create-spdx-3.0: add SPDX_LICENSES to SPDX3_DEP_FILES

If we have changes on SPDX_LICENSES content we ended up building invalid sstate-cache archives. The default value for the SPDX_LICENSES is the file meta/files/spdx-licenses.json but this file don't use the bitbake fetcher and because of this their checksum is not validated. So we need to add this file to the build dependency chain of the SPDX. For example, currently we have bump from 3.24.0 to 3.27.0 on master-next for the file meta/files/spdx-licenses.json. Since the file content is not taken into account, we end up creating invalid sstate-cache artifacts on the autobuilder on master-next builds. This created sstate-cache artifacts will also be available to master branch users that are using the upstream sstate-cache mirror. If someone is using the public mirror but still following the master branch they will encounter something like the following error which this change aims to resolve. | ERROR: initramfs-rootfs-image-1.0-r0 do_create_image_sbom_spdx: http://spdxdocs.org/openembedded-alias/by-doc-hash/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc/zlib/UNIHASH/license/3_27_0/Zlib not found in /work/build/tmp/deploy/spdx/3.0.1/armv8a/by-spdxid-hash/57/57301e8063a8bf25308226271627db2b78675cda9f648c5c6c14a2b9c18f48dc.spdx.json (From OE-Core rev: 10669f6f615058293671fb16454601580b7b34e9) Signed-off-by: Jose Quaresma <jose.quaresma@oss.qualcomm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jose Quaresma <jose.quaresma@oss.qualcomm.com> 2025-10-22 10:06:49 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-27 11:37:43 +0000
commit: aedcbcaae148968fa95f7ced26d4696da0cf63b6 (patch)
tree: b99ac8e2af53310929e72d33bcf58fa2be2c2ad0
parent: b22cfc5ef1bb80236c0f3892b17a55f2364ce243 (diff)
download: poky-aedcbcaae148968fa95f7ced26d4696da0cf63b6.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
index 3a8a97eca4..a6d2d44e34 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -136,6 +136,7 @@ oe.spdx30_tasks.collect_dep_objsets[vardepsexclude] = "SPDX_MULTILIB_SSTATE_ARCH
 SPDX3_DEP_FILES = "\
    ${COREBASE}/meta/lib/oe/sbom30.py:True \
    ${COREBASE}/meta/lib/oe/spdx30.py:True \
+    ${SPDX_LICENSES}:True \
    "
 python do_create_spdx() {
author	Jose Quaresma <jose.quaresma@oss.qualcomm.com>	2025-10-22 10:06:49 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-27 11:37:43 +0000
commit	aedcbcaae148968fa95f7ced26d4696da0cf63b6 (patch)
tree	b99ac8e2af53310929e72d33bcf58fa2be2c2ad0
parent	b22cfc5ef1bb80236c0f3892b17a55f2364ce243 (diff)
download	poky-aedcbcaae148968fa95f7ced26d4696da0cf63b6.tar.gz

diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 3a8a97eca4..a6d2d44e34 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass
@@ -136,6 +136,7 @@ oe.spdx30_tasks.collect_dep_objsets[vardepsexclude] = "SPDX_MULTILIB_SSTATE_ARCH
136	SPDX3_DEP_FILES = "\	136	SPDX3_DEP_FILES = "\
137	${COREBASE}/meta/lib/oe/sbom30.py:True \	137	${COREBASE}/meta/lib/oe/sbom30.py:True \
138	${COREBASE}/meta/lib/oe/spdx30.py:True \	138	${COREBASE}/meta/lib/oe/spdx30.py:True \
		139	${SPDX_LICENSES}:True \
139	"	140	"
140		141
141	python do_create_spdx() {	142	python do_create_spdx() {