git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Daniel Turull <daniel.turull@ericsson.com>
	Thu, 19 Jun 2025 08:47:36 +0000 (10:47 +0200)
committer	Steve Sakoman <steve@sakoman.com>
	Thu, 3 Jul 2025 16:01:28 +0000 (09:01 -0700)
commit	a2866934e58fb377a73e87576c8594988a63ad1b
tree	210c36d89755e776c6d370442b95095788530f7f	tree \| snapshot
parent	cba53212f5debf897752453364b9756a05c197de	commit \| diff

spdx: add option to include only compiled sources

When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.

It uses debugsource information generated during do_package.

This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.

As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.

Tested with bitbake world on oe-core.

(From OE-Core rev: c6a2f1fca76fae4c3ea471a0c63d0b453beea968)
Adapted to existing files for create-spdx-2.2

CC: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
CC: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/classes/create-spdx-2.2.bbclass		diff \| blob \| blame \| history
meta/lib/oe/spdx.py		diff \| blob \| blame \| history