Track the missing dependencies on SPDX documents #1109
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
meta-lmp-base/recipes-bsp/lmp-boot-firmware/lmp-boot-firmware.bb
Outdated
Show resolved
Hide resolved
|
Please extend the commit messages to avoid patches with just the subject line (add more details as part of the commit body message). |
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
from
cca557e
to
fa73062
Compare
|
I reduce this PR only with the fix and move the refactor to a new one. |
|
in the commit msg: |
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
2 times, most recently
from
5ef29b2
to
9576f23
Compare
fixed! thanks |
angolini
approved these changes
Apr 18, 2023
| python () { | ||
| # we need to set the DEPENDS as well to produce valid SPDX documents | ||
| for tasks in d.getVarFlag('do_install', 'depends').split(): | ||
| d.appendVar('DEPENDS', " %s" % tasks.split(":")[0]) |
There was a problem hiding this comment.
Setting DEPENDS usually goes on the top of the file. Is there any reason it must be at the bottom in this case?
There was a problem hiding this comment.
Nothing special, only because it is using a non common anonymous python.
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
2 times, most recently
from
0abef67
to
ee4404e
Compare
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
3 times, most recently
from
83a8b45
to
c1eb5f5
Compare
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
2 times, most recently
from
91f39ab
to
48dd890
Compare
|
validated on foundriesio/lmp-manifest#318 |
quaresmajose
changed the title
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
from
48dd890
to
c6be850
Compare
| for depend in depends: | ||
| recipe, task = depend.split(':') | ||
| if task == 'do_deploy' and recipe not in d.getVar('DEPENDS'): | ||
| bb.error("Task '%s' depends on '%s' but '%s' is not in DEPENDS" % (taskname, depend, recipe)) |
There was a problem hiding this comment.
I think it is better for us to warn by default instead of calling an error here, as this might have side effects in customer related recipes and cause certain builds to fail.
While we do want to have SPDX in a correct form, we shouldn't just yet enforce this on every recipe (we can have as a warn first and on another release move to error, for example).
There was a problem hiding this comment.
I put a new commit 25a255e wih this that is simpler to reference later.
meta-lmp-base/recipes-sota/ostree-kernel-initramfs/ostree-kernel-initramfs_%.bbappend
Outdated
Show resolved
Hide resolved
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
2 times, most recently
from
0783ed6
to
0ba3026
Compare
…n depends This handler will generate an ERROR when there are 'do_deploy' dependencies without setting the DEPENDS. One of the side effect of this issues is SPDX documents not including the correct dependencies. / | ERROR: lmp-boot-firmware-0-r0 do_install: Task 'do_install' depends on 'virtual/bootloader:do_deploy' but 'virtual/bootloader' is not in DEPENDS | ERROR: lmp-boot-firmware-0-r0 do_install: Task 'do_install' depends on 'virtual/trusted-firmware-a:do_deploy' but 'virtual/trusted-firmware-a' is not in DEPENDS \ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Setting DEPENDS create dependency loops so skip the check Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Setting DEPENDS create dependency loops so skip the check Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
… task[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. The following example is for the lmp-base-console-image on stm32mp15-disco machine: / | grep -E "u-boot|tf-a" deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "documentNamespace": "http://spdx.org/spdxdoc/recipe-tf-a-fio-546ca65d-3ceb-5456-93cd-e8acffa32a17", | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "filename": "recipe-tf-a-fio.spdx.json", | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "documentNamespace": "http://spdx.org/spdxdoc/recipe-tf-a-tools-native-52687ea6-9f82-5a2d-a8ab-f4e90f31e6fd", | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "filename": "recipe-tf-a-tools-native.spdx.json", | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "documentNamespace": "http://spdx.org/spdxdoc/recipe-u-boot-fio-cfb5b3c2-fc87-5d33-a223-5b46ae9bb0f5", | deploy/images/stm32mp15-disco/lmp-base-console-image-stm32mp15-disco.spdx.index.json: "filename": "recipe-u-boot-fio.spdx.json", \ Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…pends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…nce on task[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…sk[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…k[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
… on task[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…nds] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
… on task[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…epends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…o_deploy' presence on task[depends] Explicit adds the dependencies of the 'do_deploy' in the task[depends]. With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image. Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
…f an error It is better for us to warn by default instead of calling an error here, as this might have side effects in customer related recipes and cause certain builds to fail. While we do want to have SPDX in a correct form, we shouldn't just yet enforce this on every recipe (we can have as a warn first and on another release move to error, for example). Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
quaresmajose
force-pushed
the
lmp-boot-firmware
branch
from
0ba3026
to
3b12a43
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This handler will generate an ERROR when there are 'do_deploy' dependencies without setting the DEPENDS.
One of the side effect of this issues is SPDX documents not including the correct dependencies.
Explicit adds the dependencies of the 'do_deploy' in the task[depends].
With this patch the missed dependencies are now in the SPDX documents of the package as well as in the final SPDX of the combined image.
The following example is for the lmp-base-console-image on stm32mp15-disco machine: