From: Joshua Watt Date: Mon, 22 Jun 2026 16:01:24 +0000 (-0600) Subject: spdx: Add custom annotations to recipe packages X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5a4a7d7c1916d88456838fbb31ee87d6a1e48ab;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git spdx: Add custom annotations to recipe packages In addition to adding custom annotations to the build, add them to the recipe as well. Historically in the SPDX 2.2 implementation, there was no concept of a "build" and instead just a "recipe" SPDX package that represented both the recipe itself and the build that produced the runtime packages. The custom annotations were attached to this package. When SPDX 3 was first introduced, this unified recipe package was not kept and instead only a build object was created to represent the production of the runtime packages; as such the custom annotations were attached to this build. Later, it was desired to re-introduce a package to represent the recipe itself for various reasons, however the custom annotations were not attached to the recipe object at that time. Signed-off-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 72d17aade6..79e18db11d 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -588,6 +588,15 @@ def set_purposes(d, element, *var_names, force_purposes=[]): ] +def add_custom_annotations(d, objset, obj): + for var in (d.getVar("SPDX_CUSTOM_ANNOTATION_VARS") or "").split(): + objset.new_annotation( + obj, + "%s=%s" % (var, d.getVar(var)), + oe.spdx30.AnnotationType.other, + ) + + def set_purls(spdx_package, purls): if purls: spdx_package.software_packageUrl = purls[0] @@ -639,6 +648,8 @@ def create_recipe_spdx(d): ext.is_native = True recipe.extension.append(ext) + add_custom_annotations(d, recipe_objset, recipe) + set_purls(recipe, (d.getVar("SPDX_PACKAGE_URLS") or "").split()) # TODO: This doesn't work before do_unpack because the license text has to @@ -839,12 +850,7 @@ def create_spdx(d): build_objset.set_is_native(is_native) - for var in (d.getVar("SPDX_CUSTOM_ANNOTATION_VARS") or "").split(): - build_objset.new_annotation( - build, - "%s=%s" % (var, d.getVar(var)), - oe.spdx30.AnnotationType.other, - ) + add_custom_annotations(d, build_objset, build) build_inputs = set()