From: Michael Opdenacker <michael.opdenacker@bootlin.com>
To: "Simone Weiß" <simone.p.weiss@posteo.com>
Cc: docs@lists.yoctoproject.org, "Jörg Sommer" <joerg.sommer@navimatix.de>
Subject: Re: [docs] [PATCH] dev-manual: Rephrase spdx creation
Date: Tue, 6 Feb 2024 16:51:46 +0100 [thread overview]
Message-ID: <a0c5e346-d34e-4354-9cb3-3bb7d0fe5abb@bootlin.com> (raw)
In-Reply-To: <20240205161309.2958827-1-simone.p.weiss@posteo.com>
Simone, Jörg,
Thanks for the patch and review!
On 2/5/24 at 17:13, Simone Weiß wrote:
> From: Simone Weiß <simone.p.weiss@posteo.com>
>
> Make the options more clewar by providing them in a list instead of plain prosa.
> Also add a ref for a presentation wrt spdx 3.0 in the Yocto project.
>
> Fixes [YOCTO 7476]
>
> Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
> ---
> documentation/dev-manual/sbom.rst | 40 ++++++++++++++++++-------------
> 1 file changed, 24 insertions(+), 16 deletions(-)
>
> diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst
> index f51d08f84..b72bad155 100644
> --- a/documentation/dev-manual/sbom.rst
> +++ b/documentation/dev-manual/sbom.rst
> @@ -30,22 +30,29 @@ To make this happen, you must inherit the
>
> INHERIT += "create-spdx"
>
> -You then get :term:`SPDX` output in JSON format as an
> -``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
> -:term:`Build Directory`.
> +Upon building an image, you will then get:
>
> -This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json``
> -containing an index of JSON :term:`SPDX` files for individual recipes, together
> -with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such
> -files.
> +- :term:`SPDX` output in JSON format as an ``IMAGE-MACHINE.spdx.json`` file in
> + ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`.
> +
> +- This toplevel file is accompanied by an ``IMAGE-MACHINE.spdx.index.json``
> + containing an index of JSON :term:`SPDX` files for individual recipes.
> +
> +- The compressed archive ``IMAGE-MACHINE.spdx.tar.zst`` contains the index
> + and the files for the single recipes.
>
> The :ref:`ref-classes-create-spdx` class offers options to include
> -more information in the output :term:`SPDX` data, such as making the generated
> -files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of
> -the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`),
> -adding a description of the source files used to generate host tools and target
> -packages (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source
> -files themselves (:term:`SPDX_ARCHIVE_SOURCES`).
> +more information in the output :term:`SPDX` data:
> +
> +- Make the json files more human readable by setting (:term:`SPDX_PRETTY`).
> +
> +- Add compressed archives of the files in the generated target packages by
> + setting (:term:`SPDX_ARCHIVE_PACKAGED`).
> +
> +- Add a description of the source files used to generate host tools and target
> + packages (:term:`SPDX_INCLUDE_SOURCES`)
> +
> +- Add archives of these source files themselves (:term:`SPDX_ARCHIVE_SOURCES`).
I agree that your changes make the text easier to read.
>
> Though the toplevel :term:`SPDX` output is available in
> ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary
> @@ -65,11 +72,12 @@ generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as:
>
> See also the :term:`SPDX_CUSTOM_ANNOTATION_VARS` variable which allows
> to associate custom notes to a recipe.
> -
> See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX`
> project website for a list of tools to consume and transform the :term:`SPDX`
> data generated by the OpenEmbedded build system.
>
> -See also Joshua Watt's
> +See also Joshua Watt's presentations
> `Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__
> -presentation at FOSDEM 2023.
> +at FOSDEM 2023 and
> +`SPDX in the Yocto Project <https://fosdem.org/2024/schedule/event/fosdem-2024-3318-spdx-in-the-yocto-project/>`__
Wow, that's fresh stuff. I also watched this new one live. It's good to
keep the first one as it shared more details if I recall correctly.
Merged into master-next. I fixed the typo reported by Jörg in the commit
message.
Cheers
Michael
--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
prev parent reply other threads:[~2024-02-06 15:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-05 16:13 [PATCH] dev-manual: Rephrase spdx creation simone.p.weiss
2024-02-06 6:45 ` [docs] " Jörg Sommer
2024-02-06 15:51 ` Michael Opdenacker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0c5e346-d34e-4354-9cb3-3bb7d0fe5abb@bootlin.com \
--to=michael.opdenacker@bootlin.com \
--cc=docs@lists.yoctoproject.org \
--cc=joerg.sommer@navimatix.de \
--cc=simone.p.weiss@posteo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).