From: Stefano Tondo <[email protected]> BUILDNAME is a timestamp set by buildstats.bbclass that changes between builds, causing non-deterministic BitBake task hashes.
This was causing basehash mismatch errors: ERROR: When reparsing ...do_create_image_spdx, the basehash value changed from X to Y. The metadata is not deterministic. Root Cause: The image_package metadata uses BUILDNAME as packageVersion. BUILDNAME varies between builds (e.g., "20260120151200" vs "") making it unsuitable for deterministic builds. Fix: Replace BUILDNAME with DISTRO_VERSION which is: - Deterministic across builds - Semantically appropriate for image versioning - Falls back to "1.0" for nodistro builds This ensures clean builds without basehash errors while maintaining meaningful version information in the SBOM. Signed-off-by: Stefano Tondo <[email protected]> --- meta/lib/oe/spdx30_tasks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 0d62de61a3..12b8e68fbe 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py @@ -1505,7 +1505,7 @@ def create_image_spdx(d): _id=objset.new_spdxid("image", "root"), creationInfo=objset.doc.creationInfo, name=f"{image_basename}-{machine}", - software_packageVersion=d.getVar("BUILDNAME") or "1.0", + software_packageVersion=d.getVar("DISTRO_VERSION") or "1.0", software_primaryPurpose=oe.spdx30.software_SoftwarePurpose.container, description=d.getVar("IMAGE_DESCRIPTION") or f"{image_basename} image for {machine}", ) -- 2.53.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231566): https://lists.openembedded.org/g/openembedded-core/message/231566 Mute This Topic: https://lists.openembedded.org/mt/117922385/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
