotations(d, objset, obj):
+ for var in (d.getVar("SPDX_CUSTOM_ANNOTATION_VARS") or "").split():
+ objset.new_annotation(
+ obj,
+ "%s=%s" % (var, d.getVar(var)),
+ oe.spdx30.AnnotationType.other,
+ )
+
+
def set_purls(spdx_package, purls):
if purls:
spdx_package.software_packageUrl = purls[0]
@@ -639,6 +648,8 @@ def create_recipe_spdx(d):
ext.is_native = True
recipe.extension.append(ext)
+ add_custom_annotations(d, recipe_objset, recipe)
+
set_purls(recipe, (d.getVar("SPDX_PACKAGE_URLS") or "").split())
# TODO: This doesn't work before do_unpack because the license text has to
@@ -839,12 +850,7 @@ def create_spdx(d):
build_objset.set_is_native(is_native)
- for var in (d.getVar("SPDX_CUSTOM_ANNOTATION_VARS") or "").split():
- build_objset.new_annotation(
- build,
- "%s=%s" % (var, d.getVar(var)),
- oe.spdx30.AnnotationType.other,
- )
+ add_custom_annotations(d, build_objset, build)
build_inputs = set()
In addition to adding custom annotations to the build, add them to the recipe as well. Historically in the SPDX 2.2 implementation, there was no concept of a "build" and instead just a "recipe" SPDX package that represented both the recipe itself and the build that produced the runtime packages. The custom annotations were attached to this package. When SPDX 3 was first introduced, this unified recipe package was not kept and instead only a build object was created to represent the production of the runtime packages; as such the custom annotations were attached to this build. Later, it was desired to re-introduce a package to represent the recipe itself for various reasons, however the custom annotations were not attached to the recipe object at that time. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> --- meta/lib/oe/spdx30_tasks.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-)