| Message ID | 20260717133421.3510970-5-twoerner@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | wic: ship its tools, and add an SDK_FEATURES lever | expand |
diff --git a/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb b/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb index 7205599288a2..31559eb2cd82 100644 --- a/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb +++ b/meta/recipes-core/packagegroups/nativesdk-packagegroup-sdk-host.bb @@ -30,6 +30,7 @@ RDEPENDS:${PN} = "\ nativesdk-flex \ nativesdk-perl-module-integer \ ${@bb.utils.contains('SDK_FEATURES', 'wic', 'nativesdk-wic', '', d)} \ + ${@bb.utils.contains('SDK_FEATURES', 'sbom', 'nativesdk-python3-spdx-tools nativesdk-python3-sbom-cve-check', '', d)} \ " RDEPENDS:${PN}:darwin = "\
Software composition tooling is useful to have in an SDK for generating or checking SPDX documents and scanning artifacts, but it is not needed by every SDK and pulls in a Python dependency chain, so it should be opt-in rather than always present. Add an "sbom" SDK feature that pulls in the SPDX and SBOM/CVE tools (nativesdk-python3-spdx-tools and nativesdk-python3-sbom-cve-check). It is not enabled by default; a configuration that wants it adds the "sbom" feature to SDK_FEATURES. AI-Generated: codex/claude-opus 4.8 (xhigh) Signed-off-by: Trevor Woerner <twoerner@gmail.com> --- changes in v3: - new in v3 --- .../packagegroups/nativesdk-packagegroup-sdk-host.bb | 1 + 1 file changed, 1 insertion(+)