diff options
| author | Daniel Turull <daniel.turull@ericsson.com> | 2025-06-10 17:24:42 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-06-17 23:38:18 +0100 |
| commit | 33fd6f6e82cf2c9d20a0532d8cfe850280a83051 (patch) | |
| tree | 91084d1320c8a0490f4cbca974b508c6d6eadaf8 /meta/lib/oe/spdx30_tasks.py | |
| parent | 5132c991e648d9ae8a6701d9da9e80bec65f0d25 (diff) | |
| download | poky-master.tar.gz | |
When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.
It uses debugsource information generated during do_package.
This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.
As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.
Tested with bitbake world on oe-core.
CC: Quentin Schulz <quentin.schulz@cherry.de>
CC: Joshua Watt <JPEWhacker@gmail.com>
CC: Peter Marko <peter.marko@siemens.com>
(From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib/oe/spdx30_tasks.py')
| -rw-r--r-- | meta/lib/oe/spdx30_tasks.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 61d7ba45e3..beeafc2bb7 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py | |||
| @@ -156,6 +156,11 @@ def add_package_files( | |||
| 156 | bb.note(f"Skip {topdir}") | 156 | bb.note(f"Skip {topdir}") |
| 157 | return spdx_files | 157 | return spdx_files |
| 158 | 158 | ||
| 159 | check_compiled_sources = d.getVar("SPDX_INCLUDE_COMPILED_SOURCES") == "1" | ||
| 160 | if check_compiled_sources: | ||
| 161 | compiled_sources, types = oe.spdx_common.get_compiled_sources(d) | ||
| 162 | bb.debug(1, f"Total compiled files: {len(compiled_sources)}") | ||
| 163 | |||
| 159 | for subdir, dirs, files in os.walk(topdir, onerror=walk_error): | 164 | for subdir, dirs, files in os.walk(topdir, onerror=walk_error): |
| 160 | dirs[:] = [d for d in dirs if d not in ignore_dirs] | 165 | dirs[:] = [d for d in dirs if d not in ignore_dirs] |
| 161 | if subdir == str(topdir): | 166 | if subdir == str(topdir): |
| @@ -171,6 +176,11 @@ def add_package_files( | |||
| 171 | filename = str(filepath.relative_to(topdir)) | 176 | filename = str(filepath.relative_to(topdir)) |
| 172 | file_purposes = get_purposes(filepath) | 177 | file_purposes = get_purposes(filepath) |
| 173 | 178 | ||
| 179 | # Check if file is compiled | ||
| 180 | if check_compiled_sources: | ||
| 181 | if not oe.spdx_common.is_compiled_source(filename, compiled_sources, types): | ||
| 182 | continue | ||
| 183 | |||
| 174 | spdx_file = objset.new_file( | 184 | spdx_file = objset.new_file( |
| 175 | get_spdxid(file_counter), | 185 | get_spdxid(file_counter), |
| 176 | filename, | 186 | filename, |