On Fri, 2024-11-22 at 13:16 -0700, Joshua Watt via lists.openembedded.org wrote: > Adds a task that can be used to generate a stand alone SBoM for a given > build of a recipe. This SBoM includes the inputs and output for the > build, as well as the build and runtime dependencies. The dependencies > however will be added as unresolved imports to the OE SPDX alias, so as > to avoid pulling in the entire dependency tree (that is, the generated > SBoM is focused on just the specific recipe, not the entire build > dependency tree). > > Signed-off-by: Joshua Watt <jpewhac...@gmail.com> > --- > meta/classes/create-spdx-3.0.bbclass | 25 ++++++++++++ > meta/lib/oe/sbom30.py | 55 ++++++++++++++++---------- > meta/lib/oe/spdx30_tasks.py | 59 ++++++++++++++++++++++++++-- > meta/lib/oeqa/selftest/cases/spdx.py | 20 +++++++++- > 4 files changed, 133 insertions(+), 26 deletions(-)
One of the other selftests may need a tweak after this: https://valkyrie.yoctoproject.org/#/builders/76/builds/477/steps/14/logs/stdio Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#207687): https://lists.openembedded.org/g/openembedded-core/message/207687 Mute This Topic: https://lists.openembedded.org/mt/109729858/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
