By default, still use ${PV} as the the version of a package in SBOM 3
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2"
},
...
Support to override it by setting SPDX_PACKAGE_VERSION, such as
set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append
PR to software_packageVersion in SBOM 3
$ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf
$ bitbake acl
$ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json
...
{
"type": "software_Package",
...
"name": "acl",
"software_packageVersion": "2.3.2-r0"
},
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
is supplying artifacts produced by the build"
+SPDX_PACKAGE_VERSION ??= "${PV}"
+SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
+ in software_Package"
IMAGE_CLASSES:append = " create-spdx-image-3.0"
SDK_CLASSES += "create-spdx-sdk-3.0"
_id=pkg_objset.new_spdxid("package", pkg_name),
creationInfo=pkg_objset.doc.creationInfo,
name=pkg_name,
- software_packageVersion=d.getVar("PV"),
+ software_packageVersion=d.getVar("SPDX_PACKAGE_VERSION"),
)
)
set_timestamp_now(d, spdx_package, "builtTime")
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
