From: Jayasurya Maganuru Date: Mon, 20 Oct 2025 07:22:28 +0000 (-0700) Subject: spdx_common: Fix invalid SPDX downloadLocation for Rust crates X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7cadbd1a22e18847d03b5baa902f5581d3e0aafa;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git spdx_common: Fix invalid SPDX downloadLocation for Rust crates Fixes [YOCTO #15909] SPDX validation was failing due to the use of `crate://crates.io/...` as the `downloadLocation`, which is not a valid SPDX URL as per the 2.2 specification. This patch updates `fetch_data_to_uri()` in `spdx_common.py` to detect when the fetcher type is "crate" and instead use the `url` attribute, which contains a valid HTTP(S) URL in the expected format, e.g.: https://crates.io/api/v1/crates///download This aligns the SPDX metadata for Rust crates with the specification and avoids validation errors in tools consuming SPDX documents. Tested with the `python3-bcrypt` recipe and verified that the generated `spdx.json` contains a valid `software_downloadLocation`. Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15909 Signed-off-by: Jayasurya Maganuru Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- diff --git a/meta/lib/oe/spdx_common.py b/meta/lib/oe/spdx_common.py index c2dec65563..72c24180d5 100644 --- a/meta/lib/oe/spdx_common.py +++ b/meta/lib/oe/spdx_common.py @@ -230,6 +230,11 @@ def fetch_data_to_uri(fd, name): Translates a bitbake FetchData to a string URI """ uri = fd.type + + # crate: is not a valid URL. Use url field instead if exist + if uri == "crate" and hasattr(fd,"url"): + return fd.url + # Map gitsm to git, since gitsm:// is not a valid URI protocol if uri == "gitsm": uri = "git"