On Thu, Nov 4, 2021 at 11:49 AM Andres Beltran <abelt...@linux.microsoft.com> wrote: > > Currently, the "Organization" field for SBOMs is hard-coded in > create-spdx. Create a new variable SPDX_ORG to make this field more > generic. > > Signed-off-by: Andres Beltran <abelt...@linux.microsoft.com>
LGTM Reviewed-By: Joshua Watt <jpewhac...@gmail.com> > --- > meta/classes/create-spdx.bbclass | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/meta/classes/create-spdx.bbclass > b/meta/classes/create-spdx.bbclass > index c35dbe11849..eb1d446f3fb 100644 > --- a/meta/classes/create-spdx.bbclass > +++ b/meta/classes/create-spdx.bbclass > @@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"; > > SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" > > +SPDX_ORG ??= "OpenEmbedded ()" > + > do_image_complete[depends] = "virtual/kernel:do_create_spdx" > > def get_doc_namespace(d, doc): > @@ -415,7 +417,7 @@ python do_create_spdx() { > doc.creationInfo.comment = "This document was created by analyzing > recipe files during the build." > doc.creationInfo.licenseListVersion = > d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] > doc.creationInfo.creators.append("Tool: OpenEmbedded Core > create-spdx.bbclass") > - doc.creationInfo.creators.append("Organization: OpenEmbedded ()") > + doc.creationInfo.creators.append("Organization: %s" % > d.getVar("SPDX_ORG")) > doc.creationInfo.creators.append("Person: N/A ()") > > recipe = oe.spdx.SPDXPackage() > @@ -519,7 +521,7 @@ python do_create_spdx() { > package_doc.creationInfo.comment = "This document was created by > analyzing packages created during the build." > package_doc.creationInfo.licenseListVersion = > d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] > package_doc.creationInfo.creators.append("Tool: OpenEmbedded > Core create-spdx.bbclass") > - package_doc.creationInfo.creators.append("Organization: > OpenEmbedded ()") > + package_doc.creationInfo.creators.append("Organization: %s" % > d.getVar("SPDX_ORG")) > package_doc.creationInfo.creators.append("Person: N/A ()") > package_doc.externalDocumentRefs.append(recipe_ref) > > @@ -653,7 +655,7 @@ python do_create_runtime_spdx() { > runtime_doc.creationInfo.comment = "This document was created by > analyzing package runtime dependencies." > runtime_doc.creationInfo.licenseListVersion = > d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] > runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded > Core create-spdx.bbclass") > - runtime_doc.creationInfo.creators.append("Organization: > OpenEmbedded ()") > + runtime_doc.creationInfo.creators.append("Organization: %s" % > d.getVar("SPDX_ORG")) > runtime_doc.creationInfo.creators.append("Person: N/A ()") > > package_ref = oe.spdx.SPDXExternalDocumentRef() > @@ -813,7 +815,7 @@ python image_combine_spdx() { > doc.creationInfo.comment = "This document was created by analyzing the > source of the Yocto recipe during the build." > doc.creationInfo.licenseListVersion = > d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] > doc.creationInfo.creators.append("Tool: OpenEmbedded Core > create-spdx.bbclass") > - doc.creationInfo.creators.append("Organization: OpenEmbedded ()") > + doc.creationInfo.creators.append("Organization: %s" % > d.getVar("SPDX_ORG")) > doc.creationInfo.creators.append("Person: N/A ()") > > image = oe.spdx.SPDXPackage() > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#157856): https://lists.openembedded.org/g/openembedded-core/message/157856 Mute This Topic: https://lists.openembedded.org/mt/86820747/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
