Hi Antonin, sure, I can do it! Best,
Stefano ________________________________ From: Antonin Godard <[email protected]> Sent: Monday, March 2, 2026 17:15 To: [email protected] <[email protected]>; [email protected] <[email protected]> Cc: [email protected] <[email protected]>; [email protected] <[email protected]>; Tondo, Stefano (ext) (SI B PRO AUT PD ZUG SW 2) <[email protected]>; Marko, Peter (FT D EU SK BFS1) <[email protected]>; Freihofer, Adrian (SI B PRO TI EAC CCP) <[email protected]> Subject: Re: [OE-core] [PATCH v5 00/10] spdx30: SBOM enrichment and documentation Hi, On Mon Mar 2, 2026 at 5:01 PM CET, Stefano Tondo via lists.openembedded.org wrote: > This v5 drops patch 07/11 ("spdx30: Include recipe base PURL in package > external identifiers") from the v4 series, as it is now superseded by > Joshua Watt's commit 874b2d301d ("spdx: Add yocto PURLs") which already > includes oe.purl.get_base_purl(d) in the default SPDX_PACKAGE_URLS value, > making the separate patch redundant. > > All other v4 patches are unchanged. See v4 cover letter for full context. > > Changes since v4: > - Dropped 07/11: "spdx30: Include recipe base PURL in package external > identifiers" — superseded by 874b2d301d (spdx: Add yocto PURLs, > Joshua Watt, merged to master Jan 8 2026) > > Stefano Tondo (10): > spdx30: Add configurable file filtering support > spdx30: Add supplier support for image and SDK SBOMs > spdx30: Add ecosystem-specific PURL generation > spdx30: Add version extraction from SRCREV for Git source components > spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting > spdx30: Enrich source downloads with external refs and PURLs > oeqa/selftest: Add test for download_location defensive handling > spdx.py: Add test for version extraction patterns > cve_check: Escape special characters in CPE 2.3 formatted strings > spdx-common: Add documentation for undocumented SPDX variables > > meta/classes/create-spdx-3.0.bbclass | 20 ++ > meta/classes/spdx-common.bbclass | 63 +++++ > meta/lib/oe/cve_check.py | 37 ++- > meta/lib/oe/spdx30_tasks.py | 329 ++++++++++++++++++++++++++- > meta/lib/oeqa/selftest/cases/spdx.py | 75 ++++++ > 5 files changed, 518 insertions(+), 6 deletions(-) If this series is accepted and merged, would you be able to help documenting the new variables introduced by the series in the Yocto Project documentation? This would be sent on the [email protected] list. Documentation for these variables would be in: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.yoctoproject.org%2Fyocto-docs%2Ftree%2Fdocumentation%2Fref-manual%2Fvariables.rst&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7C42d160334da6405c734308de7876ec7b%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639080649333879748%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=K7EHUVXXVUHmVDTxn3cwXfJYgMCP2fmkdb1%2FXOclcQo%3D&reserved=0<https://git.yoctoproject.org/yocto-docs/tree/documentation/ref-manual/variables.rst>. The SBOM document would also likely need an update: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.yoctoproject.org%2Fyocto-docs%2Ftree%2Fdocumentation%2Fdev-manual%2Fsbom.rst&data=05%7C02%7Cstefano.tondo.ext%40siemens.com%7C42d160334da6405c734308de7876ec7b%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C639080649333937685%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=4ScS2Sx0NyiQ6hVZPAndqO2sf4pAlS8vXgOqR8sxLsc%3D&reserved=0<https://git.yoctoproject.org/yocto-docs/tree/documentation/dev-manual/sbom.rst> It can most likely be based off the documentation you've already written through the [doc] flag. I can help with the rST formatting. This would be greatly appreciated! Antonin
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232268): https://lists.openembedded.org/g/openembedded-core/message/232268 Mute This Topic: https://lists.openembedded.org/mt/118096078/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
