]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e568ba) | patch
spdx: add option to include only compiled sources
authorDaniel Turull <daniel.turull@ericsson.com>
Tue, 10 Jun 2025 15:24:42 +0000 (17:24 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 17 Jun 2025 22:38:15 +0000 (23:38 +0100)
commitc6a2f1fca76fae4c3ea471a0c63d0b453beea968
treec623b6507757a823090aade872c046f6598a369etree
parent2e568ba8607a6f65caea891df9bc9341988aaf37commit | diff
spdx: add option to include only compiled sources

When SPDX_INCLUDE_COMPILED_SOURCES is enabled, only include the
source code files that are used during compilation.

It uses debugsource information generated during do_package.

This enables an external tool to use the SPDX information to disregard
vulnerabilities that are not compiled.

As example, when used with the default config with linux-yocto, the spdx size is
reduced from 156MB to 61MB.

Tested with bitbake world on oe-core.

CC: Quentin Schulz <quentin.schulz@cherry.de>
CC: Joshua Watt <JPEWhacker@gmail.com>
CC: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
meta/classes/create-spdx-2.2.bbclass diff | blob | blame | history
meta/classes/spdx-common.bbclass diff | blob | blame | history
meta/lib/oe/spdx30_tasks.py diff | blob | blame | history
meta/lib/oe/spdx_common.py diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib