| Message ID | 20260629092104.104890-1-wbeasley@thegoodpenguin.co.uk |
|---|---|
| State | New |
| Headers | show |
| Series | sbom-cve-check: Fix sbom timestamp mismatch when it is restored from sstate | expand |
diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass index 451595f1d7..3a9fb39df6 100644 --- a/meta/classes-recipe/sbom-cve-check.bbclass +++ b/meta/classes-recipe/sbom-cve-check.bbclass @@ -14,9 +14,9 @@ python do_sbom_cve_check() { """ Task: Run sbom-cve-check analysis on SBOM. """ - sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.spdx.json") image_name = d.getVar("IMAGE_NAME") link_name = d.getVar("IMAGE_LINK_NAME") + sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/%s.spdx.json" % (link_name or image_name)) run_sbom_cve_check(d, sbom_path, image_name, link_name) }
When do_create_image_sbom_spdx is restored from sstate the filename of the sbom will not match the IMAGE_NAME format as the timestamp will not match. This causes a failure when the CVE databases have updated, so do_sbom_cve_check misses sstate cache and is run fresh. This expects an sbom with the current IMAGE_NAME timestamp. Revert sbom_path back to using IMAGE_LINK_NAME (introduced in commit 2a80840), falling back to IMAGE_NAME when IMAGE_LINK_NAME is empty. Signed-off-by: William Beasley <wbeasley@thegoodpenguin.co.uk> --- meta/classes-recipe/sbom-cve-check.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)