classes/sbom-cve-check: remove references to vex.bbclass

This is effectively a no-op change, as the recommended way to run
sbom-cve-check is with SPDX_INCLUDE_VEX="all", which includes all of the
data in the SPDX that the vex class would have generated.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass
index a5dc262c6aab1439bac73f684a0dcabb29f3e7f3..2a8429d0b1cabe4a62556bf255e8ca0d9989e92a 100644 (file)
--- a/meta/classes-recipe/sbom-cve-check.bbclass
+++ b/meta/classes-recipe/sbom-cve-check.bbclass
@@ -48,7 +48,6 @@ python do_sbom_cve_check() {
         bb.fatal("Cannot execute sbom-cve-check missing create-spdx-3.0 inherit.")
 
     sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.spdx.json")
-    vex_manifest_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.vex.json")
     dl_db_dir = d.getVar("SBOM_CVE_CHECK_DEPLOY_DB_DIR")
     deploy_dir = d.getVar("SBOM_CVE_CHECK_DEPLOYDIR")
     img_link_name = d.getVar("IMAGE_LINK_NAME")
@@ -72,12 +71,6 @@ python do_sbom_cve_check() {
         "--disable-auto-updates"
     ]
 
-    # Assume that SPDX_INCLUDE_VEX is set globally to "all", and not only for the
-    # image recipe, which is very unlikely. This is not an issue to include the
-    # VEX manifest even if not needed.
-    if bb.data.inherits_class("vex", d) and d.getVar("SPDX_INCLUDE_VEX") != "all":
-        cmd_args.extend(["--yocto-vex-manifest", vex_manifest_path])
-
     for export_file in export_files:
         cmd_args.extend(
             ["--export-type", export_file[0], "--export-path", export_file[1]]