diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2024-07-12 09:58:21 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-13 23:28:31 +0100 |
| commit | 2c2e1becd682742f13d186faae5f013a0b91c5ab (patch) | |
| tree | 3627ee37b03413afcbf49120c562009e52f7822d /meta/classes | |
| parent | 666c1f1048568d136c2d5e09184f1d99f1663342 (diff) | |
| download | poky-2c2e1becd682742f13d186faae5f013a0b91c5ab.tar.gz | |
classes/create-spdx-2.2: Handle empty packages
When combining an SPDX document, the package list might be empty (e.g.
a baremetal image). Handle this case instead of erroring out
(From OE-Core rev: baf4e360f6e65a5e9aff2def69d2a720f38f92b2)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/create-spdx-2.2.bbclass | 83 |
1 files changed, 42 insertions, 41 deletions
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index 3bcde1acc8..239a95da14 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass | |||
| @@ -811,52 +811,53 @@ def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx | |||
| 811 | 811 | ||
| 812 | doc.packages.append(image) | 812 | doc.packages.append(image) |
| 813 | 813 | ||
| 814 | for name in sorted(packages.keys()): | 814 | if packages: |
| 815 | if name not in providers: | 815 | for name in sorted(packages.keys()): |
| 816 | bb.fatal("Unable to find SPDX provider for '%s'" % name) | 816 | if name not in providers: |
| 817 | bb.fatal("Unable to find SPDX provider for '%s'" % name) | ||
| 817 | 818 | ||
| 818 | pkg_name, pkg_hashfn = providers[name] | 819 | pkg_name, pkg_hashfn = providers[name] |
| 819 | 820 | ||
| 820 | pkg_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, pkg_name, pkg_hashfn) | 821 | pkg_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, pkg_name, pkg_hashfn) |
| 821 | if not pkg_spdx_path: | 822 | if not pkg_spdx_path: |
| 822 | bb.fatal("No SPDX file found for package %s, %s" % (pkg_name, pkg_hashfn)) | 823 | bb.fatal("No SPDX file found for package %s, %s" % (pkg_name, pkg_hashfn)) |
| 823 | 824 | ||
| 824 | pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path) | 825 | pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path) |
| 825 | 826 | ||
| 826 | for p in pkg_doc.packages: | 827 | for p in pkg_doc.packages: |
| 827 | if p.name == name: | 828 | if p.name == name: |
| 828 | pkg_ref = oe.spdx.SPDXExternalDocumentRef() | 829 | pkg_ref = oe.spdx.SPDXExternalDocumentRef() |
| 829 | pkg_ref.externalDocumentId = "DocumentRef-%s" % pkg_doc.name | 830 | pkg_ref.externalDocumentId = "DocumentRef-%s" % pkg_doc.name |
| 830 | pkg_ref.spdxDocument = pkg_doc.documentNamespace | 831 | pkg_ref.spdxDocument = pkg_doc.documentNamespace |
| 831 | pkg_ref.checksum.algorithm = "SHA1" | 832 | pkg_ref.checksum.algorithm = "SHA1" |
| 832 | pkg_ref.checksum.checksumValue = pkg_doc_sha1 | 833 | pkg_ref.checksum.checksumValue = pkg_doc_sha1 |
| 833 | 834 | ||
| 834 | doc.externalDocumentRefs.append(pkg_ref) | 835 | doc.externalDocumentRefs.append(pkg_ref) |
| 835 | doc.add_relationship(image, "CONTAINS", "%s:%s" % (pkg_ref.externalDocumentId, p.SPDXID)) | 836 | doc.add_relationship(image, "CONTAINS", "%s:%s" % (pkg_ref.externalDocumentId, p.SPDXID)) |
| 836 | break | 837 | break |
| 837 | else: | 838 | else: |
| 838 | bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path)) | 839 | bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path)) |
| 839 | 840 | ||
| 840 | runtime_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "runtime-" + name, pkg_hashfn) | 841 | runtime_spdx_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "runtime-" + name, pkg_hashfn) |
| 841 | if not runtime_spdx_path: | 842 | if not runtime_spdx_path: |
| 842 | bb.fatal("No runtime SPDX document found for %s, %s" % (name, pkg_hashfn)) | 843 | bb.fatal("No runtime SPDX document found for %s, %s" % (name, pkg_hashfn)) |
| 843 | 844 | ||
| 844 | runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path) | 845 | runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path) |
| 845 | 846 | ||
| 846 | runtime_ref = oe.spdx.SPDXExternalDocumentRef() | 847 | runtime_ref = oe.spdx.SPDXExternalDocumentRef() |
| 847 | runtime_ref.externalDocumentId = "DocumentRef-%s" % runtime_doc.name | 848 | runtime_ref.externalDocumentId = "DocumentRef-%s" % runtime_doc.name |
| 848 | runtime_ref.spdxDocument = runtime_doc.documentNamespace | 849 | runtime_ref.spdxDocument = runtime_doc.documentNamespace |
| 849 | runtime_ref.checksum.algorithm = "SHA1" | 850 | runtime_ref.checksum.algorithm = "SHA1" |
| 850 | runtime_ref.checksum.checksumValue = runtime_doc_sha1 | 851 | runtime_ref.checksum.checksumValue = runtime_doc_sha1 |
| 851 | 852 | ||
| 852 | # "OTHER" isn't ideal here, but I can't find a relationship that makes sense | 853 | # "OTHER" isn't ideal here, but I can't find a relationship that makes sense |
| 853 | doc.externalDocumentRefs.append(runtime_ref) | 854 | doc.externalDocumentRefs.append(runtime_ref) |
| 854 | doc.add_relationship( | 855 | doc.add_relationship( |
| 855 | image, | 856 | image, |
| 856 | "OTHER", | 857 | "OTHER", |
| 857 | "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID), | 858 | "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID), |
| 858 | comment="Runtime dependencies for %s" % name | 859 | comment="Runtime dependencies for %s" % name |
| 859 | ) | 860 | ) |
| 860 | bb.utils.mkdirhier(spdx_workdir) | 861 | bb.utils.mkdirhier(spdx_workdir) |
| 861 | image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json") | 862 | image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json") |
| 862 | 863 | ||