This v5 drops patch 07/11 ("spdx30: Include recipe base PURL in package
external identifiers") from the v4 series, as it is now superseded by
Joshua Watt's commit 874b2d301d ("spdx: Add yocto PURLs") which already
includes oe.purl.get_base_purl(d) in the default SPDX_PACKAGE_URLS value,
making the separate patch redundant.
All other v4 patches are unchanged. See v4 cover letter for full context.
Changes since v4:
- Dropped 07/11: "spdx30: Include recipe base PURL in package external
identifiers" — superseded by 874b2d301d (spdx: Add yocto PURLs,
Joshua Watt, merged to master Jan 8 2026)
Stefano Tondo (10):
spdx30: Add configurable file filtering support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Add ecosystem-specific PURL generation
spdx30: Add version extraction from SRCREV for Git source components
spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting
spdx30: Enrich source downloads with external refs and PURLs
oeqa/selftest: Add test for download_location defensive handling
spdx.py: Add test for version extraction patterns
cve_check: Escape special characters in CPE 2.3 formatted strings
spdx-common: Add documentation for undocumented SPDX variables
meta/classes/create-spdx-3.0.bbclass | 20 ++
meta/classes/spdx-common.bbclass | 63 +++++
meta/lib/oe/cve_check.py | 37 ++-
meta/lib/oe/spdx30_tasks.py | 329 ++++++++++++++++++++++++++-
meta/lib/oeqa/selftest/cases/spdx.py | 75 ++++++
5 files changed, 518 insertions(+), 6 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#232209):
https://lists.openembedded.org/g/openembedded-core/message/232209
Mute This Topic: https://lists.openembedded.org/mt/118096078/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
