From: Stefano Tondo Date: Thu, 12 Mar 2026 15:38:45 +0000 (+0100) Subject: spdx-common: Add documentation for undocumented SPDX variables X-Git-Tag: yocto-6.0_M3~301 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa10e1b59b2068e14bb37ddcc9913ca8d23b15a8;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git spdx-common: Add documentation for undocumented SPDX variables Add [doc] strings for eight undocumented SPDX-related BitBake variables in spdx-common.bbclass. Variables documented: - SPDX_INCLUDE_SOURCES - SPDX_INCLUDE_COMPILED_SOURCES - SPDX_UUID_NAMESPACE - SPDX_NAMESPACE_PREFIX - SPDX_PRETTY - SPDX_LICENSES - SPDX_CUSTOM_ANNOTATION_VARS - SPDX_MULTILIB_SSTATE_ARCHS This makes variables discoverable via bitbake-getvar and IDE completion, improving usability for SBOM generation. Signed-off-by: Stefano Tondo Reviewed-by: Joshua Watt Signed-off-by: Mathieu Dubois-Briand --- diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass index 3110230c9e..b8961262f9 100644 --- a/meta/classes/spdx-common.bbclass +++ b/meta/classes/spdx-common.bbclass @@ -26,15 +26,38 @@ SPDX_TOOL_VERSION ??= "1.0" SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" SPDX_INCLUDE_SOURCES ??= "0" +SPDX_INCLUDE_SOURCES[doc] = "If set to '1', include source code files in the \ + SPDX output. This will create File objects for all source files used during \ + the build. Note: This significantly increases SBOM size and generation time." + SPDX_INCLUDE_COMPILED_SOURCES ??= "0" +SPDX_INCLUDE_COMPILED_SOURCES[doc] = "If set to '1', include compiled source \ + files (object files, etc.) in the SPDX output. This automatically enables \ + SPDX_INCLUDE_SOURCES. Note: This significantly increases SBOM size." SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" +SPDX_UUID_NAMESPACE[doc] = "The namespace used for generating UUIDs in SPDX \ + documents. This should be a domain name or unique identifier for your \ + organization to ensure globally unique SPDX IDs." + SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs" +SPDX_NAMESPACE_PREFIX[doc] = "The URI prefix used for SPDX document namespaces. \ + Combined with other identifiers to create unique document URIs." + SPDX_PRETTY ??= "0" +SPDX_PRETTY[doc] = "If set to '1', generate human-readable formatted JSON output \ + with indentation and line breaks. If '0', generate compact JSON output. \ + Pretty formatting makes files larger but easier to read." SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" +SPDX_LICENSES[doc] = "Path to the JSON file containing SPDX license identifier \ + mappings. This file maps common license names to official SPDX license \ + identifiers." SPDX_CUSTOM_ANNOTATION_VARS ??= "" +SPDX_CUSTOM_ANNOTATION_VARS[doc] = "Space-separated list of variable names whose \ + values will be added as custom annotations to SPDX documents. Each variable's \ + name and value will be recorded as an annotation for traceability." SPDX_CONCLUDED_LICENSE ??= "" SPDX_CONCLUDED_LICENSE[doc] = "The license concluded by manual or external \ @@ -53,6 +76,9 @@ SPDX_CONCLUDED_LICENSE[doc] = "The license concluded by manual or external \ SPDX_CONCLUDED_LICENSE:${PN} = 'MIT & Apache-2.0'" SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}" +SPDX_MULTILIB_SSTATE_ARCHS[doc] = "The list of sstate architectures to consider \ + when collecting SPDX dependencies. This includes multilib architectures when \ + multilib is enabled. Defaults to SSTATE_ARCHS." python () { from oe.cve_check import extend_cve_status