docs: Updated the status of spdx module.

Submitted by leimaohui on Oct. 12, 2020, 3:42 a.m. | Patch ID: 177123

Details

Message ID 20201012034255.2186713-1-leimaohui@cn.fujitsu.com
State New
Headers show

Commit Message

leimaohui Oct. 12, 2020, 3:42 a.m.
- Deleted content about old spdx.bbclass.
- Added usage of meta-spdxscanner.

Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
---
 .../dev-manual/dev-manual-common-tasks.rst    | 38 +++++++++++++++++++
 documentation/ref-manual/ref-classes.rst      | 13 -------
 documentation/ref-manual/ref-tasks.rst        | 14 -------
 3 files changed, 38 insertions(+), 27 deletions(-)

Patch hide | download patch | download mbox

diff --git a/documentation/dev-manual/dev-manual-common-tasks.rst b/documentation/dev-manual/dev-manual-common-tasks.rst
index bef8bf840f..80fd23e960 100644
--- a/documentation/dev-manual/dev-manual-common-tasks.rst
+++ b/documentation/dev-manual/dev-manual-common-tasks.rst
@@ -11401,6 +11401,8 @@  to be covered by assuming that three main areas of concern exist:
 -  Compilation scripts and modifications to the source code must be
    provided.
 
+-  spdx files can be provided.
+
 There are other requirements beyond the scope of these three and the
 methods described in this section (e.g. the mechanism through which
 source code is distributed).
@@ -11595,6 +11597,42 @@  layers (recipes, configuration files, and so forth) enables you to meet
 your requirements to include the scripts to control compilation as well
 as any modifications to the original source.
 
+Providing spdx files
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The spdx module has been integrated to a layer named meta-spdxscanner.
+meta-spdxscanner provides several kinds of scanner. If you want to enable
+this function, you have to do the following steps:
+
+1. Added meta-spdxscanner layer into ``bblayers.conf``. 
+
+2. Reference to README of meta-spdxscanner, setup the environment(e.g, 
+   setup a fossology server) of scanner.
+
+3. Meta-spdxscanner provids several methods(bbclass) to create spdx files.
+   Please choose one that you want to use and enable the spdx task. You have to
+   add some config options in 
+``local.conf`` file in your
+:term:`Build Directory`.
+The following is an example about how to get spdx files during bitbake 
+by fossology-python.bbclass:
+::
+
+   # Selet fossology-python.bbclass.
+   INHERIT += "fossology-python"
+   # For fossology-python.bbclass, TOKEN is necessary, so, after setup a 
+   # Fossology server, you have to create a token.
+   TOKEN = "eyJ0eXAiO..."
+   # The fossology server is necessary for fossology-python.bbclass.
+   FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional
+   # If you want to upload the source code to a special folder.
+   FOLDER_NAME = "xxxx" //Optional
+   # If you don't want to put spdx files in tmp/deploy/spdx, you can change.
+   SPDX_DEPLOY_DIR = "${DeployDir}" //Optional
+
+More usage of meta-spdxscanner, which you can find at:
+https://git.yoctoproject.org/cgit/cgit.cgi/meta-spdxscanner/.
+
 Copying Licenses that Do Not Exist
 ----------------------------------
 
diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst
index 756df2a60f..7277c6bb9d 100644
--- a/documentation/ref-manual/ref-classes.rst
+++ b/documentation/ref-manual/ref-classes.rst
@@ -2380,19 +2380,6 @@  Autotools automatically picks up.
 The class also provides variables like ``SITEINFO_ENDIANNESS`` and
 ``SITEINFO_BITS`` that can be used elsewhere in the metadata.
 
-.. _ref-classes-spdx:
-
-``spdx.bbclass``
-================
-
-The ``spdx`` class integrates real-time license scanning, generation of
-SPDX standard output, and verification of license information during the
-build.
-
-.. note::
-
-   This class is currently at the prototype stage in the 1.6 release.
-
 .. _ref-classes-sstate:
 
 ``sstate.bbclass``
diff --git a/documentation/ref-manual/ref-tasks.rst b/documentation/ref-manual/ref-tasks.rst
index 2569306fc5..ea145644f7 100644
--- a/documentation/ref-manual/ref-tasks.rst
+++ b/documentation/ref-manual/ref-tasks.rst
@@ -859,17 +859,3 @@  sure that the machine and metadata branches as specified by the
 branches. If these branches do not exist and
 :term:`AUTOREV` is not being used, the
 ``do_validate_branches`` task fails during the build.
-
-Miscellaneous Tasks
-===================
-
-The following sections describe miscellaneous tasks.
-
-.. _ref-tasks-spdx:
-
-``do_spdx``
------------
-
-A build stage that takes the source code and scans it on a remote
-FOSSOLOGY server in order to produce an SPDX document. This task applies
-only to the :ref:`spdx <ref-classes-spdx>` class.

Comments

Armin Kuster Oct. 12, 2020, 4:23 p.m.
On 10/11/20 8:42 PM, leimaohui wrote:
> - Deleted content about old spdx.bbclass.
> - Added usage of meta-spdxscanner.

Do we want to go down this road? Will we be adding other scanning layers
in YP docs?  It seems out of scope for the Yocto Project.

-armin
>
> Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
> ---
>  .../dev-manual/dev-manual-common-tasks.rst    | 38 +++++++++++++++++++
>  documentation/ref-manual/ref-classes.rst      | 13 -------
>  documentation/ref-manual/ref-tasks.rst        | 14 -------
>  3 files changed, 38 insertions(+), 27 deletions(-)
>
> diff --git a/documentation/dev-manual/dev-manual-common-tasks.rst b/documentation/dev-manual/dev-manual-common-tasks.rst
> index bef8bf840f..80fd23e960 100644
> --- a/documentation/dev-manual/dev-manual-common-tasks.rst
> +++ b/documentation/dev-manual/dev-manual-common-tasks.rst
> @@ -11401,6 +11401,8 @@ to be covered by assuming that three main areas of concern exist:
>  -  Compilation scripts and modifications to the source code must be
>     provided.
>  
> +-  spdx files can be provided.
> +
>  There are other requirements beyond the scope of these three and the
>  methods described in this section (e.g. the mechanism through which
>  source code is distributed).
> @@ -11595,6 +11597,42 @@ layers (recipes, configuration files, and so forth) enables you to meet
>  your requirements to include the scripts to control compilation as well
>  as any modifications to the original source.
>  
> +Providing spdx files
> +~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +The spdx module has been integrated to a layer named meta-spdxscanner.
> +meta-spdxscanner provides several kinds of scanner. If you want to enable
> +this function, you have to do the following steps:
> +
> +1. Added meta-spdxscanner layer into ``bblayers.conf``. 
> +
> +2. Reference to README of meta-spdxscanner, setup the environment(e.g, 
> +   setup a fossology server) of scanner.
> +
> +3. Meta-spdxscanner provids several methods(bbclass) to create spdx files.
> +   Please choose one that you want to use and enable the spdx task. You have to
> +   add some config options in 
> +``local.conf`` file in your
> +:term:`Build Directory`.
> +The following is an example about how to get spdx files during bitbake 
> +by fossology-python.bbclass:
> +::
> +
> +   # Selet fossology-python.bbclass.
> +   INHERIT += "fossology-python"
> +   # For fossology-python.bbclass, TOKEN is necessary, so, after setup a 
> +   # Fossology server, you have to create a token.
> +   TOKEN = "eyJ0eXAiO..."
> +   # The fossology server is necessary for fossology-python.bbclass.
> +   FOSSOLOGY_SERVER = "http://xx.xx.xx.xx:8081/repo" //Optional
> +   # If you want to upload the source code to a special folder.
> +   FOLDER_NAME = "xxxx" //Optional
> +   # If you don't want to put spdx files in tmp/deploy/spdx, you can change.
> +   SPDX_DEPLOY_DIR = "${DeployDir}" //Optional
> +
> +More usage of meta-spdxscanner, which you can find at:
> +https://git.yoctoproject.org/cgit/cgit.cgi/meta-spdxscanner/.
> +
>  Copying Licenses that Do Not Exist
>  ----------------------------------
>  
> diff --git a/documentation/ref-manual/ref-classes.rst b/documentation/ref-manual/ref-classes.rst
> index 756df2a60f..7277c6bb9d 100644
> --- a/documentation/ref-manual/ref-classes.rst
> +++ b/documentation/ref-manual/ref-classes.rst
> @@ -2380,19 +2380,6 @@ Autotools automatically picks up.
>  The class also provides variables like ``SITEINFO_ENDIANNESS`` and
>  ``SITEINFO_BITS`` that can be used elsewhere in the metadata.
>  
> -.. _ref-classes-spdx:
> -
> -``spdx.bbclass``
> -================
> -
> -The ``spdx`` class integrates real-time license scanning, generation of
> -SPDX standard output, and verification of license information during the
> -build.
> -
> -.. note::
> -
> -   This class is currently at the prototype stage in the 1.6 release.
> -
>  .. _ref-classes-sstate:
>  
>  ``sstate.bbclass``
> diff --git a/documentation/ref-manual/ref-tasks.rst b/documentation/ref-manual/ref-tasks.rst
> index 2569306fc5..ea145644f7 100644
> --- a/documentation/ref-manual/ref-tasks.rst
> +++ b/documentation/ref-manual/ref-tasks.rst
> @@ -859,17 +859,3 @@ sure that the machine and metadata branches as specified by the
>  branches. If these branches do not exist and
>  :term:`AUTOREV` is not being used, the
>  ``do_validate_branches`` task fails during the build.
> -
> -Miscellaneous Tasks
> -===================
> -
> -The following sections describe miscellaneous tasks.
> -
> -.. _ref-tasks-spdx:
> -
> -``do_spdx``
> ------------
> -
> -A build stage that takes the source code and scans it on a remote
> -FOSSOLOGY server in order to produce an SPDX document. This task applies
> -only to the :ref:`spdx <ref-classes-spdx>` class.
>
> 
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#459): https://lists.yoctoproject.org/g/docs/message/459
Mute This Topic: https://lists.yoctoproject.org/mt/77454085/3617530
Group Owner: docs+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/docs/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-
Richard Purdie Oct. 12, 2020, 4:44 p.m.
On Mon, 2020-10-12 at 09:23 -0700, akuster wrote:
> 
> On 10/11/20 8:42 PM, leimaohui wrote:
> > - Deleted content about old spdx.bbclass.
> > - Added usage of meta-spdxscanner.
> 
> Do we want to go down this road? Will we be adding other scanning
> layers in YP docs?  It seems out of scope for the Yocto Project.

We do need to remove the spdx class from the docs since it was removed
from OE-Core. At request from members, we do host meta-spdxscanner, we
do support SPDX as a project and I think at least putting a pointer to
it in the docs is probably fine?

I make some minor tweaks to some of the language to make it more
consistent with the rest of the docs and put that patch in master-next
for further review.

Cheers,

Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#460): https://lists.yoctoproject.org/g/docs/message/460
Mute This Topic: https://lists.yoctoproject.org/mt/77454085/3617530
Group Owner: docs+owner@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/docs/unsub [oe-patchwork@oe-patch.openembedded.org]
-=-=-=-=-=-=-=-=-=-=-=-