Reviewed-by: Joshua Watt <jpewhac...@gmail.com>
On Wed, Dec 25, 2024 at 10:43 PM Hongxu Jia <hongxu....@windriver.com> wrote:
>
> when using SPDX_INCLUDE_SOURCES, it calls scan_declared_licenses
> to scan licenses from source file, set alias for the newly added
> license and and license alias to hasDeclaredLicense relationship
>
> $ echo 'MACHINE = "qemux86-64"' >> conf/local.conf
> $ echo 'SPDX_INCLUDE_SOURCES = "1"' >> conf/local.conf
> $ bitbake shadow
> $ vim tmp/deploy/spdx/3.0.1/corei7-64/recipes/recipe-shadow.spdx.json
> Before this commit
> ...
> {
> "type": "Relationship",
> ...
> "from":
> "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048";,
> "relationshipType": "hasDeclaredLicense",
> "to": [
>
> "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/license/3_24_0/BSD-3-Clause";,
> ]
> },
> ...
>
> After this commit
> ...
> {
> "type": "Relationship",
> ...
> "from":
> "http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/d0cdb0d02e54d55e52fccf8631f8290b161ad43fe31fffe09e8e25041d2280cf/sourcefile/11048";,
> "relationshipType": "hasDeclaredLicense",
> "to": [
>
> "http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_24_0/BSD-3-Clause";
> ]
> },
> ...
>
> Signed-off-by: Hongxu Jia <hongxu....@windriver.com>
> ---
> meta/lib/oe/sbom30.py | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
> index 0004447066..7993e1fbef 100644
> --- a/meta/lib/oe/sbom30.py
> +++ b/meta/lib/oe/sbom30.py
> @@ -589,12 +589,14 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
>
> file_licenses = set()
> for extracted_lic in oe.spdx_common.extract_licenses(filepath):
> - file_licenses.add(self.new_license_expression(extracted_lic,
> license_data))
> + lic = self.new_license_expression(extracted_lic, license_data)
> + self.set_element_alias(lic)
> + file_licenses.add(lic)
>
> self.new_relationship(
> [spdx_file],
> oe.spdx30.RelationshipType.hasDeclaredLicense,
> - file_licenses,
> + [oe.sbom30.get_element_link_id(lic_alias) for lic_alias in
> file_licenses],
> )
> spdx_file.extension.append(OELicenseScannedExtension())
>
> --
> 2.34.1
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#209477):
https://lists.openembedded.org/g/openembedded-core/message/209477
Mute This Topic: https://lists.openembedded.org/mt/110290206/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
