On Mon, Jan 13, 2025 at 5:34 AM Igor Opaniuk via
lists.openembedded.org
<igor.opaniuk=foundries...@lists.openembedded.org> wrote:
>
> From: Igor Opaniuk <igor.opan...@foundries.io>
>
> create_image_spdx() implementation assumes that image is indeed a file.
> If image recipe deploys a directory (for example, which contains an
> hierarchy of flash artifacts, that is used by SoC vendor-specific
> flashing tool) which follows ${IMAGE_NAME}.${IMAGE_TYPE} naming scheme,
> create_image_spdx() function will fail after trying to hash a directory:
>
> *** 0002:do_create_image_spdx(d)
> 0003:
> File: '.../meta/classes-recipe/create-spdx-image-3.0.bbclass', lineno: 48,
> function: do_create_image_spdx
> 0044:addtask do_create_rootfs_spdx_setscene
> 0045:
> 0046:python do_create_image_spdx() {
> 0047: import oe.spdx30_tasks
> *** 0048: oe.spdx30_tasks.create_image_spdx(d)
> 0049:}
> 0050:addtask do_create_image_spdx after do_image_complete
> do_create_rootfs_spdx before do_build
> 0051:SSTATETASKS += "do_create_image_spdx"
> ...
> File: '.../bitbake/lib/bb/utils.py', lineno: 536, function: _hasher
> 0532:
> 0533:def _hasher(method, filename):
> 0534: import mmap
> 0535:
> *** 0536: with open(filename, "rb") as f:
> 0537: try:
> 0538: with mmap.mmap(f.fileno(), 0, access=mmap.ACCESS_READ)
> as mm:
> 0539: for chunk in iter(lambda: mm.read(8192), b''):
> 0540: method.update(chunk)
> Exception: IsADirectoryError: [Errno 21] Is a directory: '...'
>
> Signed-off-by: Igor Opaniuk <igor.opan...@foundries.io>
> ---
> meta/lib/oe/spdx30_tasks.py | 33 +++++++++++++++++++++------------
> 1 file changed, 21 insertions(+), 12 deletions(-)
>
> diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
> index c60c97896c..20fb5644e3 100644
> --- a/meta/lib/oe/spdx30_tasks.py
> +++ b/meta/lib/oe/spdx30_tasks.py
> @@ -1072,19 +1072,28 @@ def create_image_spdx(d):
> for image in task["images"]:
> image_filename = image["filename"]
> image_path = image_deploy_dir / image_filename
> - a = objset.add_root(
> - oe.spdx30.software_File(
> - _id=objset.new_spdxid("image", image_filename),
> - creationInfo=objset.doc.creationInfo,
> - name=image_filename,
> - verifiedUsing=[
> - oe.spdx30.Hash(
> - algorithm=oe.spdx30.HashAlgorithm.sha256,
> - hashValue=bb.utils.sha256_file(image_path),
> - )
> - ],
> + if os.path.isdir(image_path):
> + a = objset.add_root(
> + oe.spdx30.software_Package(
> + _id=objset.new_spdxid("image-files", image_filename),
> + creationInfo=objset.doc.creationInfo,
> + name=image_filename,
> + )
A "package" is not the correct thing to use here. It should
recursively add all the files (with their checksums). I think reusing
add_package_files() would be best, do you have an example of a recipe
that does this?
> + )
> + else:
> + a = objset.add_root(
> + oe.spdx30.software_File(
> + _id=objset.new_spdxid("image", image_filename),
> + creationInfo=objset.doc.creationInfo,
> + name=image_filename,
> + verifiedUsing=[
> + oe.spdx30.Hash(
> + algorithm=oe.spdx30.HashAlgorithm.sha256,
> + hashValue=bb.utils.sha256_file(image_path),
> + )
> + ],
> + )
> )
> - )
> set_purposes(
> d, a, "SPDX_IMAGE_PURPOSE:%s" % imagetype,
> "SPDX_IMAGE_PURPOSE"
> )
> --
> 2.43.0
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#209734):
https://lists.openembedded.org/g/openembedded-core/message/209734
Mute This Topic: https://lists.openembedded.org/mt/110585648/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
