1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
meta-spdxscanner
================
1.meta-spdxscanner supports the following SPDX create tools.
- fossology python REST API
- scancode-tk
- fossology REST API (by curl)
2.meta-spdxscanner supports upload OSS source code to blackduck server by Synopsys Detect.
- blackduck-upload.bbclass
DEPENDS
-----------------------
For fossology-python.bbclass
- [fossology server](https://hub.docker.com/r/fossology/fossology/)
- [fossology-python](https://github.com/fossology/fossology-python)
- openembedded-core
- meta-oe/meta-python
- meta-oe/meta-oe
- meta-oe/meta-webserver
For scancode-tk.bbclass
- openembedded-core
- meta-oe/meta-python
For fossology-rest.bbclass
- [fossology server](https://hub.docker.com/r/fossology/fossology/)
- openembedded-core
- meta-oe/meta-python
For blackduck-upload.bbclass
- openembedded-core
How to use
-----------------------
Now, meta-spdxscanner provides three methods as following to create spdx files. Please select one to use.
First, edit the conf/local.conf file, select one module to enable it.
1.fossology-python.bbclass
```
$ cat conf/local.conf
...
INHERIT += "fossology-python"
TOKEN = "eyJ0eXAiO..."
WAIT_TIME = "..." //Optional, by default, it is 0. If you run hundreds of do_spdx task,
//and your fossology server is not fast enough, it's better to added this value.
FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional, by default, it is http://127.0.0.1:8081/repo
FOLDER_NAME = "xxxx" //Optional, by default, it is the top folder "Software Repository"(folderId=1).
SPDX_DEPLOY_DIR = "${DeployDir}" //Optional, by default, spdx files will be deployed to ${BUILD_DIR}/tmp/deploy/spdx/
...
```
Note
- If you want to use fossology-python.bbclass, you have to make sure that fossology server on your host and make sure it works well.
Please reference to https://hub.docker.com/r/fossology/fossology/.
- TOKEN can be created on fossology server after login by "Admin"->"Users"->"Edit user account"->"Create a new token".
2.scancode-tk.bbclass
- inherit the folowing class in your conf/local.conf.
```
PREFERRED_VERSION_python3-pluggy-native = "0.13.1"
INHERIT += "scancode-tk"
```
3.fossology-rest.bbclass
- inherit the folowing class in your conf/local.conf.
```
INHERIT += "fossology-rest"
TOKEN = "eyJ0eXAiO..."
FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional, by default, it is http://127.0.0.1:8081/repo
FOLDER_NAME = "xxxx" //Optional, by default, it is the top folder "Software Repository"(folderId=1).
SPDX_DEPLOY_DIR = "${DeployDir}" //Optional, by default, spdx files will be deployed to ${BUILD_DIR}/tmp/deploy/spdx/
```
Note
- If you want to use fossology-rest.bbclass, you have to make sure that fossology server on your host and make sure it works well.
Please reference to https://hub.docker.com/r/fossology/fossology/.
- TOKEN can be created on fossology server after login by "Admin"->"Users"->"Edit user account"->"Create a new token".
Finished editing the conf/local.con file, you can get spdx files whatever your build by bitbake. For example:
- For what your build(e.g, openssl) and the dependences.
```
$ bitbake openssl
```
- Only get a spdx for one recipe(e.g, openssl_%.bb).
```
$ bitbake openssl -f -c spdx
```
- Only get spdx files for what will be built for a image file(e.g, core-image-minimal.bb) without building.
```
$ bitbake --runall=spdx core-image-minimal
```
If you has a blackduck server, you can use the following method to upload source code to the server.
1.blackduck-upload.bbclass
First, edit the conf/local.conf file under build directory as following:
```
INHERIT += "blackduck-upload"
BD_URI = "https://xxx.yyy.com/"
PRO_NAME = "xxx"
PRO_VER = "xxx"
PROXY_HOST = "xxx"
PROXY_PORT = "xxxx"
PROXY_UN = "xxx"
PROXY_PW = "xxxx"
TOKEN = "NmJ..."
```
Finished editing the conf/local.con file, you can upload the source code of of recipe by bitbake. For example:
- For what your build(e.g, openssl) and the dependences.
```
$ bitbake openssl
```
- Only upload one OSS(e.g, openssl).
```
$ bitbake openssl -f -c synopsys_detect
```
- Only get spdx files for what will be built for a image file(e.g, core-image-minimal.bb) without compiling.
```
$ bitbake --runall=synopsys_detect core-image-minimal
```
Contributing
------------
To contribute to this layer you should submit the patches for review to the
mailing list (yocto@lists.yoctoproject.org) or to maintainer directly.
Mailing list:
yocto@lists.yoctoproject.org
Layer maintainer:
leimaohui@fujitsu.com
|
