diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2020-07-11 00:00:51 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2020-07-16 00:14:42 +0300 |
| commit | 475cb72d2bb2f40ca5e9f4edba6d49d6c7afbd3e (patch) | |
| tree | 740a5590a07ad7729fffb46400b4e431ffaf19bb /poky/meta/classes/spdx.bbclass | |
| parent | 4a78d5543967f66f3de99b073aef2d95cf543be0 (diff) | |
| download | openbmc-475cb72d2bb2f40ca5e9f4edba6d49d6c7afbd3e.tar.xz | |
poky: subtree update:5951cbcabe..968fcf4989
Alejandro Hernandez (3):
baremetal-helloworld: Use do_image_complete instead of do_deploy
baremetal-image.bbclass: Create a class for baremetal applications or an RTOS
baremetal-helloworld: Use baremetal-image class to deploy the application
Alejandro del Castillo (2):
opkg-utils: upgrade to 0.4.3
opkg: upgrade to version 0.4.3
Alexander Kanavin (30):
dnf: upgrade 4.2.21 -> 4.2.23
meson: upgrade 0.54.2 -> 0.54.3
libdnf: update 0.47.0 -> 0.48.0
ffmpeg: disable altivec on ppc by default
dropbear: update 2019.78 -> 2020.79
elfutils: upgrade 0.179 -> 0.180
gnu-config: update to latest revision
libgpg-error: update 1.37 -> 1.38
perl: update 5.30.2 -> 5.32.0
gst-examples: upstream releases are even numbered
bison: upgrade 3.6.3 -> 3.6.4
python3-cython: upgrade 0.29.19 -> 0.29.20
stress-ng: upgrade 0.11.12 -> 0.11.14
piglit: upgrade to latest revision
linux-firmware: upgrade 20200519 -> 20200619
systemtap: upgrade 4.2 -> 4.3
alsa-lib: upgrade 1.2.2 -> 1.2.3.1
alsa-topology-conf: upgrade 1.2.2 -> 1.2.3
alsa-ucm-conf: upgrade 1.2.2 -> 1.2.3
alsa-utils: upgrade 1.2.2 -> 1.2.3
puzzles: upgrade to latest revision
diffoscope: upgrade 147 -> 148
libcheck: upgrade 0.14.0 -> 0.15.0
rsync: update 3.1.3 -> 3.2.1
sudo: upgrade 1.9.0 -> 1.9.1
python3-numpy: update 1.18.5 -> 1.19.0
mesa: update 20.0.7 -> 20.1.2
go-binary-native: fix upstream version check
Revert "python3-setuptools: patch entrypoints for faster initialization"
python3-setuptools: upgrade 47.1.1 -> 47.3.1
Alistair Francis (1):
opensbi: Update to OpenSBI v0.8 release
Andreas Müller (3):
nfs-utils: upgrade 2.4.3 -> 2.5.1
ccache: merge ccache.inc into recipe
ccache: upgrade 3.7.9 -> 3.7.10
Andrej Valek (2):
busybox: 1.31.1 -> 1.32.0
dropbear: update to 2020.80
Andrey Zhizhikin (1):
kernel/yocto: fix search for defconfig from src_uri
Armin Kuster (1):
wpa-supplicant: Security fix CVE-2020-12695
Bjarne Michelsen (1):
devtool: default to empty string, if LIC_FILES_CHKSUM is not available
Bruce Ashfield (10):
kernel/yocto: ensure that defconfigs are processed first
linux-yocto/5.4: update to v5.4.45
linux-yocto-rt/5.4: update to rt25
linux-yocto/5.4: update to v5.4.46
linux-yocto/5.4: update to v5.4.47
linux-yocto/5.4: update to v5.4.49 and -rt28
yocto-bsps: bump reference boards to v5.4.49
linux-yocto/5.4: update to v5.4.50
linux-yocto-dev: bump to 5.8-rc
lttng-modules: bump devupstream to v2.12.1+
Changqing Li (5):
xinit: add rxvt-unicode in RDEPENDS
modutils-initscripts: update postinst
initscripts: update postinst
gtk-icon-cache.bbclass: add runtime dependency
logrotate.py: fix testimage occasionally failure
Chen Qi (2):
oescripts.py: fix typo
oescripts: ignore whitespaces when comparing lines
Chris Laplante (2):
bitbake: contrib/vim: synchronize from kergoth/vim-bitbake rev 4225ee8b4818d7e4696520567216a3a031c26f7d
bitbake: ui/teamcity: don't use removed logging classes
Christian Eggers (1):
libnl: Extend for native/nativesdk
Damian Wrobel (1):
rootfs: do not let ldconfig to create symlinks
Daniel Klauer (2):
uboot-sign: Refactor do_deploy prefunc to do_deploy_prepend
deploy.bbclass: Clean DEPLOYDIR before do_deploy
David Khouya (2):
bitbake: lib/ui/taskexp: Validate gi import
bitbake: lib/ui/taskexp: Fix missing Gtk import
Hannu Lounento (1):
openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf
Hongxu Jia (1):
iso-codes: switch upstream branch master -> main
Jason Wessel (1):
runqemu: If using a vmtype image do not add the -no-reboot flag
Joe Slater (1):
jquery: use ${S}
Joshua Watt (4):
bitbake: hashserv: Chunkify large messages
bitbake: siggen: Fix error when hash equivalence has an exception
classes/archiver: run do_unpack_and_patch after do_preconfigure
classes/archive: do_configure should not depend on do_ar_patched
Khem Raj (2):
musl: Update to tip of master
rxvt-unicode: Disable wtmp on musl
Konrad Weihmann (2):
systemd: remove kernel-install from base pkg
bitbake.conf: fix whitespace issues
Lee Chee Yang (3):
json-c: fix CVE-2020-12762
qemu: fix CVE-2020-10761
oeqa/core/loader: refine regex to find module
Lili Li (1):
kernel.bbclass: Fix Module.symvers support
Matt Madison (1):
kernel.bbclass: add gzip-native to do_deploy dependencies
Max Krummenacher (2):
cogl-1.0: : don't require eglmesaext.h
cogl-1.0: cope with missing x11 headers
Mingli Yu (2):
python3-libarchive-c: add the missing rdepends
python3: add ldconfig rdepends for python3-ctypes
Nicolas Dechesne (1):
checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
Pierre-Jean Texier (3):
libubootenv: bump to revision 86bd30a
curl: upgrade 7.71.0 -> 7.71.1
diffoscope: upgrade 148 -> 150
Rahul Kumar (1):
bzip2: Add test suite for bzip2
Rasmus Villemoes (1):
coreutils: don't split stdbuf to own package with single-binary
Richard Purdie (13):
pseudo: Switch to oe-core branch in git repo
pseudo: merge in fixes for setfacl issue
oeqa/selftest: Clean up separate builddir in success case when non-threaded
populate_sdk_ext: Fix to use python3, not python
bitbake: taskdata: Improve handling of regex in ASSUME_PROVIDED
bitbake: runqueue: Avoid unpickle errors in rare cases
bitbake: msg: Avoid issues where paths have relative components
oeqa/selftest: recipetool/devtool: Avoid load_plugin test race
oeqa/targetcontrol: Attempt to fix log closure warning message
rootfs-postcommands: Improve/fix rootfs_check_host_user_contaminated
spdx: Remove the class as its obsolete
adwaita-icon-theme: Add missing license files to LIC_FILES_CHKSUM
bitbake: server/process: Increase timeout for commands
Ross Burton (3):
ovmf: build natively everywhere
common-licenses: fix filename of BSD-2-Clause-Patent
gtk+3: fix reproducible build failure
Timon Ulrich (2):
kernel.bbclass: add lz4 dependency and fix the call to lz4
kernel.bbclass: make dependency on lzop-native conditional
Vacek, Patrick (1):
oeqa/core/loader: fix regex to include numbers
Wang Mingyu (1):
gtk+3: upgrade 3.24.20 -> 3.24.21
Yanfei Xu (1):
classes/kernel: Use a copy of image for kernel*.rpm if fs doesn't support symlinks
akuster (5):
libuv: update to the last version in meta-oe
bitbake: test/fetch: change to better svn source
overview-manual: add SPDX license header
mega-manual: Add SPDX license headers
ref-manual: Add SPDX license headers
hongxu (2):
qemu: switches from libcap to libcap-ng for PACAKGECONFIG virtfs
cpio: add nativesdk support
zangrc (1):
libjpeg-turbo:upgrade 2.0.4 -> 2.0.5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I41e066e5957aa74c9a24e86a6c214bcf96e9c46b
Diffstat (limited to 'poky/meta/classes/spdx.bbclass')
| -rw-r--r-- | poky/meta/classes/spdx.bbclass | 360 |
1 files changed, 0 insertions, 360 deletions
diff --git a/poky/meta/classes/spdx.bbclass b/poky/meta/classes/spdx.bbclass deleted file mode 100644 index fb78e274a..000000000 --- a/poky/meta/classes/spdx.bbclass +++ /dev/null @@ -1,360 +0,0 @@ -# This class integrates real-time license scanning, generation of SPDX standard -# output and verifiying license info during the building process. -# It is a combination of efforts from the OE-Core, SPDX and Fossology projects. -# -# For more information on FOSSology: -# http://www.fossology.org -# -# For more information on FOSSologySPDX commandline: -# https://github.com/spdx-tools/fossology-spdx/wiki/Fossology-SPDX-Web-API -# -# For more information on SPDX: -# http://www.spdx.org -# - -# SPDX file will be output to the path which is defined as[SPDX_MANIFEST_DIR] -# in ./meta/conf/licenses.conf. - -SPDXSSTATEDIR = "${WORKDIR}/spdx_sstate_dir" - -# If ${S} isn't actually the top-level source directory, set SPDX_S to point at -# the real top-level directory. -SPDX_S ?= "${S}" - -python do_spdx () { - import os, sys - import json, shutil - - info = {} - info['workdir'] = d.getVar('WORKDIR') - info['sourcedir'] = d.getVar('SPDX_S') - info['pn'] = d.getVar('PN') - info['pv'] = d.getVar('PV') - info['spdx_version'] = d.getVar('SPDX_VERSION') - info['data_license'] = d.getVar('DATA_LICENSE') - - sstatedir = d.getVar('SPDXSSTATEDIR') - sstatefile = os.path.join(sstatedir, info['pn'] + info['pv'] + ".spdx") - - manifest_dir = d.getVar('SPDX_MANIFEST_DIR') - info['outfile'] = os.path.join(manifest_dir, info['pn'] + ".spdx" ) - - info['spdx_temp_dir'] = d.getVar('SPDX_TEMP_DIR') - info['tar_file'] = os.path.join(info['workdir'], info['pn'] + ".tar.gz" ) - - # Make sure important dirs exist - try: - bb.utils.mkdirhier(manifest_dir) - bb.utils.mkdirhier(sstatedir) - bb.utils.mkdirhier(info['spdx_temp_dir']) - except OSError as e: - bb.error("SPDX: Could not set up required directories: " + str(e)) - return - - ## get everything from cache. use it to decide if - ## something needs to be rerun - cur_ver_code = get_ver_code(info['sourcedir']) - cache_cur = False - if os.path.exists(sstatefile): - ## cache for this package exists. read it in - cached_spdx = get_cached_spdx(sstatefile) - - if cached_spdx['PackageVerificationCode'] == cur_ver_code: - bb.warn("SPDX: Verification code for " + info['pn'] - + "is same as cache's. do nothing") - cache_cur = True - else: - local_file_info = setup_foss_scan(info, True, cached_spdx['Files']) - else: - local_file_info = setup_foss_scan(info, False, None) - - if cache_cur: - spdx_file_info = cached_spdx['Files'] - foss_package_info = cached_spdx['Package'] - foss_license_info = cached_spdx['Licenses'] - else: - ## setup fossology command - foss_server = d.getVar('FOSS_SERVER') - foss_flags = d.getVar('FOSS_WGET_FLAGS') - foss_full_spdx = d.getVar('FOSS_FULL_SPDX') == "true" or False - foss_command = "wget %s --post-file=%s %s"\ - % (foss_flags, info['tar_file'], foss_server) - - foss_result = run_fossology(foss_command, foss_full_spdx) - if foss_result is not None: - (foss_package_info, foss_file_info, foss_license_info) = foss_result - spdx_file_info = create_spdx_doc(local_file_info, foss_file_info) - ## write to cache - write_cached_spdx(sstatefile, cur_ver_code, foss_package_info, - spdx_file_info, foss_license_info) - else: - bb.error("SPDX: Could not communicate with FOSSology server. Command was: " + foss_command) - return - - ## Get document and package level information - spdx_header_info = get_header_info(info, cur_ver_code, foss_package_info) - - ## CREATE MANIFEST - create_manifest(info, spdx_header_info, spdx_file_info, foss_license_info) - - ## clean up the temp stuff - shutil.rmtree(info['spdx_temp_dir'], ignore_errors=True) - if os.path.exists(info['tar_file']): - remove_file(info['tar_file']) -} -addtask spdx after do_patch before do_configure - -def create_manifest(info, header, files, licenses): - import codecs - with codecs.open(info['outfile'], mode='w', encoding='utf-8') as f: - # Write header - f.write(header + '\n') - - # Write file data - for chksum, block in files.iteritems(): - f.write("FileName: " + block['FileName'] + '\n') - for key, value in block.iteritems(): - if not key == 'FileName': - f.write(key + ": " + value + '\n') - f.write('\n') - - # Write license data - for id, block in licenses.iteritems(): - f.write("LicenseID: " + id + '\n') - for key, value in block.iteritems(): - f.write(key + ": " + value + '\n') - f.write('\n') - -def get_cached_spdx(sstatefile): - import json - import codecs - cached_spdx_info = {} - with codecs.open(sstatefile, mode='r', encoding='utf-8') as f: - try: - cached_spdx_info = json.load(f) - except ValueError as e: - cached_spdx_info = None - return cached_spdx_info - -def write_cached_spdx(sstatefile, ver_code, package_info, files, license_info): - import json - import codecs - spdx_doc = {} - spdx_doc['PackageVerificationCode'] = ver_code - spdx_doc['Files'] = {} - spdx_doc['Files'] = files - spdx_doc['Package'] = {} - spdx_doc['Package'] = package_info - spdx_doc['Licenses'] = {} - spdx_doc['Licenses'] = license_info - with codecs.open(sstatefile, mode='w', encoding='utf-8') as f: - f.write(json.dumps(spdx_doc)) - -def setup_foss_scan(info, cache, cached_files): - import errno, shutil - import tarfile - file_info = {} - cache_dict = {} - - for f_dir, f in list_files(info['sourcedir']): - full_path = os.path.join(f_dir, f) - abs_path = os.path.join(info['sourcedir'], full_path) - dest_dir = os.path.join(info['spdx_temp_dir'], f_dir) - dest_path = os.path.join(info['spdx_temp_dir'], full_path) - - checksum = hash_file(abs_path) - if not checksum is None: - file_info[checksum] = {} - ## retain cache information if it exists - if cache and checksum in cached_files: - file_info[checksum] = cached_files[checksum] - ## have the file included in what's sent to the FOSSology server - else: - file_info[checksum]['FileName'] = full_path - try: - bb.utils.mkdirhier(dest_dir) - shutil.copyfile(abs_path, dest_path) - except OSError as e: - bb.warn("SPDX: mkdirhier failed: " + str(e)) - except shutil.Error as e: - bb.warn("SPDX: copyfile failed: " + str(e)) - except IOError as e: - bb.warn("SPDX: copyfile failed: " + str(e)) - else: - bb.warn("SPDX: Could not get checksum for file: " + f) - - with tarfile.open(info['tar_file'], "w:gz") as tar: - tar.add(info['spdx_temp_dir'], arcname=os.path.basename(info['spdx_temp_dir'])) - - return file_info - -def remove_file(file_name): - try: - os.remove(file_name) - except OSError as e: - pass - -def list_files(dir): - for root, subFolders, files in os.walk(dir): - for f in files: - rel_root = os.path.relpath(root, dir) - yield rel_root, f - return - -def hash_file(file_name): - from bb.utils import sha1_file - return sha1_file(file_name) - -def hash_string(data): - import hashlib - sha1 = hashlib.sha1() - sha1.update(data.encode('utf-8')) - return sha1.hexdigest() - -def run_fossology(foss_command, full_spdx): - import string, re - import subprocess - - try: - foss_output = subprocess.check_output(foss_command.split(), - stderr=subprocess.STDOUT).decode('utf-8') - except subprocess.CalledProcessError as e: - return None - - foss_output = foss_output.replace('\r', '') - - # Package info - package_info = {} - if full_spdx: - # All mandatory, only one occurrence - package_info['PackageCopyrightText'] = re.findall('PackageCopyrightText: (.*?</text>)', foss_output, re.S)[0] - package_info['PackageLicenseDeclared'] = re.findall('PackageLicenseDeclared: (.*)', foss_output)[0] - package_info['PackageLicenseConcluded'] = re.findall('PackageLicenseConcluded: (.*)', foss_output)[0] - # These may be more than one - package_info['PackageLicenseInfoFromFiles'] = re.findall('PackageLicenseInfoFromFiles: (.*)', foss_output) - else: - DEFAULT = "NOASSERTION" - package_info['PackageCopyrightText'] = "<text>" + DEFAULT + "</text>" - package_info['PackageLicenseDeclared'] = DEFAULT - package_info['PackageLicenseConcluded'] = DEFAULT - package_info['PackageLicenseInfoFromFiles'] = [] - - # File info - file_info = {} - records = [] - # FileName is also in PackageFileName, so we match on FileType as well. - records = re.findall('FileName:.*?FileType:.*?</text>', foss_output, re.S) - for rec in records: - chksum = re.findall('FileChecksum: SHA1: (.*)\n', rec)[0] - file_info[chksum] = {} - file_info[chksum]['FileCopyrightText'] = re.findall('FileCopyrightText: ' - + '(.*?</text>)', rec, re.S )[0] - fields = ['FileName', 'FileType', 'LicenseConcluded', 'LicenseInfoInFile'] - for field in fields: - file_info[chksum][field] = re.findall(field + ': (.*)', rec)[0] - - # Licenses - license_info = {} - licenses = [] - licenses = re.findall('LicenseID:.*?LicenseName:.*?\n', foss_output, re.S) - for lic in licenses: - license_id = re.findall('LicenseID: (.*)\n', lic)[0] - license_info[license_id] = {} - license_info[license_id]['ExtractedText'] = re.findall('ExtractedText: (.*?</text>)', lic, re.S)[0] - license_info[license_id]['LicenseName'] = re.findall('LicenseName: (.*)', lic)[0] - - return (package_info, file_info, license_info) - -def create_spdx_doc(file_info, scanned_files): - import json - ## push foss changes back into cache - for chksum, lic_info in scanned_files.iteritems(): - if chksum in file_info: - file_info[chksum]['FileType'] = lic_info['FileType'] - file_info[chksum]['FileChecksum: SHA1'] = chksum - file_info[chksum]['LicenseInfoInFile'] = lic_info['LicenseInfoInFile'] - file_info[chksum]['LicenseConcluded'] = lic_info['LicenseConcluded'] - file_info[chksum]['FileCopyrightText'] = lic_info['FileCopyrightText'] - else: - bb.warn("SPDX: " + lic_info['FileName'] + " : " + chksum - + " : is not in the local file info: " - + json.dumps(lic_info, indent=1)) - return file_info - -def get_ver_code(dirname): - chksums = [] - for f_dir, f in list_files(dirname): - path = os.path.join(dirname, f_dir, f) - hash = hash_file(path) - if not hash is None: - chksums.append(hash) - else: - bb.warn("SPDX: Could not hash file: " + path) - ver_code_string = ''.join(chksums).lower() - ver_code = hash_string(ver_code_string) - return ver_code - -def get_header_info(info, spdx_verification_code, package_info): - """ - Put together the header SPDX information. - Eventually this needs to become a lot less - of a hardcoded thing. - """ - from datetime import datetime - import os - head = [] - DEFAULT = "NOASSERTION" - - package_checksum = hash_file(info['tar_file']) - if package_checksum is None: - package_checksum = DEFAULT - - ## document level information - head.append("## SPDX Document Information") - head.append("SPDXVersion: " + info['spdx_version']) - head.append("DataLicense: " + info['data_license']) - head.append("DocumentComment: <text>SPDX for " - + info['pn'] + " version " + info['pv'] + "</text>") - head.append("") - - ## Creator information - ## Note that this does not give time in UTC. - now = datetime.now().strftime('%Y-%m-%dT%H:%M:%SZ') - head.append("## Creation Information") - ## Tools are supposed to have a version, but FOSSology+SPDX provides none. - head.append("Creator: Tool: FOSSology+SPDX") - head.append("Created: " + now) - head.append("CreatorComment: <text>UNO</text>") - head.append("") - - ## package level information - head.append("## Package Information") - head.append("PackageName: " + info['pn']) - head.append("PackageVersion: " + info['pv']) - head.append("PackageFileName: " + os.path.basename(info['tar_file'])) - head.append("PackageSupplier: Person:" + DEFAULT) - head.append("PackageDownloadLocation: " + DEFAULT) - head.append("PackageSummary: <text></text>") - head.append("PackageOriginator: Person:" + DEFAULT) - head.append("PackageChecksum: SHA1: " + package_checksum) - head.append("PackageVerificationCode: " + spdx_verification_code) - head.append("PackageDescription: <text>" + info['pn'] - + " version " + info['pv'] + "</text>") - head.append("") - head.append("PackageCopyrightText: " - + package_info['PackageCopyrightText']) - head.append("") - head.append("PackageLicenseDeclared: " - + package_info['PackageLicenseDeclared']) - head.append("PackageLicenseConcluded: " - + package_info['PackageLicenseConcluded']) - - for licref in package_info['PackageLicenseInfoFromFiles']: - head.append("PackageLicenseInfoFromFiles: " + licref) - head.append("") - - ## header for file level - head.append("## File Information") - head.append("") - - return '\n'.join(head) |