| Message ID | 20201012034255.2186713-1-leimaohui@cn.fujitsu.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/documentation/dev-manual/dev-manual-common-tasks.rst b/documentation/dev-manual/dev-manual-common-tasks.rst index bef8bf840f..80fd23e960 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.rst +++ b/documentation/dev-manual/dev-manual-common-tasks.rst @@ -11401,6 +11401,8 @@ to be covered by assuming that three main areas of concern exist: - Compilation scripts and modifications to the source code must be provided. +- spdx files can be provided. + There are other requirements beyond the scope of these three and the methods described in this section (e.g. the mechanism through which source code is distributed). @@ -11595,6 +11597,42 @@ layers (recipes, configuration files, and so forth) enables you to meet your requirements to include the scripts to control compilation as well as any modifications to the original source. +Providing spdx files +~~~~~~~~~~~~~~~~~~~~~~~~~ + +The spdx module has been integrated to a layer named meta-spdxscanner. +meta-spdxscanner provides several kinds of scanner. If you want to enable +this function, you have to do the following steps: + +1. Added meta-spdxscanner layer into ``bblayers.conf``. + +2. Reference to README of meta-spdxscanner, setup the environment(e.g, + setup a fossology server) of scanner. + +3. Meta-spdxscanner provids several methods(bbclass) to create spdx files. + Please choose one that you want to use and enable the spdx task. You have to + add some config options in +``local.conf`` file in your +:term:`Build Directory`. +The following is an example about how to get spdx files during bitbake +by fossology-python.bbclass: +:: + + # Selet fossology-python.bbclass. + INHERIT += "fossology-python" + # For fossology-python.bbclass, TOKEN is necessary, so, after setup a + # Fossology server, you have to create a token. + TOKEN = "eyJ0eXAiO..." + # The fossology server is necessary for fossology-python.bbclass. + FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional + # If you want to upload the source code to a special folder. + FOLDER_NAME = "xxxx" //Optional + # If you don't want to put spdx files in tmp/deploy/spdx, you can change. + SPDX_DEPLOY_DIR = "${DeployDir}" //Optional + +More usage of meta-spdxscanner, which you can find at: +https://git.yoctoproject.org/cgit/cgit.cgi/meta-spdxscanner/. + Copying Licenses that Do Not Exist ---------------------------------- diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst index 756df2a60f..7277c6bb9d 100644 --- a/documentation/ref-manual/ref-classes.rst +++ b/documentation/ref-manual/ref-classes.rst @@ -2380,19 +2380,6 @@ Autotools automatically picks up. The class also provides variables like ``SITEINFO_ENDIANNESS`` and ``SITEINFO_BITS`` that can be used elsewhere in the metadata. -.. _ref-classes-spdx: - -``spdx.bbclass`` -================ - -The ``spdx`` class integrates real-time license scanning, generation of -SPDX standard output, and verification of license information during the -build. - -.. note:: - - This class is currently at the prototype stage in the 1.6 release. - .. _ref-classes-sstate: ``sstate.bbclass`` diff --git a/documentation/ref-manual/ref-tasks.rst b/documentation/ref-manual/ref-tasks.rst index 2569306fc5..ea145644f7 100644 --- a/documentation/ref-manual/ref-tasks.rst +++ b/documentation/ref-manual/ref-tasks.rst @@ -859,17 +859,3 @@ sure that the machine and metadata branches as specified by the branches. If these branches do not exist and :term:`AUTOREV` is not being used, the ``do_validate_branches`` task fails during the build. - -Miscellaneous Tasks -=================== - -The following sections describe miscellaneous tasks. - -.. _ref-tasks-spdx: - -``do_spdx`` ------------ - -A build stage that takes the source code and scans it on a remote -FOSSOLOGY server in order to produce an SPDX document. This task applies -only to the :ref:`spdx <ref-classes-spdx>` class.
On 10/11/20 8:42 PM, leimaohui wrote: > - Deleted content about old spdx.bbclass. > - Added usage of meta-spdxscanner. Do we want to go down this road? Will we be adding other scanning layers in YP docs? It seems out of scope for the Yocto Project. -armin > > Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> > --- > .../dev-manual/dev-manual-common-tasks.rst | 38 +++++++++++++++++++ > documentation/ref-manual/ref-classes.rst | 13 ------- > documentation/ref-manual/ref-tasks.rst | 14 ------- > 3 files changed, 38 insertions(+), 27 deletions(-) > > diff --git a/documentation/dev-manual/dev-manual-common-tasks.rst b/documentation/dev-manual/dev-manual-common-tasks.rst > index bef8bf840f..80fd23e960 100644 > --- a/documentation/dev-manual/dev-manual-common-tasks.rst > +++ b/documentation/dev-manual/dev-manual-common-tasks.rst > @@ -11401,6 +11401,8 @@ to be covered by assuming that three main areas of concern exist: > - Compilation scripts and modifications to the source code must be > provided. > > +- spdx files can be provided. > + > There are other requirements beyond the scope of these three and the > methods described in this section (e.g. the mechanism through which > source code is distributed). > @@ -11595,6 +11597,42 @@ layers (recipes, configuration files, and so forth) enables you to meet > your requirements to include the scripts to control compilation as well > as any modifications to the original source. > > +Providing spdx files > +~~~~~~~~~~~~~~~~~~~~~~~~~ > + > +The spdx module has been integrated to a layer named meta-spdxscanner. > +meta-spdxscanner provides several kinds of scanner. If you want to enable > +this function, you have to do the following steps: > + > +1. Added meta-spdxscanner layer into ``bblayers.conf``. > + > +2. Reference to README of meta-spdxscanner, setup the environment(e.g, > + setup a fossology server) of scanner. > + > +3. Meta-spdxscanner provids several methods(bbclass) to create spdx files. > + Please choose one that you want to use and enable the spdx task. You have to > + add some config options in > +``local.conf`` file in your > +:term:`Build Directory`. > +The following is an example about how to get spdx files during bitbake > +by fossology-python.bbclass: > +:: > + > + # Selet fossology-python.bbclass. > + INHERIT += "fossology-python" > + # For fossology-python.bbclass, TOKEN is necessary, so, after setup a > + # Fossology server, you have to create a token. > + TOKEN = "eyJ0eXAiO..." > + # The fossology server is necessary for fossology-python.bbclass. > + FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional > + # If you want to upload the source code to a special folder. > + FOLDER_NAME = "xxxx" //Optional > + # If you don't want to put spdx files in tmp/deploy/spdx, you can change. > + SPDX_DEPLOY_DIR = "${DeployDir}" //Optional > + > +More usage of meta-spdxscanner, which you can find at: > +https://git.yoctoproject.org/cgit/cgit.cgi/meta-spdxscanner/. > + > Copying Licenses that Do Not Exist > ---------------------------------- > > diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst > index 756df2a60f..7277c6bb9d 100644 > --- a/documentation/ref-manual/ref-classes.rst > +++ b/documentation/ref-manual/ref-classes.rst > @@ -2380,19 +2380,6 @@ Autotools automatically picks up. > The class also provides variables like ``SITEINFO_ENDIANNESS`` and > ``SITEINFO_BITS`` that can be used elsewhere in the metadata. > > -.. _ref-classes-spdx: > - > -``spdx.bbclass`` > -================ > - > -The ``spdx`` class integrates real-time license scanning, generation of > -SPDX standard output, and verification of license information during the > -build. > - > -.. note:: > - > - This class is currently at the prototype stage in the 1.6 release. > - > .. _ref-classes-sstate: > > ``sstate.bbclass`` > diff --git a/documentation/ref-manual/ref-tasks.rst b/documentation/ref-manual/ref-tasks.rst > index 2569306fc5..ea145644f7 100644 > --- a/documentation/ref-manual/ref-tasks.rst > +++ b/documentation/ref-manual/ref-tasks.rst > @@ -859,17 +859,3 @@ sure that the machine and metadata branches as specified by the > branches. If these branches do not exist and > :term:`AUTOREV` is not being used, the > ``do_validate_branches`` task fails during the build. > - > -Miscellaneous Tasks > -=================== > - > -The following sections describe miscellaneous tasks. > - > -.. _ref-tasks-spdx: > - > -``do_spdx`` > ------------ > - > -A build stage that takes the source code and scans it on a remote > -FOSSOLOGY server in order to produce an SPDX document. This task applies > -only to the :ref:`spdx <ref-classes-spdx>` class. > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#459): https://lists.yoctoproject.org/g/docs/message/459 Mute This Topic: https://lists.yoctoproject.org/mt/77454085/3617530 Group Owner: docs+owner@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/docs/unsub [oe-patchwork@oe-patch.openembedded.org] -=-=-=-=-=-=-=-=-=-=-=-
On Mon, 2020-10-12 at 09:23 -0700, akuster wrote: > > On 10/11/20 8:42 PM, leimaohui wrote: > > - Deleted content about old spdx.bbclass. > > - Added usage of meta-spdxscanner. > > Do we want to go down this road? Will we be adding other scanning > layers in YP docs? It seems out of scope for the Yocto Project. We do need to remove the spdx class from the docs since it was removed from OE-Core. At request from members, we do host meta-spdxscanner, we do support SPDX as a project and I think at least putting a pointer to it in the docs is probably fine? I make some minor tweaks to some of the language to make it more consistent with the rest of the docs and put that patch in master-next for further review. Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#460): https://lists.yoctoproject.org/g/docs/message/460 Mute This Topic: https://lists.yoctoproject.org/mt/77454085/3617530 Group Owner: docs+owner@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/docs/unsub [oe-patchwork@oe-patch.openembedded.org] -=-=-=-=-=-=-=-=-=-=-=-
- Deleted content about old spdx.bbclass. - Added usage of meta-spdxscanner. Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> --- .../dev-manual/dev-manual-common-tasks.rst | 38 +++++++++++++++++++ documentation/ref-manual/ref-classes.rst | 13 ------- documentation/ref-manual/ref-tasks.rst | 14 ------- 3 files changed, 38 insertions(+), 27 deletions(-)