From patchwork Tue Jun 30 21:01:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91438 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 407D6C44500 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31373.1782853466139901847 for ; Tue, 30 Jun 2026 14:04:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=sA0xKPwW; spf=pass (domain: gmail.com, ip: 209.85.210.54, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f54.google.com with SMTP id 46e09a7af769-7e6b554044fso4156002a34.0 for ; Tue, 30 Jun 2026 14:04:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853465; x=1783458265; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xl3IVP9TddPJCuo5/rwAQhd9obrBiL3lX9pHeA32ST4=; b=sA0xKPwWGXI49BOB/YrQJEW7j1Hek+wyGw+fsff9HImXVurwQRQggoZ7Iio1Ltxkzy uWCUXXTo4ERl4d7tQdELpjXJEEfoZyvz3BbnzGS9eMTrWM8IE3YmdDqicP31Y6e7Ur+7 kpFqgFdA41dGmCZW4YLb0wmdzP+dEgDgRTEivvsmc0aCzj9qoFwv4D+IzPu0UQUoY33U Zf4b8WIH7hsKQCSeKVMOH3Dox0ECfsavAMdOMKhhTOK1zfEBhrvztdCAOa36AWLIUvqy FtbWPiPlILATlJThSDadVZhk1B9I6eWvYpOGbV9B/QsimwUjbqWppE2VbzSjnyd30fiX CNhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853465; x=1783458265; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Xl3IVP9TddPJCuo5/rwAQhd9obrBiL3lX9pHeA32ST4=; b=m60bNP+87v/HVbaARdNjqvoLim0oMwgJcFibc4lwAZW5ma5HvmDhrO3RekF5dg8Sxd 5Yy2dZvLeu9MilfsUN0onpPHS/Fot3MxyCQVuBl9So4dw35ZUhFmUG/YluNpTA/AMIbH rPXCYEwCAO6BUmumup236yo+lINP1rCr+LtUMz8q9fArniGMZmqOOcE1vnzIz7F1J3lG dIvghVp1ay0T3QaMq7/duCXDtckTIgIeQd4o2dCWiKOC4EwDVL9mKfcKf1sx0a6Fk9Dk oGH8N4sPP5ighE9lm5dHDvWvL0kXoV16eWS5wDFPGlJyybQA69ZYnXb67u2wHbw1Ussq Acbg== X-Gm-Message-State: AOJu0YyD/5PK7gpujEeLl1+KACL8TOXOH4qW+glxwzn1kjnzqvRDPqCB RPbx2YEkQAKlQwaa4cLwUMtlLviDZim0bx90qcSobLspNWaKxRWK8MQRkpNY/Q== X-Gm-Gg: AfdE7ckORiUrBtDH7U2y5XI4DYuiGXqqSG2gbIWkA4uvMnHOPXNRprHsvIj5FgtVXm9 ojxFvtOsF98N1j+ufwi72p1zzj7m2e/4TXvuujPXqaJ5kxO9UjAoRmMFMn0Vu2iPiNfxK4Y/32Z dH5Tn/y1PkY/8iu5HekAdvB5HJLJE3FUr/vwfRyw1K0BbtMBppPpFZXJTmt/WlBXTlvgAQWTWP2 tB3zU5JG87JHY+ExLpbu1zXH/+YQ4IdXAK/EdDTxEe08H/RdfOe6LZHA4lOtpfAlBDBJILor9oP ouRVr84TE/JUfygoyJw2zou9SiTvFw4QZMM2lzt/IM+my/p12kqVZlox9wuZmJd8QzONysQsLKO w7ymHz16O0IHESwFml47xsXUBWGHF9R9DABQX2UPdfQbqN1DSTXAg5e61St1MorZJwCqUj3dLvU RN5d97Tk2X/vPJGnvP48fB X-Received: by 2002:a05:6830:264a:b0:7e9:c102:333d with SMTP id 46e09a7af769-7e9ec61500dmr4502734a34.9.1782853465190; Tue, 30 Jun 2026 14:04:25 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:24 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 01/10] spdx: Skip dependencies that are not in the taskhash Date: Tue, 30 Jun 2026 15:01:35 -0600 Message-ID: <20260630210422.1903245-2-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239916 If a dependency is not in the taskhash, it cannot be included in the SPDX data because the dependency may not trigger the recipe to rebuild if it changes (although aliases help with this), but more importantly bitbake may not restore the sstate object associated with the dependency which causes errors when constructing the final SBoM Signed-off-by: Joshua Watt --- meta/lib/oe/spdx30_tasks.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 79e18db11d..d747a9cf13 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -330,13 +330,14 @@ def collect_dep_objsets(d, direct_deps, subdir, fn_prefix, obj_type, **attr_filt dep_obj, dep_objset = oe.sbom30.find_root_obj_in_jsonld( d, subdir, fn_prefix + dep.pn, obj_type, **attr_filter ) - # If the dependency is part of the taskhash, return it to be linked - # against. Otherwise, it cannot be linked against because this recipe - # will not rebuilt if dependency changes - if dep.in_taskhash: - dep_objsets.append(dep_objset) + # If the dependency is not part of the task hash, do not include it + # since the dependency may not be present in subsequent runs, and may + # not rebuild if it changes + if not dep.in_taskhash: + bb.debug(1, f"Skipping dependency {dep.pn} (not in taskhash)") + continue - # The object _can_ be linked against (by alias) + dep_objsets.append(dep_objset) dep_objs.add(dep_obj) return dep_objsets, dep_objs From patchwork Tue Jun 30 21:01:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91441 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65017C44503 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.30998.1782853467092546545 for ; Tue, 30 Jun 2026 14:04:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=PAwXbtjZ; spf=pass (domain: gmail.com, ip: 209.85.210.44, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f44.google.com with SMTP id 46e09a7af769-7e9eaf04bfaso567536a34.1 for ; Tue, 30 Jun 2026 14:04:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853466; x=1783458266; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=AOloGMz7Wm/zD8DhN5ur3596ypS/zK5e+mmCbjdIkMA=; b=PAwXbtjZ6yuW5cVQGZU8ouqkFfQkIIapMgaYKKJDSLYz1CSEe0fmLmkiJMdz6gYYO3 UYw8DFTKaf6nqGeRZUnDZMFdM7fzFKq3sNr3gen2B6BJPAiL4Gb1NEtm2dB59NNCKkoW FgJtbjOWITk0uUlneDcmb24im8bJt5z8f8mnEzF1MthxX6yoW3TmYbRlDHs716r+QdMv RqLlkA6C4cTYtkEqTWW5DaFH2sHJ3d3cJ5L0MCiFMBs8Ie0nk2DQOj4cR5CuCEaMs3VF Pz8f+rnGG8ZDsupLxiAE5q6v2LBxUuXUJuez7zHvecHehCPQHawQ0VoBkosDSVXO664g s06w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853466; x=1783458266; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=AOloGMz7Wm/zD8DhN5ur3596ypS/zK5e+mmCbjdIkMA=; b=AdhGpWJrhqYhNhC2B3c5bRyFrDo4ga+wuecff7sOizAma9o49uioHrRGRuxvzg46Tl 9GBB2DA3U5z5Xff2VmkAWYfwOFt0Clt+CR10qnfMTFGfBAAcbFW/+/mCBoBBUsaeNSkL 4UT5zmCbI5f7J+emEUBhj91VyYYcqaQS5gG2mfS+z7dhLSkup8TOTsytDrgFryTBcQTr hev6xIZ/wjhwfT9IOIB8pI3uNq0pvx8bu81jR+OTpg0i5y2nJuvVxGJNEW6RR1DXgpsR PxNCu92YugKAEqAVEJ8IHeJZVOcC3W7lcsW59rUTAK/pCbX2llH1gBkSTakkjmkzJi5l apcw== X-Gm-Message-State: AOJu0Yzsk3PHkBBiVTANj00R+rvp8i50lSNMEKJXXI0n8Si9rkPUxA5I i2hSUZLZBuq95PQeSE5hg6PkMJWNKXxS23JiHQpvOVsX1aHFi56Y+pvY9H/jvw== X-Gm-Gg: AfdE7ckdKKXb+3XiTlGe2Tp056iTzvhapiMus/yWzypHCBVejYVfCHh2z+RKm0b1yJt 81XxAK/iQohr3s78YwgoMtqQhxY1mdmTeivA/zyJhzH8v7fI9OBPN9pYhEuFpNZ70kXM/98fphs uBpWj2mt3EKitIOdX7Na5HWYtFO7ddf73SiCv/DTEfcFCCwEgOVIC8rjtMGO/m0YeKk4A7N4OOe MQvzuDZVDJHJeHrnRYcb6ECgrlRDLttvktyVmIlQncFbKdGWalRmyMwOQzM79ocyrWNVLjFXksR aUqRH83OVgYXLZMnz8Kd85VcuLS55Hlbd+c1l0eRgcsQcnm5qyR1NcBmeJWE02jVBmt9R6g/D/C I7acROlVNbCLKXUwNLPQZq19gLcW4DNyZvvf4LC5CwVQJS+SEqE+3QcpplgOQUvjDqzBgthTmDT YjIMonDHRB/A== X-Received: by 2002:a05:6830:dc4:b0:7e9:eb13:d042 with SMTP id 46e09a7af769-7e9fc0e39f7mr1396799a34.8.1782853466019; Tue, 30 Jun 2026 14:04:26 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:25 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 02/10] spdx: Add ability for deploy tasks to create SPDX Date: Tue, 30 Jun 2026 15:01:36 -0600 Message-ID: <20260630210422.1903245-3-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239917 Adds support for "deploy" tasks (like do_deploy) to write out SPDX documents that describe what has been deployed. Deploy tasks will automatically detect many dependencies on other recipes; specifically they will correctly detect dependencies on any do_create_spdx task, and also other deploy tasks that generate SPDX output. The only known notable exception are transitive (e.g. originating from other upstream tasks) dependencies on do_image_complete, and do_populate_sysroot. However, these are detected if a direct dependency of the deploy task (via translation of the task dependencies). This same dependency finding algorithm is now applied to the image generation SBoM; this means that if an image creation task depends on a task that generates a deploy SBoM, it will show up in the dependency graph of the image. A typical example is a wic file that consumes the kernel, u-boot, etc. will now correctly list those as a dependency, as long as their do_deploy step is added to SPDX_DEPLOY_TASKS. Signed-off-by: Joshua Watt --- .../create-spdx-image-3.0.bbclass | 4 +- meta/classes-recipe/deploy.bbclass | 1 + meta/classes-recipe/nospdx.bbclass | 1 + meta/classes/create-spdx-3.0.bbclass | 176 +++++++++++ meta/classes/spdx-common.bbclass | 1 + meta/lib/oe/sbom30.py | 46 +-- meta/lib/oe/spdx30_tasks.py | 282 +++++++++++++++--- meta/lib/oe/spdx_common.py | 2 +- 8 files changed, 448 insertions(+), 65 deletions(-) diff --git a/meta/classes-recipe/create-spdx-image-3.0.bbclass b/meta/classes-recipe/create-spdx-image-3.0.bbclass index cf79ef5b01..b60cdd826f 100644 --- a/meta/classes-recipe/create-spdx-image-3.0.bbclass +++ b/meta/classes-recipe/create-spdx-image-3.0.bbclass @@ -30,7 +30,7 @@ python do_create_rootfs_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_rootfs_spdx(d) } -addtask do_create_rootfs_spdx after do_rootfs before do_image +addtask do_create_rootfs_spdx after do_rootfs do_create_recipe_spdx before do_image SSTATETASKS += "do_create_rootfs_spdx" do_create_rootfs_spdx[sstate-inputdirs] = "${SPDXROOTFSDEPLOY}" do_create_rootfs_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}" @@ -47,7 +47,7 @@ python do_create_image_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_image_spdx(d) } -addtask do_create_image_spdx after do_image_complete do_create_rootfs_spdx before do_build +addtask do_create_image_spdx after do_image_complete do_create_rootfs_spdx do_create_recipe_spdx before do_build SSTATETASKS += "do_create_image_spdx" SSTATE_SKIP_CREATION:task-create-image-spdx = "1" do_create_image_spdx[sstate-inputdirs] = "${SPDXIMAGEWORK}" diff --git a/meta/classes-recipe/deploy.bbclass b/meta/classes-recipe/deploy.bbclass index f56fe98d6d..f222a8560f 100644 --- a/meta/classes-recipe/deploy.bbclass +++ b/meta/classes-recipe/deploy.bbclass @@ -6,6 +6,7 @@ DEPLOYDIR = "${WORKDIR}/deploy-${PN}" SSTATETASKS += "do_deploy" +SPDX_DEPLOY_ARTIFACTS_DIR:task-deploy = "${DEPLOYDIR}" do_deploy[sstate-inputdirs] = "${DEPLOYDIR}" do_deploy[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" diff --git a/meta/classes-recipe/nospdx.bbclass b/meta/classes-recipe/nospdx.bbclass index 6ccb93ba01..723194da2d 100644 --- a/meta/classes-recipe/nospdx.bbclass +++ b/meta/classes-recipe/nospdx.bbclass @@ -12,3 +12,4 @@ deltask do_create_package_spdx deltask do_create_rootfs_spdx deltask do_create_image_spdx deltask do_create_image_sbom_spdx +deltask do_create_deploy_sbom diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 56fd01fd53..13d1de2774 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -163,6 +163,49 @@ SPDX_GIT_PURL_MAPPINGS[doc] = "A space separated list of domain:purl_type \ on gitlab.example.com to the pkg:gitlab PURL type. \ github.com is always mapped to pkg:github by default." +SPDX_DEPLOY_TASKS ?= "" +SPDX_DEPLOY_TASKS[doc] = "A space separated list of sstate tasks that produce \ + deployed output (usually written to DEPLOY_DIR_IMAGE). Tasks in this list \ + will produce SPDX documents that describe the deployed output. Items in \ + list have the format 'TASK(:FUNCTION)' where 'TASK' is the sstate task \ + (which must start with 'do_deploy'), and 'FUNCTION' is the optional \ + function to call to produce the deploy SPDX. If 'FUNCTION' is omitted \ + a default function is provided that uses SPDX_DEPLOY_ARTIFACTS and \ + SPDX_DEPLOY_ARTIFACTS_DIR to configure what deploy artifacts it describes \ + in the SPDX output.\ + \ + Dependencies of deploy tasks that produce SPDX data will be automatically \ + linked in as a build time dependency of the deploy task's SBoM. (for \ + example, if one do_deploy depends on another recipes do_deploy, this will \ + be reflected in the SPDX data)." + +SPDX_DEPLOY_SBOM ??= "1" +SPDX_DEPLOY_SBOM[doc] = "If '1' (the default) a task named \ + do_create_deploy_sbom will be created to automatically collect all deploy \ + SPDX documents (from SPDX_DEPLOY_TASKS) and combine them into a SBoM \ + which will be placed in DEPLOY_DIR_IMAGE. This task is added as a \ + dependency of do_build, so it will run whenever the recipe is built \ + directly. The name of the document can be set with SPDX_DEPLOY_SBOM_NAME. \ + If the recipe already has another task to create an SBoM, this should be \ + set to '0' to prevent multiple SBoMs from being created." + +SPDX_DEPLOY_SBOM_NAME ?= "${PN}-deploy-sbom" +SPDX_DEPLOY_SBOM_NAME[doc] = "The name of the output deploy SBoM when using \ + create_deploy_sbom" + +SPDX_DEPLOY_ARTIFACTS = "AUTO" +SPDX_DEPLOY_ARITFACTS[doc] = "A space separated list of deployed artifacts, \ + relative to SPDX_DEPLOY_ARTIFACTS_DIR that should be included in the SBoM. \ + If 'AUTO' (the default), all files in SPDX_DEPLOY_ARITFACTS_DIR will be \ + added. A :task- override *must* be used to set this value so that it is \ + scoped to a specific task" + +SPDX_DEPLOY_ARTIFACTS_DIR = "" +SPDX_DEPLOY_ARTIFACTS_DIR[doc] = "The directory recipe specific directory \ + where artifacts are deployed for staging to sstate (e.g. for do_deploy, \ + this is DEPLOY_DIR). A :task- override *must* be used to set this value so \ + that it is scoped to a specific task." + IMAGE_CLASSES:append = " create-spdx-image-3.0" SDK_CLASSES += "create-spdx-sdk-3.0" @@ -291,3 +334,136 @@ python spdx30_build_started_handler () { addhandler spdx30_build_started_handler spdx30_build_started_handler[eventmask] = "bb.event.BuildStarted" +python create_deploy_spdx() { + import oe.spdx30_tasks + from pathlib import Path + current_task = "do_" + d.getVar("BB_CURRENTTASK") + + spdxdeploydir = Path(d.getVar("SPDXDIR") + "/deploy-" + current_task) + + artifactsdir = d.getVar("SPDX_DEPLOY_ARTIFACTS_DIR") + if not artifactsdir: + bb.fatal(f"{pn}: spdx-artifactsdir must be set for task {current_task}") + return + + artifacts = d.getVar("SPDX_DEPLOY_ARTIFACTS") + + oe.spdx30_tasks.create_deploy_spdx(d, spdxdeploydir, artifactsdir, artifacts) +} +oe.spdx30_tasks.find_build_dep_objsets[vardepsexclude] += "BB_TASKDEPDATA" + +python () { + # Most recipes generate SPDX output in a distinct task from the task that + # actually is the relevant dependency. As such, we need to map the task + # that we care about to the task that generates the corresponding SPDX + # output so that we can rely on the SPDX output being present when the time + # comes to use it downstream. + # + # The down side of this is that only the first level of dependencies (e.g + # tasks listed in SPDX_DEPLOY_TASKS) will have the mapping done and thus + # find the dependencies. Transitive dependencies will not be mapped and + # thus the SPDX data will not be linked in. + # + # Ideally, this will be able to go away once more tasks directly generate + # SPDX files for their output instead of combining it into monolithic + # functions; tasks listed in this map are the best candidates to have this + # done first. + TASK_MAP = { + # If a task requires the RSS be extended, depend on the SPDX build task + # for the recipe, at least until it's possible for do_populate_sysroot + # to describe it's own output. + "do_populate_sysroot": "do_create_spdx", + # If an image is needed, also depend on the task to create the SBoM for + # the image + "do_image_complete": "do_create_image_spdx", + } + + def map_task_deps(task, flag): + task_flags= (d.getVarFlag(task, flag) or "").split() + for t in task_flags: + if t in TASK_MAP and TASK_MAP[t] not in task_flags: + d.appendVarFlag(task, flag, f" {TASK_MAP[t]}") + + def before_postfunc(f): + return f == "sstate_task_postfunc" or "buildhistory" in f + + if bb.data.inherits_class("nospdx", d): + return + + sstate_tasks = set((d.getVar("SSTATETASKS") or "").split()) + deploy_sbom_tasks = [] + for task in (d.getVar("SPDX_DEPLOY_TASKS") or "").split(): + if ":" in task: + task, func = task.split(":") + else: + func = "create_deploy_spdx" + + if not task.startswith("do_deploy") and not task == "do_image_complete": + bb.fatal(f"Task {task} is not allowed to deploy SPDX data. Must start with 'do_deploy'") + + deploy_sbom_tasks.append(task) + + if task not in sstate_tasks: + bb.fatal(f"{task} is not an sstate task") + + spdx_deploy = "${SPDXDIR}/deploy-" + task + + # Ensure function is sorted properly. It should be right before + # sstate_task_postfunc + postfuncs = (d.getVarFlag(task, "postfuncs") or "").split() + d.setVarFlag(task, "postfuncs", " ".join( + [f for f in postfuncs if not before_postfunc(f)] + + [func] + + [f for f in postfuncs if before_postfunc(f)] + )) + d.prependVarFlag(task, "sstate-inputdirs", f"{spdx_deploy} ") + d.prependVarFlag(task, "sstate-outputdirs", "${DEPLOY_DIR_SPDX} ") + d.prependVarFlag(task, "file-checksums", "${SPDX3_DEP_FILES} ") + d.prependVarFlag(task, "dirs", f"{spdx_deploy} ") + d.prependVarFlag(task, "cleandirs", f"{spdx_deploy} ") + + deps = (d.getVarFlag(task, "depends") or "").split() + extra_deps = ["${PN}:do_create_recipe_spdx", "${PN}:do_create_spdx"] + for dep in deps: + _, fn, taskname = bb.runqueue.split_tid(dep) + if taskname in TASK_MAP: + extra_deps.append(f"{fn}:{TASK_MAP[taskname]}") + + d.prependVarFlag(task, "depends", " ".join(extra_deps) + " ") + + map_task_deps(task, "deptask") + map_task_deps(task, "rdeptask") + map_task_deps(task, "recrdeptask") + + # For now, if a recipe is directly built, deploy all of it's deploy tasks + # into a single SBoM. We may need an option in the future to have tasks + # that don't do this (e.g. because they do not deploy to a location that is + # intended to be consumed by the user) + if deploy_sbom_tasks and (d.getVar("SPDX_DEPLOY_SBOM") or "") == "1": + bb.build.addtask("do_create_deploy_sbom", "do_build", " ".join(deploy_sbom_tasks), d) +} + +python do_create_deploy_sbom() { + import oe.spdx30_tasks + from pathlib import Path + deploydir = Path(d.getVar("SPDXDEPLOYSBOMDEPLOY")) + deploy_tasks = [] + for task in (d.getVar("SPDX_DEPLOY_TASKS") or "").split(): + if ":" in task: + task, _ = task.split(":") + deploy_tasks.append(task) + + oe.spdx30_tasks.create_deploy_sbom(d, deploydir, deploy_tasks) +} +do_create_deploy_sbom[sstate-inputdirs] = "${SPDXDEPLOYSBOMDEPLOY}" +do_create_deploy_sbom[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_create_deploy_sbom[recrdeptask] += "do_create_recipe_spdx do_create_spdx" +do_create_deploy_sbom[cleandirs] += "${SPDXDEPLOYSBOMDEPLOY}" +do_create_deploy_sbom[file-checksums] += "${SPDX3_DEP_FILES}" + +SSTATETASKS += "do_create_deploy_sbom" +python do_create_deploy_sbom_setscene() { + sstate_setscene(d) +} +addtask do_create_deploy_sbom_setscene +SSTATE_SKIP_CREATION:task-create-deploy-sbom = "1" diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index 40701730a6..bca169670d 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -26,6 +26,7 @@ SPDX_TOOL_VERSION ??= "1.0" SPDXRECIPEDEPLOY = "${SPDXDIR}/recipe-deploy" SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" SPDXRECIPESBOMDEPLOY = "${SPDXDIR}/recipes-bom-deploy" +SPDXDEPLOYSBOMDEPLOY = "${SPDXDIR}/deploy-bom-deploy" SPDX_INCLUDE_SOURCES ??= "0" SPDX_INCLUDE_SOURCES[doc] = "If set to '1', include source code files in the \ diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py index 0926266295..16f42f41d6 100644 --- a/meta/lib/oe/sbom30.py +++ b/meta/lib/oe/sbom30.py @@ -1048,6 +1048,25 @@ def write_jsonld_doc(d, objset, dest): objset.objects.remove(objset.doc) +def make_jsonld_link(d, fn, subdir, name, deploydir): + pkg_arch = d.getVar("SSTATE_PKGARCH") + + link_name = jsonld_arch_path( + d, + pkg_arch, + subdir, + name, + deploydir=deploydir, + ) + try: + link_name.parent.mkdir(exist_ok=True, parents=True) + link_name.symlink_to(os.path.relpath(fn, link_name.parent)) + except: + target = link_name.readlink() + bb.warn(f"Unable to link {fn} as {link_name}. Already points to {target}") + raise + + def write_recipe_jsonld_doc( d, objset, @@ -1055,6 +1074,7 @@ def write_recipe_jsonld_doc( deploydir, *, create_spdx_id_links=True, + create_task_link=False, ): pkg_arch = d.getVar("SSTATE_PKGARCH") @@ -1062,23 +1082,7 @@ def write_recipe_jsonld_doc( def link_id(_id): hash_path = jsonld_hash_path(hash_id(_id)) - - link_name = jsonld_arch_path( - d, - pkg_arch, - *hash_path, - deploydir=deploydir, - ) - try: - link_name.parent.mkdir(exist_ok=True, parents=True) - link_name.symlink_to(os.path.relpath(dest, link_name.parent)) - except: - target = link_name.readlink() - bb.warn( - f"Unable to link {_id} in {dest} as {link_name}. Already points to {target}" - ) - raise - + make_jsonld_link(d, dest, *hash_path, deploydir) return hash_path[-1] objset.add_aliases() @@ -1094,6 +1098,14 @@ def write_recipe_jsonld_doc( # out, so always do that even if there is an error making the links write_jsonld_doc(d, objset, dest) + if create_task_link: + pn = d.getVar("PN") + current_task = "do_" + d.getVar("BB_CURRENTTASK") + + make_jsonld_link(d, dest, "by-task", f"{pn}:{current_task}", deploydir) + + return dest + def find_root_obj_in_jsonld(d, subdir, fn_name, obj_type, **attr_filter): objset, fn = find_jsonld(d, subdir, fn_name, required=True) diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index d747a9cf13..676eb09888 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -615,6 +615,135 @@ def get_is_native(d): return bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d) +def set_var_field(d, var, obj, name, package=None): + val = None + if package: + val = d.getVar("%s:%s" % (var, package)) + + if not val: + val = d.getVar(var) + + if val: + setattr(obj, name, val) + + +def find_build_dep_objsets(d, start_task): + def find_deps(d, taskdepdata, current_dep, start_dep, visited, depth=0): + key = f"{current_dep.pn}:{current_dep.taskname}" + + dep_objsets = [] + + if key not in visited: + visited.add(key) + + for n in current_dep.deps: + dep = taskdepdata[n] + dep_name = f"{dep.pn}:{dep.taskname}" + + dep_objset, dep_path = oe.sbom30.find_jsonld(d, "by-task", dep_name) + if dep_objset: + dep_objsets.append(dep_objset) + + elif dep.pn == start_dep.pn: + # If this task is still part of the same recipe, continue + # searching up the dependency tree until a valid dependency + # is found. This detects transitive dependencies that may + # have been pulled in by previous tasks in the same recipe. + dep_objsets.extend( + find_deps(d, taskdepdata, dep, start_dep, visited, depth + 1) + ) + + return dep_objsets + + pn = d.getVar("PN") + taskdepdata = d.getVar("BB_TASKDEPDATA", False) + for dep in taskdepdata.values(): + if dep.pn == pn and dep.taskname == start_task: + start_dep = dep + break + else: + bb.fatal(f"Unable to find {pn}:{start_task} in taskdepdata") + + return find_deps(d, taskdepdata, start_dep, start_dep, set()) + + +def create_deploy_package(d, objset, build, spdxid, name, start_task, files, **attrs): + recipe, _ = load_recipe_spdx(d) + + deploy_package = objset.add_root( + oe.spdx30.software_Package( + _id=spdxid, + creationInfo=objset.doc.creationInfo, + name=name, + software_packageVersion=d.getVar("PV"), + ) + ) + + objset.new_scoped_relationship( + [oe.sbom30.get_element_link_id(recipe)], + oe.spdx30.RelationshipType.generates, + oe.spdx30.LifecycleScopeType.build, + [deploy_package], + ) + + set_var_field(d, "HOMEPAGE", deploy_package, "software_homePage") + set_var_field(d, "SUMMARY", deploy_package, "summary") + set_var_field(d, "DESCRIPTION", deploy_package, "description") + + set_purls(deploy_package, (d.getVar("SPDX_PACKAGE_URLS") or "").split()) + + set_timestamp_now(d, deploy_package, "builtTime") + + supplier = objset.new_agent("SPDX_PACKAGE_SUPPLIER") + if supplier is not None: + deploy_package.suppliedBy = ( + supplier if isinstance(supplier, str) else supplier._id + ) + + if files: + objset.new_relationship( + [deploy_package], + oe.spdx30.RelationshipType.contains, + sorted(list(files)), + ) + + objset.new_scoped_relationship( + [build], + oe.spdx30.RelationshipType.hasOutput, + oe.spdx30.LifecycleScopeType.build, + sorted(list(files) + [deploy_package]), + ) + + # Collect dependencies + if start_task is not None: + dep_builds = set() + dep_packages = set() + for o in find_build_dep_objsets(d, start_task): + if obj := o.find_root(oe.spdx30.software_Package): + dep_packages.add(oe.sbom30.get_element_link_id(obj)) + + if obj := o.find_root(oe.spdx30.build_Build): + dep_builds.add(oe.sbom30.get_element_link_id(obj)) + + if dep_packages: + objset.new_scoped_relationship( + [deploy_package], + oe.spdx30.RelationshipType.dependsOn, + oe.spdx30.LifecycleScopeType.build, + sorted(list(dep_packages)), + ) + + if dep_builds: + objset.new_scoped_relationship( + [build], + oe.spdx30.RelationshipType.dependsOn, + oe.spdx30.LifecycleScopeType.build, + sorted(list(dep_builds)), + ) + + return deploy_package + + def create_recipe_spdx(d): deploydir = Path(d.getVar("SPDXRECIPEDEPLOY")) pn = d.getVar("PN") @@ -807,7 +936,9 @@ def create_recipe_spdx(d): sorted(list(all_cves)), ) - oe.sbom30.write_recipe_jsonld_doc(d, recipe_objset, "static", deploydir) + oe.sbom30.write_recipe_jsonld_doc( + d, recipe_objset, "static", deploydir, create_task_link=True + ) def load_recipe_spdx(d): @@ -821,17 +952,6 @@ def load_recipe_spdx(d): def create_spdx(d): - def set_var_field(var, obj, name, package=None): - val = None - if package: - val = d.getVar("%s:%s" % (var, package)) - - if not val: - val = d.getVar(var) - - if val: - setattr(obj, name, val) - license_data = oe.spdx_common.load_spdx_license_data(d) pn = d.getVar("PN") @@ -954,10 +1074,12 @@ def create_spdx(d): ) set_var_field( - "HOMEPAGE", spdx_package, "software_homePage", package=package + d, "HOMEPAGE", spdx_package, "software_homePage", package=package + ) + set_var_field(d, "SUMMARY", spdx_package, "summary", package=package) + set_var_field( + d, "DESCRIPTION", spdx_package, "description", package=package ) - set_var_field("SUMMARY", spdx_package, "summary", package=package) - set_var_field("DESCRIPTION", spdx_package, "description", package=package) purls = ( d.getVar("SPDX_PACKAGE_URLS:%s" % package) @@ -1137,7 +1259,9 @@ def create_spdx(d): f"Added PACKAGECONFIG entries: {len(enabled)} enabled, {len(disabled)} disabled" ) - oe.sbom30.write_recipe_jsonld_doc(d, build_objset, "builds", deploydir) + oe.sbom30.write_recipe_jsonld_doc( + d, build_objset, "builds", deploydir, create_task_link=True + ) def create_package_spdx(d): @@ -1371,26 +1495,9 @@ def create_rootfs_spdx(d): d, "%s-%s-rootfs" % (image_basename, machine) ) - rootfs = objset.add_root( - oe.spdx30.software_Package( - _id=objset.new_spdxid("rootfs", image_basename), - creationInfo=objset.doc.creationInfo, - name=image_basename, - software_primaryPurpose=oe.spdx30.software_SoftwarePurpose.archive, - ) - ) - set_timestamp_now(d, rootfs, "builtTime") - rootfs_build = objset.add_root(objset.new_task_build("rootfs", "rootfs")) set_timestamp_now(d, rootfs_build, "build_buildEndTime") - objset.new_scoped_relationship( - [rootfs_build], - oe.spdx30.RelationshipType.hasOutput, - oe.spdx30.LifecycleScopeType.build, - [rootfs], - ) - files_by_hash = {} collect_build_package_inputs(d, objset, rootfs_build, packages, files_by_hash) @@ -1423,14 +1530,20 @@ def create_rootfs_spdx(d): ) ) - if files: - objset.new_relationship( - [rootfs], - oe.spdx30.RelationshipType.contains, - sorted(list(files)), - ) + rootfs = create_deploy_package( + d, + objset, + rootfs_build, + objset.new_spdxid("rootfs", image_basename), + image_basename, + None, + files, + ) + rootfs.software_primaryPurpose = oe.spdx30.software_SoftwarePurpose.archive - oe.sbom30.write_recipe_jsonld_doc(d, objset, "rootfs", deploydir) + oe.sbom30.write_recipe_jsonld_doc( + d, objset, "rootfs", deploydir, create_task_link=True + ) def create_image_spdx(d): @@ -1510,10 +1623,13 @@ def create_image_spdx(d): set_timestamp_now(d, a, "builtTime") if artifacts: - objset.new_scoped_relationship( - [image_build], - oe.spdx30.RelationshipType.hasOutput, - oe.spdx30.LifecycleScopeType.build, + create_deploy_package( + d, + objset, + image_build, + objset.new_spdxid(taskname, "image", imagetype), + "image", + f"do_{taskname}", artifacts, ) @@ -1534,7 +1650,9 @@ def create_image_spdx(d): objset.add_aliases() objset.link() - oe.sbom30.write_recipe_jsonld_doc(d, objset, "image", spdx_work_dir) + oe.sbom30.write_recipe_jsonld_doc( + d, objset, "image", spdx_work_dir, create_task_link=True + ) def create_image_sbom_spdx(d): @@ -1712,3 +1830,77 @@ def create_recipe_sbom(d, deploydir): objset, sbom = oe.sbom30.create_sbom(d, sbom_name, [recipe], [recipe_objset]) oe.sbom30.write_jsonld_doc(d, objset, deploydir / (sbom_name + ".spdx.json")) + + +def create_deploy_spdx(d, spdxdeploydir, artifactsdir, artifacts): + pn = d.getVar("PN") + current_task = "do_" + d.getVar("BB_CURRENTTASK") + + recipe, recipe_objset = load_recipe_spdx(d) + + if artifacts == "AUTO": + artifacts = [] + for root, dirs, files in os.walk(artifactsdir): + for p in [Path(os.path.join(root, f)) for f in files]: + if p.is_file(): + artifacts.append(p) + else: + artifacts = [artifactsdir / p for p in artifacts.split()] + + artifacts.sort(key=lambda p: (p.is_symlink(), p)) + + objset = oe.sbom30.ObjectSet.new_objset(d, f"{pn}-{current_task}-deploy") + + build = objset.add_root(objset.new_task_build(current_task, "deploy")) + set_timestamp_now(d, build, "build_buildEndTime") + objset.set_is_native(get_is_native(d)) + + files = set() + for a in artifacts: + relpath = a.relative_to(artifactsdir) + f = objset.new_file( + objset.new_spdxid("deploy", str(relpath)), + a.name, + a, + ) + files.add(f) + + if not files: + bb.fatal(f"No deployed artifacts found in {artifactsdir}") + return + + create_deploy_package( + d, + objset, + build, + objset.new_spdxid("deploy", pn, current_task), + pn, + current_task, + files, + ) + + # Create document + dest = oe.sbom30.write_recipe_jsonld_doc( + d, + objset, + "deploy", + spdxdeploydir, + create_task_link=True, + ) + + +def create_deploy_sbom(d, deploydir, deploy_tasks): + pn = d.getVar("PN") + sbom_name = d.getVar("SPDX_DEPLOY_SBOM_NAME") + + objsets = [] + for t in deploy_tasks: + o, _ = oe.sbom30.find_jsonld(d, "deploy", f"{pn}-{t}-deploy", required=True) + objsets.append(o) + + root_objs = [] + for o in objsets: + root_objs.extend(o.doc.rootElement) + + objset, sbom = oe.sbom30.create_sbom(d, sbom_name, root_objs, objsets) + oe.sbom30.write_jsonld_doc(d, objset, deploydir / (sbom_name + ".spdx.json")) diff --git a/meta/lib/oe/spdx_common.py b/meta/lib/oe/spdx_common.py index 6b1a409c40..0337d1deb5 100644 --- a/meta/lib/oe/spdx_common.py +++ b/meta/lib/oe/spdx_common.py @@ -113,7 +113,7 @@ def collect_direct_deps(d, dep_task): ) for this_dep in taskdepdata.values(): - if this_dep[0] == pn and this_dep[1] == current_task: + if this_dep.pn == pn and this_dep.taskname == current_task: break else: bb.fatal(f"Unable to find this {pn}:{current_task} in taskdepdata") From patchwork Tue Jun 30 21:01:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91442 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89F56C44507 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.30999.1782853467593782486 for ; Tue, 30 Jun 2026 14:04:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=MMzWDapo; spf=pass (domain: gmail.com, ip: 209.85.210.42, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f42.google.com with SMTP id 46e09a7af769-7e9fa42f08cso553363a34.1 for ; Tue, 30 Jun 2026 14:04:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853467; x=1783458267; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9Z2EPDVyBQGcOUVHtdSyMrcOgnpxSNgURZL34IR3pSk=; b=MMzWDapoYAWL2W7G1kpPhRhAZTN3CDhpZNE1wkLRwVDywZXB4zIo+u+3lTBTvoYszK 4qEyOZSfXnVaUbq/JOaZdik7iVpZ5JqL7zu6BWKeojV1b8S/z4OkRLQJhwudep6JQOUP D/N4D9HMivZ/tUMwj+sktfAp9rMm2GHzPe+SA4X9CMwqxF0XyNMdc9/7l03fmOFmkBfc GyiM4N8IpoK0Hvo/s3kSk5CHl8MMraDDxPArbn76TxfWr/9BZPGoKNnC2mfK0M9e4YNO WoJ0bKhU0LPglkN0VnU5EtkZXQ4WLZDMNNjZyumN0dcTG6NXj1ivLdPavBydik/7X620 8+uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853467; x=1783458267; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=9Z2EPDVyBQGcOUVHtdSyMrcOgnpxSNgURZL34IR3pSk=; b=roj9KklfZJaztn6Bn51KcMpUAPNmHlx4P9s8lueNcHGRwVvbFtrmkzm3yPq+Hdwsr4 vMcPWE5MVPbuhXVIvxr2nHzqzSGUDxOtCDGLVgVb4y+Y8j8fbxEGUNRs0pony8pxywF+ ztuMCHrmMK2sR3GU2fetg/oj4DAl/FQBH0tCDic8IY2P2yHl6TvDXUAokT6uwsdPTH+L RwnmFYzu+tjXKe6q8w/oGvqSZhbmqpKp5WvzsywcECNe8FPoNEpcIgOGVWkplRhJOJ9r uxJrzd0Q2+Uq2JAPtoqo0Avn4UG5IIaQQ+HM9VAtzTjkv1qBNrj2XmQJqoFEOPz1ejXg +vAQ== X-Gm-Message-State: AOJu0YyMxrkUk7D02L85vkU2l0k+wM1jrNAlssB++76p/nDtVZwqRsih mnWC1pmOjKDJ+uwsW/LAsgbRqU9nMlvrwH3BgJ3P890ARsX/AN+/irQkeOa5gg== X-Gm-Gg: AfdE7cn8d0KSFkwyes5Ju8r5l3AAkKde3BnM0Tk09LPaTAIp9dkXCgln9lpcXH6b6xI z70EiwDzkUcBd1AwraPZJ2BDXMjU1fjcobkJQBrG9zOkjabyjoHNw5FjA4HeOvMru7rZgk+Czpn LvuFRh6oVDl2YfhD6A9x/kMXyOeSfwYzFV4fhE4h0g53wFmThJZImSH26BEP96vgjxv2eXjLwk9 pytBr5SCUxmKidmMH1qqqC63RMluBOoWJK3hElmgEne/Bm4qTfGxWzwBNa4bxhemacxnSG96c4w Ts+GqS3vPQijCyFDXo7ib2N5y8kLfTwa/62W8ndW7IIItDK2ePPLGaOxBvoa1MQd2j61Q7sTZIX yWQMP83r3j8aNVt66o0XU739PJDBG0x2T6exFxHDxystu19P7OlYOUrHaIoyfks1DKnkHOauvM1 5C5vXjffGNVA== X-Received: by 2002:a05:6830:3c84:b0:7e9:e808:e9c1 with SMTP id 46e09a7af769-7e9ec620de9mr4111857a34.8.1782853466743; Tue, 30 Jun 2026 14:04:26 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:26 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 03/10] oeqa: Add SPDX deploy SBoM test Date: Tue, 30 Jun 2026 15:01:37 -0600 Message-ID: <20260630210422.1903245-4-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239918 Adds a test that verifies that the deploy SBoM is created correctly Signed-off-by: Joshua Watt --- meta/lib/oeqa/selftest/cases/spdx.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py index 8285189382..af2a9dc236 100644 --- a/meta/lib/oeqa/selftest/cases/spdx.py +++ b/meta/lib/oeqa/selftest/cases/spdx.py @@ -443,3 +443,14 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase): r'\d', f"Version '{version}' for package '{name}' should contain digits" ) + + def test_deploy_sbom(self): + kernel_recipe = get_bb_var("PREFERRED_PROVIDER_virtual/kernel") + + objset = self.check_recipe_spdx( + "virtual/kernel", + f"{{DEPLOY_DIR_IMAGE}}/{kernel_recipe}-deploy-sbom.spdx.json", + ) + + # Document should be fully linked + self.check_objset_missing_ids(objset) From patchwork Tue Jun 30 21:01:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91439 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5949BC44501 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31374.1782853468338618631 for ; Tue, 30 Jun 2026 14:04:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=kluz1UyR; spf=pass (domain: gmail.com, ip: 209.85.210.49, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f49.google.com with SMTP id 46e09a7af769-7e93cd4e64bso3734877a34.2 for ; Tue, 30 Jun 2026 14:04:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853467; x=1783458267; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2tZbtQ9Kak64LuP8YK6BtHiCqVZb9HgkqaLZ/peLdzM=; b=kluz1UyRq6BlMybcf0cG3g2Nc/j3x3N8GG+dQaIUWSebLMJ7a0xbxPZ6ViW1KzgpDV KQtxPvNrPWwjRP/9p09L15oH2Nb2Mk37hwJodBrHHgchvkBZG8QKDMc58xQiEjvmfJQQ 1ik0AbtgZEeleZM7Jt7Mcy00XMHjLQqwncN4uBvf5aeJJscjJMqKoh96X8dovND1h5Mb q7hH8e44ljsYUREzjtz1Iu3Qw0dNDtBPeI7wnKOdIsvNq7VVaeFO3e4o+MKBqkdKFd13 Bl4EcgBcKudpmj8P+BIZ8OsPt6I4N/Zk5x2aj/csVfGpwBMpA8NuvhiV3LB+mctyF+Zg OuIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853467; x=1783458267; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=2tZbtQ9Kak64LuP8YK6BtHiCqVZb9HgkqaLZ/peLdzM=; b=KYOsZDL7kylUu9kwveAwOwvsZmPoPGEJujLHBSVWtc0oNMTJqoRDp3BilvyGGY6jo4 1ZLxBubRu/JIexdSkFU/CkVYHWGzCnxE8SUguvqQFMCDjkv10gqP3NHS6nXMRbU8Gq8q MoFgaV1VCjvjZuAc5leCFhBuaxOZafrvdMUHGlAywDfOTZbxL9mK4mRt9pEM/J5WO8CY 3CN8x/R+yYVyvECxIRGi6BTB0D155kbKJNReT49TYVYgKfZp5WwQ+/aC5xhzvOE7hXii M9ujJZUVqArozyx2Kds4GLsHsj7Y5sNMpilz3lJUOxXbf6xScCxkgPMNue+n5HYCmiTS 2JjQ== X-Gm-Message-State: AOJu0YzchX41D2S5rgIeYV6v443fgnbkcYx1sJ8bXyKPr2zsSHP3RVel uDPys4Q2w8kfrgdYKuRkxFTMGMJs/sfc79APoifMa7GwBsqx8/U9zLXENHDU9w== X-Gm-Gg: AfdE7cmWj4PyJF2b3swrgArEaxuM6lD0xwA9/GBmwsQHgwLtsZKgau5wGOBOaYlBJB+ z7euI3ZSDIF8zJw0OSypTtnr17z4yU15hqscCiNH/dGBMpMccABZDqkfq5Xv/J/R9Js6ChxERCA jXjWsLksfsqJmIbl22O0JlZfNx49/w3ku9aT0Ul5ICXRaBjj5lHzDSGQvgUL7UNAl3I8fWm/L/0 se+1mwwFM14KzzVpucAdiOfeTJU2tbPolpk9NMo2Vhw5OEKw9oOdP7vNm1llKBnqZRN30yqtw3+ b4OIzFMNGM4l6E2JDkRxCi5mO57d9zf4oxfmw08j5r41/SqqNJlKLuHGWM4mwRxM7yN1bLIdxRH aNxbtELwHho0zh/Vjy1rFk/7vztGFwbTG+qWA8YL37qBCTXgj7fJwqN7GK4AahUdZQokDA5JcoU FG2kK4cNial3ttfWnfcFV4 X-Received: by 2002:a05:6830:dc2:b0:7d7:d524:bc88 with SMTP id 46e09a7af769-7e9ec6152ebmr4261891a34.10.1782853467393; Tue, 30 Jun 2026 14:04:27 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:27 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 04/10] classes-global/sstate: Keep SPDX generating setscene dependencies Date: Tue, 30 Jun 2026 15:01:38 -0600 Message-ID: <20260630210422.1903245-5-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239919 Tasks that create SPDX documents can reference SPDX ids from documents created by any task they depend on. When it comes time to create the final SBoM, these referenced SPDX ids must be present so that they can be merged into the SBoM. Specifically, when a task that restores from sstate (a setscene task) is one that can create an SPDX document, and that task is depended on by at least one other task that can create an SPDX document, it must always be restored. Signed-off-by: Joshua Watt --- meta/classes-global/sstate.bbclass | 38 ++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass index 4ad71a70da..4d744a887b 100644 --- a/meta/classes-global/sstate.bbclass +++ b/meta/classes-global/sstate.bbclass @@ -1119,11 +1119,28 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): logit("Considering setscene task: %s" % (str(taskdependees[task])), log) - directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_create_spdx", "do_create_recipe_spdx", "do_deploy_archives"] + directtasks = ["do_populate_lic", "do_deploy_source_date_epoch", "do_shared_workdir", "do_stash_locale", "do_gcc_stash_builddir", "do_deploy_archives"] + + # SPDX tasks are only needed if depended on directly, unless they are + # needed by another task that is creating SPDX documents + SPDX_TASKS = {"do_create_spdx", "do_create_recipe_spdx", "do_create_package_spdx"} def isNativeCross(x): return x.endswith("-native") or "-cross-" in x or "-crosssdk" in x or x.endswith("-cross") + def isSpdxTask(key): + taskname = taskdependees[key][1] + # Tasks that start with "do_deploy" might be included in + # SPDX_DEPLOY_TASKS and should be kept + if taskname.startswith("do_deploy"): + return True + + # Tasks that are don't start with do_deploy, but still deploy SPDX data + if taskname in {"do_image_complete", "do_populate_sdk", "do_populate_sdk_ext"}: + return True + + return taskname in SPDX_TASKS + # We only need to trigger deploy_source_date_epoch through direct dependencies if taskdependees[task][1] in directtasks: return True @@ -1136,6 +1153,8 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): return False return True + spdx_deps = [] + for dep in taskdependees: logit(" considering dependency: %s" % (str(taskdependees[dep])), log) if task == dep: @@ -1192,12 +1211,27 @@ def setscene_depvalid(task, taskdependees, notneeded, d, log=None): # Target populate_sysroot need their dependencies return False - if taskdependees[dep][1] in directtasks: + # Collect dependees that create SPDX documents + if isSpdxTask(dep): + spdx_deps.append(dep) + continue + + if taskdependees[dep][1] in directtasks or taskdependees[dep][1] in SPDX_TASKS: continue # Safe fallthrough default logit(" Default setscene dependency fall through due to dependency: %s" % (str(taskdependees[dep])), log) return False + + # SPDX generating tasks can refer to the SPDXID from the SPDX output of + # their dependencies. Therefore if the current task can generate SPDX and + # is depended on by another SPDX generating task, it must be kept so that + # the IDs can be correctly resolved when merging SPDX output into a + # complete SBoM + if spdx_deps and isSpdxTask(task): + logit(f"Keeping SPDX task {taskdependees[task]} needed by SPDX task(s) {', '.join(str(taskdependees[k]) for k in spdx_deps)}", log) + return False + return True addhandler sstate_eventhandler From patchwork Tue Jun 30 21:01:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91443 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD40DC44508 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f45.google.com (mail-ot1-f45.google.com [209.85.210.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31375.1782853469077652625 for ; Tue, 30 Jun 2026 14:04:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=dfUCNGJb; spf=pass (domain: gmail.com, ip: 209.85.210.45, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f45.google.com with SMTP id 46e09a7af769-7e94c26f9e0so2101146a34.1 for ; Tue, 30 Jun 2026 14:04:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853468; x=1783458268; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=waIApA8CKoqWc6fn9yVioceYwa5ih4oqavBz9ivHhtQ=; b=dfUCNGJbLajohNrGkTYWzA5Ii34ttH+z3jgu6iW4iNHRhNdMzLJOB8tj+QCxvFlA5U 17Bx2mCbivDlNuuV+mTWUdRGfnLRVXzbiT3iMPwn+vYMziqWtu8AUFoF4nliyeMfvvfk gDQOxcW3FF7BzxDHe2s9egfPk3upEjmws5G8ZnM/2V/cb2p9D+7VwD3fEQ1Cbyde+f04 zbT9qMb3rGWSgczHdaR4F6l7XOCjVvIPmZkvXecHkEiwv4r1E/6sZfruYK0wNP+FQ2Q0 EbiIVFIgCnDrR800cnV8zC9O8qhu5QU+s6oPzF9ElokJy3TTRc3Kau90G2qemDXsZ0vM NVxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853468; x=1783458268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=waIApA8CKoqWc6fn9yVioceYwa5ih4oqavBz9ivHhtQ=; b=DRHPwxL8PxIytAYa5rsFiDVMXak93cK9IaaejM0UZ+IWEw+x5D0rYCaCYR4dy0Oj2C Uj7zBUUmc3MAQGI0StBo5MA10wGzmQLGxQ59fqrRCer3GuDK2j+2OnOSM6GkiNbE4aEL 9Q2z+QtQLl/oxRe+6ROcSpALJsyuei9p53a2Ih9IBfMO60v7UNeWXHeP7XpjDWM8f4i+ vTCKBWdKBI/h2CNtKt8VdYMF7rMM6yFz+oh0+GDCnBJdPuxjDKzSfFmX/I+y4AgnroAG DHt2noA515BKb22aV7RL3UpMj+3J4Vp5WvCUUnxBVcFQd+/uLts7AmZPpnn6lK6dTGHZ kCkg== X-Gm-Message-State: AOJu0YyjlmZuiNeCwoXLnu9hR4+g41ZAmjWPdK3QP60BblUDbXi7WwQh 621pnQH5oa4aw0F/iv0rL8JZ8qEDHow9tTpwOiJVpK/h0MPj07iJcyG4qjWYlA== X-Gm-Gg: AfdE7cnDQRui7hQRIdB28tRiAbj43lsaIp02MrnLd08yClbvK3BBotJg9lGloMG+BDd m2YAy3vSqnG+1S25yI0CkwdGMUgRdUGRgmJ/tc3ryhltidch5YUTBcWkhybxYCTzxD6HD4Q+mXV BUHRRGdfusPVZULdcTxuqFnfYKRwmqDwuHlhWATQbUbfgDeotLbV+bzeAMseYtxzwntq6uIydWZ Zvi/o7d1vHI+s82kfPjtkEn+6SenfTXUT41YxazWSYdJbeA0xkQ+WbSa7Aa7fOk1K86SpKk/IwG veixrnP41c8EYKmKiP+XitIHR35DiswekCofxpyfv0YWT0biJsUD+r79vRC007BDwx+ksAwbLkk 7rslhq43dDgUSF0o0seZoq+bFfoKD+BVvFmsCemgqu8ZVhDyKx5DojVTwrRlgH/mwR2U6sVHnt2 Eh3SQcoupEDvEfzy+nCHjE X-Received: by 2002:a05:6830:411e:b0:7e6:d384:459e with SMTP id 46e09a7af769-7e9ec587146mr4355613a34.3.1782853468153; Tue, 30 Jun 2026 14:04:28 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:27 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 05/10] Add SPDX deploy tasks to various recipes Date: Tue, 30 Jun 2026 15:01:39 -0600 Message-ID: <20260630210422.1903245-6-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239920 Adds SPDX deploy tasks to many recipes to record their output when consumed in an SBoM Signed-off-by: Joshua Watt --- meta/classes-recipe/barebox.bbclass | 1 + meta/classes-recipe/devicetree.bbclass | 1 + meta/classes-recipe/kernel-fit-image.bbclass | 1 + meta/classes-recipe/kernel.bbclass | 1 + meta/recipes-bsp/grub/grub-efi_2.14.bb | 1 + meta/recipes-bsp/opensbi/opensbi_1.8.1.bb | 1 + meta/recipes-bsp/u-boot/u-boot.inc | 1 + meta/recipes-core/systemd/systemd-boot_259.5.bb | 2 +- 8 files changed, 8 insertions(+), 1 deletion(-) diff --git a/meta/classes-recipe/barebox.bbclass b/meta/classes-recipe/barebox.bbclass index 2411fb5caa..60437c1ad1 100644 --- a/meta/classes-recipe/barebox.bbclass +++ b/meta/classes-recipe/barebox.bbclass @@ -158,5 +158,6 @@ barebox_do_deploy () { fi } addtask deploy after do_compile +SPDX_DEPLOY_TASKS += "do_deploy" EXPORT_FUNCTIONS do_configure do_compile do_install do_deploy diff --git a/meta/classes-recipe/devicetree.bbclass b/meta/classes-recipe/devicetree.bbclass index ce9d008aac..35c2499bdb 100644 --- a/meta/classes-recipe/devicetree.bbclass +++ b/meta/classes-recipe/devicetree.bbclass @@ -164,6 +164,7 @@ devicetree_do_deploy() { done } addtask deploy before do_build after do_install +SPDX_DEPLOY_TASKS += "do_deploy" EXPORT_FUNCTIONS do_compile do_install do_deploy diff --git a/meta/classes-recipe/kernel-fit-image.bbclass b/meta/classes-recipe/kernel-fit-image.bbclass index 448a88ccb1..02dd245d97 100644 --- a/meta/classes-recipe/kernel-fit-image.bbclass +++ b/meta/classes-recipe/kernel-fit-image.bbclass @@ -248,3 +248,4 @@ do_deploy() { fi } addtask deploy after do_compile before do_build +SPDX_DEPLOY_TASKS += "do_deploy" diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index 50cef17f69..8d0cb91688 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass @@ -842,6 +842,7 @@ kernel_do_deploy() { do_deploy[prefuncs] += "read_subpackage_metadata" addtask deploy after do_install do_populate_sysroot do_packagedata +SPDX_DEPLOY_TASKS += "do_deploy" EXPORT_FUNCTIONS do_deploy diff --git a/meta/recipes-bsp/grub/grub-efi_2.14.bb b/meta/recipes-bsp/grub/grub-efi_2.14.bb index 6354b43989..e535d99710 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.14.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.14.bb @@ -97,6 +97,7 @@ do_deploy() { } addtask deploy after do_install before do_build +SPDX_DEPLOY_TASKS += "do_deploy" FILES:${PN} = "${libdir}/grub/${GRUB_TARGET}-efi \ ${datadir}/grub \ diff --git a/meta/recipes-bsp/opensbi/opensbi_1.8.1.bb b/meta/recipes-bsp/opensbi/opensbi_1.8.1.bb index 0a9652c283..93646a97df 100644 --- a/meta/recipes-bsp/opensbi/opensbi_1.8.1.bb +++ b/meta/recipes-bsp/opensbi/opensbi_1.8.1.bb @@ -45,6 +45,7 @@ do_deploy () { } addtask deploy before do_build after do_install +SPDX_DEPLOY_TASKS += "do_deploy" FILES:${PN} += "/share/opensbi/*/${RISCV_SBI_PLAT}/firmware/fw_jump.*" FILES:${PN} += "/share/opensbi/*/${RISCV_SBI_PLAT}/firmware/fw_payload.*" diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc index a75948dfc3..acc2bf9819 100644 --- a/meta/recipes-bsp/u-boot/u-boot.inc +++ b/meta/recipes-bsp/u-boot/u-boot.inc @@ -471,3 +471,4 @@ uboot_deploy_spl () { } addtask deploy before do_build after do_compile +SPDX_DEPLOY_TASKS += "do_deploy" diff --git a/meta/recipes-core/systemd/systemd-boot_259.5.bb b/meta/recipes-core/systemd/systemd-boot_259.5.bb index aa5e57d3dd..9e61dfa3c6 100644 --- a/meta/recipes-core/systemd/systemd-boot_259.5.bb +++ b/meta/recipes-core/systemd/systemd-boot_259.5.bb @@ -69,4 +69,4 @@ do_deploy () { } addtask deploy before do_build after do_compile - +SPDX_DEPLOY_TASKS += "do_deploy" From patchwork Tue Jun 30 21:01:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91436 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 328C6C43602 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31376.1782853469808937533 for ; Tue, 30 Jun 2026 14:04:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=a5AnTXAS; spf=pass (domain: gmail.com, ip: 209.85.210.41, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f41.google.com with SMTP id 46e09a7af769-7e9f829d75aso683488a34.0 for ; Tue, 30 Jun 2026 14:04:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853469; x=1783458269; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=Ld73QipxGgUGNwCbLpI68Y4U7xizuMrMd7GrfEBrMys=; b=a5AnTXASFw6B7pXHknHP2KUmnfFT0lP5OfSQCaW+K/vg0IrELSeYcK8p00b8TKGhVo Dv0CuO1bh2PmtJ4X3JcAqI/DYoEIq4L4oI+jbWRCVCGTE+PjPUx3p+TCJFkxjhOlcvKx lY5elHk0pwfoYYKkJFGuzCKjJ2PiKoniA9pSOrfy/49ra4+TmU0e3v67NPNRUOPJJ9OO FM39Q7mTj+3VGnfc2QWhD1t+Sf+nVmKYccxRVvTo5S5KtLi23H75xETnPCKQeGaOCwZT aHUriJaw210C7HCDdB0aP82jS7XJqzdH7nBbxHq6zvo1xRsdYr3qo90gKvPuT92+S7/9 DukA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853469; x=1783458269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to:content-type; bh=Ld73QipxGgUGNwCbLpI68Y4U7xizuMrMd7GrfEBrMys=; b=de5+sLmJ5jG3OLM/4J8ZMvY8u1rY4LWdXlxoNoEMVqeNycy2SryUn7zZBH6NOas3cq I33HP6rcSQfYl8U97ZY71eMEeQ6/Z3aK2SJ0zHZ2sV+ujz9N+iif0khyiqb/c2QwOpu9 kVvbN/qtXLsjFFW6zXF4PWrSBHCsoMKyZ4En8FphKibNMGj+zgpKHpNR5zMJO8e+zfe0 DXHusi3jtbPYVssBbdgr+9s7GhxUzpk8UJau1mCDK/Cca/LFvLfxx45vmVdC+2NzIn/n U/hSMuCRVwE7C5UxeVz1Irlu3fFVFneadZ4pz0TmLPb9BH343IINipRafT6XiGDA/FCS J5xQ== X-Gm-Message-State: AOJu0YxRnRgrprGAsSAWUCQ25Qdyg8G3C2dPJFMK+2v4aW8A7S5gry59 AW6Ybtk1mzw8VYMxwIIqynwJLITIRqgNxtoYmXuhq4xj785n/wYVACHATQ3yOw== X-Gm-Gg: AfdE7clT05KqPDJ2UsmDv2zXb+SHt4YlwAUl6KFZAun08L3wLtoTqMB970OxhV3covq mpY1JZA7dtLcSXHf/x886OyDvRWsE1OCKbUdRABzuBgsiKPFliqeJtBN7Joe3m8YUSdpwop4EB4 9m/LRLJzpMuTLpXUgKtI2gYkFXrV/lM/ooWsNUiQi4XWOY2JwQP+30qDADMTQ64C8UnBj7gJi9d X1HBQzof8NQAPMXkgEB2MhqwqAmOxA17uO9RzgqqHwzu2xHY4pwu2FY5AX6Gw19Rhk0ksldPxs1 FaGIWntI6epA36nouI+VrUW/+IqPtJajNW8Lrks3GDlCbyM0Y3GU49gjrNxsiOWq8ij7axZIGxx hzWiR5o6WJo/62SgHACe3JRmqKnG7dsybNmK/c3SDI0KHX8BzDaMpElrtzgKuim188IP32szqsH 3c/2WFrbHQPw== X-Received: by 2002:a05:6830:3741:b0:7e6:de36:3f35 with SMTP id 46e09a7af769-7e9ec5e3159mr4699074a34.10.1782853468915; Tue, 30 Jun 2026 14:04:28 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:28 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 06/10] spdx: Replace do_create_image_spdx with deploy task Date: Tue, 30 Jun 2026 15:01:40 -0600 Message-ID: <20260630210422.1903245-7-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239921 Replaces the dedicated do_create_image_spdx task with a deploy task tied to do_image_complete (which is task that deploys images). This has the advantage that images recipe SPDX dependencies are now completely automatically detected in the task graph, and the SPDX documents are merged in automatically when dependencies on do_image_complete are detected Signed-off-by: Joshua Watt --- .../create-spdx-image-3.0.bbclass | 32 +++++++------------ meta/classes-recipe/nospdx.bbclass | 1 - meta/classes/create-spdx-3.0.bbclass | 3 -- meta/classes/spdx-common.bbclass | 1 - meta/lib/oe/spdx30_tasks.py | 21 ++++++++---- 5 files changed, 26 insertions(+), 32 deletions(-) diff --git a/meta/classes-recipe/create-spdx-image-3.0.bbclass b/meta/classes-recipe/create-spdx-image-3.0.bbclass index b60cdd826f..64cb065632 100644 --- a/meta/classes-recipe/create-spdx-image-3.0.bbclass +++ b/meta/classes-recipe/create-spdx-image-3.0.bbclass @@ -30,7 +30,7 @@ python do_create_rootfs_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_rootfs_spdx(d) } -addtask do_create_rootfs_spdx after do_rootfs do_create_recipe_spdx before do_image +addtask do_create_rootfs_spdx after do_rootfs do_create_recipe_spdx before do_image do_image_complete SSTATETASKS += "do_create_rootfs_spdx" do_create_rootfs_spdx[sstate-inputdirs] = "${SPDXROOTFSDEPLOY}" do_create_rootfs_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}" @@ -43,33 +43,25 @@ python do_create_rootfs_spdx_setscene() { } addtask do_create_rootfs_spdx_setscene -python do_create_image_spdx() { +python create_image_spdx() { import oe.spdx30_tasks - oe.spdx30_tasks.create_image_spdx(d) -} -addtask do_create_image_spdx after do_image_complete do_create_rootfs_spdx do_create_recipe_spdx before do_build -SSTATETASKS += "do_create_image_spdx" -SSTATE_SKIP_CREATION:task-create-image-spdx = "1" -do_create_image_spdx[sstate-inputdirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}" -do_create_image_spdx[cleandirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[dirs] = "${SPDXIMAGEWORK}" -do_create_image_spdx[file-checksums] += "${SPDX3_DEP_FILES}" -do_create_image_spdx[vardeps] += "\ - SPDX_IMAGE_PURPOSE \ - " + from pathlib import Path + current_task = "do_" + d.getVar("BB_CURRENTTASK") -python do_create_image_spdx_setscene() { - sstate_setscene(d) -} -addtask do_create_image_spdx_setscene + spdxdeploydir = Path(d.getVar("SPDXDIR") + "/deploy-" + current_task) + oe.spdx30_tasks.create_image_spdx(d, spdxdeploydir) +} +oe.spdx30_tasks.create_image_spdx[vardeps] += "SPDX_IMAGE_PURPOSE" +SPDX_DEPLOY_TASKS += "do_image_complete:create_image_spdx" +# No deploy sbom is needed since do_create_image_sbom_spdx() is used instead +SPDX_DEPLOY_SBOM = "0" python do_create_image_sbom_spdx() { import oe.spdx30_tasks oe.spdx30_tasks.create_image_sbom_spdx(d) } -addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_create_image_spdx before do_build +addtask do_create_image_sbom_spdx after do_create_rootfs_spdx do_image_complete before do_build SSTATETASKS += "do_create_image_sbom_spdx" SSTATE_SKIP_CREATION:task-create-image-sbom-spdx = "1" do_create_image_sbom_spdx[sstate-inputdirs] = "${SPDXIMAGEDEPLOYDIR}" diff --git a/meta/classes-recipe/nospdx.bbclass b/meta/classes-recipe/nospdx.bbclass index 723194da2d..fafcdd0a13 100644 --- a/meta/classes-recipe/nospdx.bbclass +++ b/meta/classes-recipe/nospdx.bbclass @@ -10,6 +10,5 @@ deltask do_create_spdx deltask do_create_spdx_runtime deltask do_create_package_spdx deltask do_create_rootfs_spdx -deltask do_create_image_spdx deltask do_create_image_sbom_spdx deltask do_create_deploy_sbom diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 13d1de2774..919de094f8 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass @@ -373,9 +373,6 @@ python () { # for the recipe, at least until it's possible for do_populate_sysroot # to describe it's own output. "do_populate_sysroot": "do_create_spdx", - # If an image is needed, also depend on the task to create the SBoM for - # the image - "do_image_complete": "do_create_image_spdx", } def map_task_deps(task, flag): diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index bca169670d..13839aac3a 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -15,7 +15,6 @@ CVE_VERSION ??= "${PV}" SPDXDIR ??= "${WORKDIR}/spdx/${SPDX_VERSION}" SPDXDEPLOY = "${SPDXDIR}/deploy" SPDXWORK = "${SPDXDIR}/work" -SPDXIMAGEWORK = "${SPDXDIR}/image-work" SPDXSDKWORK = "${SPDXDIR}/sdk-work" SPDXSDKEXTWORK = "${SPDXDIR}/sdk-ext-work" SPDXDEPS = "${SPDXDIR}/deps.json" diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 676eb09888..f3a60e3deb 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -1546,19 +1546,19 @@ def create_rootfs_spdx(d): ) -def create_image_spdx(d): +def create_image_spdx(d, spdx_deploy_dir): import oe.sbom30 + pn = d.getVar("PN") + current_task = "do_" + d.getVar("BB_CURRENTTASK") + image_deploy_dir = Path(d.getVar("IMGDEPLOYDIR")) manifest_path = Path(d.getVar("IMAGE_OUTPUT_MANIFEST")) - spdx_work_dir = Path(d.getVar("SPDXIMAGEWORK")) image_basename = d.getVar("IMAGE_BASENAME") machine = d.getVar("MACHINE") - objset = oe.sbom30.ObjectSet.new_objset( - d, "%s-%s-image" % (image_basename, machine) - ) + objset = oe.sbom30.ObjectSet.new_objset(d, f"{pn}-{current_task}-deploy") with manifest_path.open("r") as f: manifest = json.load(f) @@ -1651,13 +1651,18 @@ def create_image_spdx(d): objset.add_aliases() objset.link() oe.sbom30.write_recipe_jsonld_doc( - d, objset, "image", spdx_work_dir, create_task_link=True + d, + objset, + "deploy", + spdx_deploy_dir, + create_task_link=True, ) def create_image_sbom_spdx(d): import oe.sbom30 + pn = d.getVar("PN") image_name = d.getVar("IMAGE_NAME") image_basename = d.getVar("IMAGE_BASENAME") image_link_name = d.getVar("IMAGE_LINK_NAME") @@ -1679,7 +1684,9 @@ def create_image_sbom_spdx(d): root_elements.append(oe.sbom30.get_element_link_id(rootfs_image)) image_objset, _ = oe.sbom30.find_jsonld( - d, "image", "%s-%s-image" % (image_basename, machine), required=True + d, + "deploy", + f"{pn}-do_image_complete-deploy", ) for o in image_objset.foreach_root(oe.spdx30.software_File): root_elements.append(oe.sbom30.get_element_link_id(o)) From patchwork Tue Jun 30 21:01:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C9DFC43327 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.31000.1782853470349495379 for ; Tue, 30 Jun 2026 14:04:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=ATq5m0FF; spf=pass (domain: gmail.com, ip: 209.85.210.53, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f53.google.com with SMTP id 46e09a7af769-7e9ecb1e13cso1498499a34.3 for ; Tue, 30 Jun 2026 14:04:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853469; x=1783458269; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lxnLKSe+U84H+E798KYZ1vrCSh9Q/KwJtgJMVpjVg1Y=; b=ATq5m0FFH6Wcyjr0vRYE9/Sp/7VU+ZurqtwGco0RU8Nm4pLCt4Nf1lnL6Nj4zaiQ8M nQuqMGSogLsz/khG/tiOmnBsskx5/m+7k2Ff99GiHHJxJX01Bm3V9oTvoPrtJfuMrWTp uZDwgklyFPF05i7e59G302ygs6TbuAGB+wvBWDjDrdAe6W0tjBOV9TncSEvfupOuZXfd 8PvarCUgs4kF73Ym8R4M3J3phukt3H8+uVljLzoFPobMJYT5z6czqbulXb1LjdLmQI1B SPTHxqDFGVu2HmxzcWAP/q8TMn71PWtMfJN0vNdb+8SUVddwjXfDbUz0tNj10kd1gWrz ZVsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853469; x=1783458269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=lxnLKSe+U84H+E798KYZ1vrCSh9Q/KwJtgJMVpjVg1Y=; b=U2wWAZ9Rq8SUSWaNI11p/vfdkstX8JrLyw+WpB/T9PJEA3dLfBMLuxGQdt+kvLsNAu dM2dMCpCSqaiimHJbYUTl9Ep6N9aziCNy6OwXmEjGZSNstUPfcY9gi2/5VD49CU73i3X G3jsw2TBfbK848733Wy4pdbJtArYU/N/btVtejRLJGgD8LwfLPgxnjEToZdAN/GIW+f7 hmLlrliGPaxTQXQqu8nVwNdq0bAsqdcOJ3cHB4jhBDmm3CUJf02RItvBXvAY80snOSOD oiJjCtVOMieSUltagZFi1wWkYPN8HbfmYFGAdw9WWx6/kNBOWAJJZqdFKtN8D4bQhTGE LSJA== X-Gm-Message-State: AOJu0YynQM3ssKE6fTKIZMQBTovG+MrB+qRpVfvppigXV/7FntvN/u6B eFGcU2GTfHaMWHh3wzqlXbajMK8vf0mj7lfM4OmE47J2C8UpR2ywFgrfzpUfJw== X-Gm-Gg: AfdE7ckafuSdn1gTRFpqQtTjMmAS/KR95bedhROlPs3wISiwfAHxmbfrMSwwkMcryME u2QIVcDfA4A17wuMLClPlikKBxfs8s9wX0TpIMjS0GO2phD/SbNiVjBsZ99gzk5PHoWSi7hAe5d MXn68VVIi9cAJy307NJ/W3QABQL/74NpVqzRY6wj83BWB1xrxhzLkhn5ieEbAXxKfn7Zj75Ot1B g983i6tsnig5c5PECuy0nCMzP3Fwx93vGkrFnf2z+PLQo0UwYUJjiIqCCQs9tr0Y93BWlwOM5/T o7qCnLTiRjwQbxEmmxneKSKU+OVXRRvBpb/yo9H1/LNsrVNOz4ZGydcFVj9pXh+J9abBjnuM6yq D9vsQHQ/5lIOJGZpNPMMoaZTQ93pI9kGwcRPc+atcHVnHnaC2lUPL95Y0fSaIfUQotr9YtMpHji RIYnZ855F6kA== X-Received: by 2002:a05:6830:2584:b0:7dc:c4ae:a679 with SMTP id 46e09a7af769-7e9fbd969f9mr1531891a34.9.1782853469515; Tue, 30 Jun 2026 14:04:29 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:29 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 07/10] grub-efi: Change to MACHINE_ARCH Date: Tue, 30 Jun 2026 15:01:41 -0600 Message-ID: <20260630210422.1903245-8-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239922 Machines can change EFI_PROVIDER which changes the way grub-efi is built, meaning two machine may not build it the same way. As such, the arch should be MACHINE_ARCH. Signed-off-by: Joshua Watt --- meta/recipes-bsp/grub/grub-efi_2.14.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-bsp/grub/grub-efi_2.14.bb b/meta/recipes-bsp/grub/grub-efi_2.14.bb index e535d99710..8d8671614a 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.14.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.14.bb @@ -41,6 +41,8 @@ python __anonymous () { d.setVar("GRUB_IMAGE_PREFIX", prefix) } +PACKAGE_ARCH = "${MACHINE_ARCH}" + inherit deploy CACHED_CONFIGUREVARS += "ac_cv_path_HELP2MAN=" From patchwork Tue Jun 30 21:01:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91440 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73EC0C44506 for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f51.google.com (mail-ot1-f51.google.com [209.85.210.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31378.1782853471675836450 for ; Tue, 30 Jun 2026 14:04:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=qByM/Pt9; spf=pass (domain: gmail.com, ip: 209.85.210.51, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f51.google.com with SMTP id 46e09a7af769-7ea9c6ea7deso18703a34.3 for ; Tue, 30 Jun 2026 14:04:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853471; x=1783458271; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qIKaNOy6vGLZFDcs5slzOtgn6LQKjBERxIgnII7+GsA=; b=qByM/Pt9uCaU9uJMuZVw5WcU+BhrJ1P8nhPso/ewj227jh+VWh9QFI5p8HVbwpUDnz ccwXVTwIHG6CxCJNLY10F5Jp9sivTwmTFT68482KqUk+aR0eZ7onhkKs1BAlCkjHNeBs R8ecv6DFhcdq/7Hq02NUoLDtcXmsAKu81SHm4JfUznCPGKQmQ4YVRd82osmzLdjARUnk mgnZgOL677HCxwWNNSHunI0i9RiclVNqHCDi3pFmL4PkAeZY3fvH5tSrIYrtGj1SvOnK 3g4pBcM7gwBjjDxX7UZz0L3VLGHElu4pZkWeYK18l8HYo2LcnQwNTygsFt8RPDmWug0a 8JwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853471; x=1783458271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=qIKaNOy6vGLZFDcs5slzOtgn6LQKjBERxIgnII7+GsA=; b=cIcBmvv7+BIXonKl6rodVkqhBAAVnEbcECRA3hF0LD4Hg2qfGmMEp0HggGsjctJ3aZ N+9Av0J/DMM7G3b6CVt9kwqvA+qS71U7B8huAMfd428/hjt8SCbtuWGPH6bWatWBIR1E 4vV9mpAaN7/9/EJ1XUqMgpthVOIFILqPm5OLx8TRlA0fb9hY/MsgCv/S8/qNFKDN+KwE il9WJuZc0B9uwHJQUTQfSX3yqwreWLMOgqsrqg+i22t5Ctfh/zYQ7O7H7qVDGFvI4gB5 2Mkjmm/PSWWlpIgyeTazTnGdQF/U89KJlBaXdPU6OAsXZ6/a0ADMIlnqU3zdkVhx2Gzq ebXg== X-Gm-Message-State: AOJu0YyVx4z9JyOE7fYN6NcIFJSPGZlULmxCFYFjzMn3dUdDW6fQ1PFm OsitgVpAHxUFb4BeuwpRbmko3AhDS5oCzai0E7HVoNgm352XmgXVA0CMvlCz7g== X-Gm-Gg: AfdE7cld0nXjEp7gOkcYSbE0HrcsP69jMDVe0UJJEARfrW8iubc46D+sKNSGaOBnNtW NQmk/6+6cVx+t6t4jVs0jNX8921BSemNd9UXrtoQ+zh+BUs0KsapX6Y7YDcww+s9ttuDzC/s9cL AX2XTU6vA5U/1qKGncLNOWjPU8UDWAygWeBu95tGtYlkWWEsJpdIczRokSv0DHYZJXUY5piATAY P9LsjHQ9rWCqsa3YjR3J7OPJqrw/V6UWc9m9tgDM4dCQmsFLKlHMcHSUSx3zcmJyjWB++NCK7ep DX3e54eGYYNxSJmQXVeA1y5M8LLRLtRgr6KDaBKd/NKTk5T3hRUfUPqj5fQBaqiv9KUfTith1MC LPPLPOVX0j0gdtAGu+II6n5Fe5tQ6xB1Al/IBI5/HM+LKU5vOdvwqAB5VANagoEILY1eEDEeBpQ /SENmCuN+ub0cYMlJ8ZlIw X-Received: by 2002:a05:6830:6af3:b0:7dd:9b19:a875 with SMTP id 46e09a7af769-7e9ec59b06dmr4596350a34.2.1782853470823; Tue, 30 Jun 2026 14:04:30 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:30 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 09/10] multilib: Add systemd-boot to NON_MULTILIB_RECIPES Date: Tue, 30 Jun 2026 15:01:43 -0600 Message-ID: <20260630210422.1903245-10-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239924 systemd-boot is EFI firmware (like grub-efi) and doesn't make sense to be multilib Signed-off-by: Joshua Watt --- meta/conf/multilib.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/conf/multilib.conf b/meta/conf/multilib.conf index 6163405be4..aff55c1e9d 100644 --- a/meta/conf/multilib.conf +++ b/meta/conf/multilib.conf @@ -23,4 +23,4 @@ APT_ARGS:append = " -o Dpkg::Options::=--force-confnew -o Dpkg::Options::=--forc # These recipes don't need multilib variants, the ${BPN} PROVIDES/RPROVIDES # ${MLPREFIX}${BPN} -NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot gcc-source llvm-project-source" +NON_MULTILIB_RECIPES = "grub grub-efi make-mod-scripts ovmf u-boot gcc-source llvm-project-source systemd-boot" From patchwork Tue Jun 30 21:01:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joshua Watt X-Patchwork-Id: 91444 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B97FCC4450A for ; Tue, 30 Jun 2026 21:04:32 +0000 (UTC) Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com [209.85.210.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.31380.1782853472293294540 for ; Tue, 30 Jun 2026 14:04:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20251104 header.b=nbZJihat; spf=pass (domain: gmail.com, ip: 209.85.210.49, mailfrom: jpewhacker@gmail.com) Received: by mail-ot1-f49.google.com with SMTP id 46e09a7af769-7e6b5737bb2so5145627a34.1 for ; Tue, 30 Jun 2026 14:04:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1782853471; x=1783458271; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BaARuynv5fIS2QfYYP0UxSlKrAAUXgQMwDNCMwdX6fU=; b=nbZJihat9RmvGUw9G4jDtJJ5RynYXz6GiDOhGpX4O3nabueKqwtrGdogefwAC4lK4A hs3fB/nhs7f+Q6o5xWPhpRjRkhbfVx7DsbHQ+18I3xdp2JIDpgrW4JC4uZ1LQVkAkeoJ xN3r3lIuLoE2SoqLhR1+4doqxTuwMv27WUdSguSyg4/O/1vUnP6RnMJh/ExTAU/76e7r +PxG8FKLRcmQp0vjOyk9zc1g6niXcaVB+0tyKWtkdXRF2hNT0N+gJSWvd0OH68j39Dxx T5yi83SzlmzeHnGSdSlwizT0XT5H4ayXwA2sEjSDmi7PsHDsrVGX4Go/YzCMoD9hl6gg BoFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782853471; x=1783458271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=BaARuynv5fIS2QfYYP0UxSlKrAAUXgQMwDNCMwdX6fU=; b=fr9n2DXnZFGXEUv+SedeDjedZrPUZjJb954ZKC/+R/FxsDDL1oXu53y3LcJI8z5fB4 m+jwKZfipaWIyILiHzWUAdrxf0P6JR8OVbjUKC6i3D8JuM99XLwwCCNcTdok4if2l3Ab I73rl2bhGANCiX5Ue2UJCeOIx8tS8N9PS9C8uJzz4dmiK/2JJDsuLb20xOQtjVmEpZQe cSS6ysn23vmbt1WVNyy0VPthZ1DAT47sAKWxXhGzdQ0+9aHnzyL/wnQ9xRoTuOp+UyDH glCUW7EQcgodNEmcE+vk2pKxyg3JYi+ceSvbZKC9W9jrEq1QlIMRacYPmAyHn4mxFYI4 EaBg== X-Gm-Message-State: AOJu0Ywddcuda3t0PKj1kiQWITOqBSyVMSU7dW0qpKc13LrkeLvZPlOU ibr6hy7dwPQYpO7f6x37xI4PFN3dkoPL8sytYUlaFl1/V+6MpgIOhMTrGVwz9Q== X-Gm-Gg: AfdE7ckkFh/O2r+8iDIAdWPAVC94w/MSd7JDheUlQNf0xvB1dscaKpfKcZK01bgbH2Z XqYWtzXQDMjU3R93yEL0ZXNr7Gvk0ZbsG4Api4W71RRJpKsF7z/PlICnCSe6W6abMS4Gtnlkr9D 099Hb6JlqemEDN/mIU8XiFkdTcel7qfVy8az2Dxx2ou5slZXz6X5iv0E7zdrlf5Zl+eMlq7uAu9 AP3Fmuau8Fd6za5pqLTz3r9Eu+qVzhLrhE9+QyqHbIDNzqHTOCi4W3Jez3bmi/9Alj1UipJCdIP bP0AeMpnlTg/ZozcGCX3N1EVTQE8tWGEcfo5xs5b4cgAPO+Xe3kHqNCvEf29NFixR2AZ4EeaMRr jxUgDbDlnolE8JycvipFX9lhnTJn7Y0N1qwK+p/2VxI51PGePwmnoDds6rGTfcGbAgBlfC+U/Tk o9WAmxE0ToJQ== X-Received: by 2002:a05:6830:6af7:b0:7e9:d3aa:e391 with SMTP id 46e09a7af769-7e9ec5cbbdfmr4056014a34.6.1782853471456; Tue, 30 Jun 2026 14:04:31 -0700 (PDT) Received: from localhost.localdomain ([2601:283:4b02:22d0::3cfc]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7e9ebfd01cdsm3248143a34.8.2026.06.30.14.04.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jun 2026 14:04:31 -0700 (PDT) From: Joshua Watt X-Google-Original-From: Joshua Watt To: openembedded-core@lists.openembedded.org Cc: Joshua Watt Subject: [OE-core][PATCH v4 10/10] wic-tools: Change to MACHINE_ARCH Date: Tue, 30 Jun 2026 15:01:44 -0600 Message-ID: <20260630210422.1903245-11-JPEWhacker@gmail.com> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260630210422.1903245-1-JPEWhacker@gmail.com> References: <20260624141706.2164567-1-JPEWhacker@gmail.com> <20260630210422.1903245-1-JPEWhacker@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 30 Jun 2026 21:04:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239925 Changes wic-tools to be MACHINE_ARCH. This isn't exactly an ideal, but wic-tools is attempting to provide a target sysroot that (potentially) contains the EFI binaries for wic (and, this is the only way wic is willing to find those binaries). Since the EFI binaries are MACHINE_ARCH, wic-tools must also be MACHINE_ARCH otherwise it causes problems. Signed-off-by: Joshua Watt --- meta/recipes-core/meta/wic-tools.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/meta/wic-tools.bb b/meta/recipes-core/meta/wic-tools.bb index 45fb873dd6..823dbe6db6 100644 --- a/meta/recipes-core/meta/wic-tools.bb +++ b/meta/recipes-core/meta/wic-tools.bb @@ -17,6 +17,8 @@ DEPENDS:append:aarch64 = " grub-efi systemd-boot" INHIBIT_DEFAULT_DEPS = "1" +PACKAGE_ARCH = "${MACHINE_ARCH}" + inherit nopackages # The sysroot of wic-tools is needed for wic, but if rm_work is enabled, it will