spdx: Update for bitbake changes

Bitbake is dropping the need for fetcher name iteration and multiple revisions per url. Update the code to match (removal of the for loop). (From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-05-08 23:52:25 +08:00 · 2025-03-18 22:40:54 +00:00 · 2025-03-18 22:40:54 +00:00 · 110b2c124b
commit 110b2c124b
parent bdd2b0fee1
3 changed files with 89 additions and 91 deletions
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@ -352,34 +352,33 @@ def add_download_packages(d, doc, recipe):
    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
        f = bb.fetch2.FetchData(src_uri, d)

-        for name in f.names:
-            package = oe.spdx.SPDXPackage()
-            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
-            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
+        package = oe.spdx.SPDXPackage()
+        package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
+        package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)

-            if f.type == "file":
-                continue
+        if f.type == "file":
+            continue

-            if f.method.supports_checksum(f):
-                for checksum_id in CHECKSUM_LIST:
-                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
-                        continue
+        if f.method.supports_checksum(f):
+            for checksum_id in CHECKSUM_LIST:
+                if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+                    continue

-                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
-                    if expected_checksum is None:
-                        continue
+                expected_checksum = getattr(f, "%s_expected" % checksum_id)
+                if expected_checksum is None:
+                    continue

-                    c = oe.spdx.SPDXChecksum()
-                    c.algorithm = checksum_id.upper()
-                    c.checksumValue = expected_checksum
-                    package.checksums.append(c)
+                c = oe.spdx.SPDXChecksum()
+                c.algorithm = checksum_id.upper()
+                c.checksumValue = expected_checksum
+                package.checksums.append(c)

-            package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, name)
-            doc.packages.append(package)
-            doc.add_relationship(doc, "DESCRIBES", package)
-            # In the future, we might be able to do more fancy dependencies,
-            # but this should be sufficient for now
-            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
+        package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, f.name)
+        doc.packages.append(package)
+        doc.add_relationship(doc, "DESCRIBES", package)
+        # In the future, we might be able to do more fancy dependencies,
+        # but this should be sufficient for now
+        doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)

 def get_license_list_version(license_data, d):
    # Newer versions of the SPDX license list are SemVer ("MAJOR.MINOR.MICRO"),
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@ -356,78 +356,77 @@ def add_download_files(d, objset):
    for download_idx, src_uri in enumerate(urls):
        fd = fetch.ud[src_uri]

-        for name in fd.names:
-            file_name = os.path.basename(fetch.localpath(src_uri))
-            if oe.patch.patch_path(src_uri, fetch, "", expand=False):
-                primary_purpose = oe.spdx30.software_SoftwarePurpose.patch
-            else:
-                primary_purpose = oe.spdx30.software_SoftwarePurpose.source
+        file_name = os.path.basename(fetch.localpath(src_uri))
+        if oe.patch.patch_path(src_uri, fetch, "", expand=False):
+            primary_purpose = oe.spdx30.software_SoftwarePurpose.patch
+        else:
+            primary_purpose = oe.spdx30.software_SoftwarePurpose.source

-            if fd.type == "file":
-                if os.path.isdir(fd.localpath):
-                    walk_idx = 1
-                    for root, dirs, files in os.walk(fd.localpath, onerror=walk_error):
-                        dirs.sort()
-                        files.sort()
-                        for f in files:
-                            f_path = os.path.join(root, f)
-                            if os.path.islink(f_path):
-                                # TODO: SPDX doesn't support symlinks yet
-                                continue
-
-                            file = objset.new_file(
-                                objset.new_spdxid(
-                                    "source", str(download_idx + 1), str(walk_idx)
-                                ),
-                                os.path.join(
-                                    file_name, os.path.relpath(f_path, fd.localpath)
-                                ),
-                                f_path,
-                                purposes=[primary_purpose],
-                            )
-
-                            inputs.add(file)
-                            walk_idx += 1
-
-                else:
-                    file = objset.new_file(
-                        objset.new_spdxid("source", str(download_idx + 1)),
-                        file_name,
-                        fd.localpath,
-                        purposes=[primary_purpose],
-                    )
-                    inputs.add(file)
-
-            else:
-                dl = objset.add(
-                    oe.spdx30.software_Package(
-                        _id=objset.new_spdxid("source", str(download_idx + 1)),
-                        creationInfo=objset.doc.creationInfo,
-                        name=file_name,
-                        software_primaryPurpose=primary_purpose,
-                        software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
-                            fd, name
-                        ),
-                    )
-                )
-
-                if fd.method.supports_checksum(fd):
-                    # TODO Need something better than hard coding this
-                    for checksum_id in ["sha256", "sha1"]:
-                        expected_checksum = getattr(
-                            fd, "%s_expected" % checksum_id, None
-                        )
-                        if expected_checksum is None:
+        if fd.type == "file":
+            if os.path.isdir(fd.localpath):
+                walk_idx = 1
+                for root, dirs, files in os.walk(fd.localpath, onerror=walk_error):
+                    dirs.sort()
+                    files.sort()
+                    for f in files:
+                        f_path = os.path.join(root, f)
+                        if os.path.islink(f_path):
+                            # TODO: SPDX doesn't support symlinks yet
                            continue

-                        dl.verifiedUsing.append(
-                            oe.spdx30.Hash(
-                                algorithm=getattr(oe.spdx30.HashAlgorithm, checksum_id),
-                                hashValue=expected_checksum,
-                            )
+                        file = objset.new_file(
+                            objset.new_spdxid(
+                                "source", str(download_idx + 1), str(walk_idx)
+                            ),
+                            os.path.join(
+                                file_name, os.path.relpath(f_path, fd.localpath)
+                            ),
+                            f_path,
+                            purposes=[primary_purpose],
                        )

-                inputs.add(dl)
+                        inputs.add(file)
+                        walk_idx += 1
+
+            else:
+                file = objset.new_file(
+                    objset.new_spdxid("source", str(download_idx + 1)),
+                    file_name,
+                    fd.localpath,
+                    purposes=[primary_purpose],
+                )
+                inputs.add(file)
+
+        else:
+            dl = objset.add(
+                oe.spdx30.software_Package(
+                    _id=objset.new_spdxid("source", str(download_idx + 1)),
+                    creationInfo=objset.doc.creationInfo,
+                    name=file_name,
+                    software_primaryPurpose=primary_purpose,
+                    software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
+                        fd, fd.name
+                    ),
+                )
+            )
+
+            if fd.method.supports_checksum(fd):
+                # TODO Need something better than hard coding this
+                for checksum_id in ["sha256", "sha1"]:
+                    expected_checksum = getattr(
+                        fd, "%s_expected" % checksum_id, None
+                    )
+                    if expected_checksum is None:
+                        continue
+
+                    dl.verifiedUsing.append(
+                        oe.spdx30.Hash(
+                            algorithm=getattr(oe.spdx30.HashAlgorithm, checksum_id),
+                            hashValue=expected_checksum,
+                        )
+                    )
+
+            inputs.add(dl)

    return inputs

--- a/meta/lib/oe/spdx_common.py
+++ b/meta/lib/oe/spdx_common.py
@ -239,6 +239,6 @@ def fetch_data_to_uri(fd, name):
    uri = uri + "://" + fd.host + fd.path

    if fd.method.supports_srcrev():
-        uri = uri + "@" + fd.revisions[name]
+        uri = uri + "@" + fd.revision

    return uri