diff mbox series

sbom-cve-check: Fix sbom timestamp mismatch when it is restored from sstate

Message ID 20260629092104.104890-1-wbeasley@thegoodpenguin.co.uk
State New
Headers show
Series sbom-cve-check: Fix sbom timestamp mismatch when it is restored from sstate | expand

Commit Message

William Beasley June 29, 2026, 9:21 a.m. UTC 
When do_create_image_sbom_spdx is restored from sstate the filename of the sbom
will not match the IMAGE_NAME format as the timestamp will not match.

This causes a failure when the CVE databases have updated, so do_sbom_cve_check
misses sstate cache and is run fresh. This expects an sbom with the current
IMAGE_NAME timestamp.

Revert sbom_path back to using IMAGE_LINK_NAME (introduced in commit 2a80840),
falling back to IMAGE_NAME when IMAGE_LINK_NAME is empty.

Signed-off-by: William Beasley <wbeasley@thegoodpenguin.co.uk>
---
 meta/classes-recipe/sbom-cve-check.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass
index 451595f1d7..3a9fb39df6 100644
--- a/meta/classes-recipe/sbom-cve-check.bbclass
+++ b/meta/classes-recipe/sbom-cve-check.bbclass
@@ -14,9 +14,9 @@  python do_sbom_cve_check() {
     """
     Task: Run sbom-cve-check analysis on SBOM.
     """
-    sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.spdx.json")
     image_name = d.getVar("IMAGE_NAME")
     link_name = d.getVar("IMAGE_LINK_NAME")
+    sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/%s.spdx.json" % (link_name or image_name))
     run_sbom_cve_check(d, sbom_path, image_name, link_name)
 }