[OE-core] [OE-core 1/2] spdx30_tasks: Add summary field with fallback chain

Thu, 18 Dec 2025 04:02:00 -0800 

From: Stefano Tondo <[email protected]>

Add automatic population of summary field with intelligent fallback
chain to improve SBOM human-readability and documentation completeness.

The summary field provides a brief description of each package in the
SBOM, making it easier for humans to understand the purpose of components
without reading full descriptions. The implementation uses a fallback
chain to ensure every package has a meaningful summary:

  SUMMARY:${package} → SUMMARY → DESCRIPTION → generated description

This improvement addresses SBOM documentation quality requirements and
makes SBOMs more useful for security review and compliance documentation.

Signed-off-by: Stefano Tondo <[email protected]>
---
 meta/lib/oe/spdx30_tasks.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index f731a709e3..286a08ed9b 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -636,7 +636,22 @@ def create_spdx(d):
             set_var_field(
                 "HOMEPAGE", spdx_package, "software_homePage", package=package
             )
-            set_var_field("SUMMARY", spdx_package, "summary", package=package)
+            
+            # Add summary with fallback to DESCRIPTION
+            summary = None
+            if package:
+                summary = d.getVar("SUMMARY:%s" % package)
+            if not summary:
+                summary = d.getVar("SUMMARY")
+            if not summary:
+                # Fallback to DESCRIPTION if SUMMARY not available
+                summary = d.getVar("DESCRIPTION")
+            if not summary:
+                # Last resort: generate from package name
+                summary = f"Package {package or d.getVar('PN')}"
+            if summary:
+                spdx_package.summary = summary
+            
             set_var_field("DESCRIPTION", spdx_package, "description", 
package=package)
 
             if d.getVar("SPDX_PACKAGE_URL:%s" % package) or 
d.getVar("SPDX_PACKAGE_URL"):
-- 
2.52.0


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#228118): 
https://lists.openembedded.org/g/openembedded-core/message/228118
Mute This Topic: https://lists.openembedded.org/mt/116840956/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to