Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6284936f authored by Wei Li's avatar Wei Li
Browse files

Add upstream package of a prebuilt fork package, which will have the package... 

Add upstream package of a prebuilt fork package, which will have the package information from the METADATA file.

Bug: 266726655
Test: CIs
Test: lunch barbet-user && m sbom
(cherry picked from https://android-review.googlesource.com/q/commit:16e7aa3c2ea779ff91a0d88b431a2437964ae1a6)
Merged-In: Ic8eb42c369de8c94c7977b9631ff4b9084dfef01
Change-Id: Ic8eb42c369de8c94c7977b9631ff4b9084dfef01
parent a75b82f9

tools/sbom/generate-sbom.py

+28 −20
Original line number Diff line number Diff line
@@ -263,8 +263,8 @@ def get_package_download_location(metadata_file_path): 


def get_sbom_fragments(installed_file_metadata, metadata_file_path):

  """Return SPDX fragment of source/prebuilt packages, which usually contains a SOURCE/PREBUILT

  package, a UPSTREAM package if it's a source package and a external SBOM document reference if

  it's a prebuilt package with sbom_ref defined in its METADATA file.

  package, a UPSTREAM package and an external SBOM document reference if sbom_ref defined in its

  METADATA file.



  See go/android-spdx and go/android-sbom-gen for more details.

  """
@@ -301,9 +301,17 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): 
    prebuilt_package = sbom_data.Package(id=prebuilt_package_id,

                                         name=name,

                                         download_location=sbom_data.VALUE_NONE,

                                         version=args.build_version,

                                         version=version if version else args.build_version,

                                         supplier='Organization: ' + args.product_mfr)

    packages.append(prebuilt_package)



    upstream_package_id = new_package_id(name, PKG_UPSTREAM)

    upstream_package = sbom_data.Package(id=upstream_package_id, name=name, version = version,

                                         supplier=('Organization: ' + homepage) if homepage else sbom_data.VALUE_NOASSERTION,

                                         download_location=download_location)

    packages += [prebuilt_package, upstream_package]

    relationships.append(sbom_data.Relationship(id1=prebuilt_package_id,

                                                relationship=sbom_data.RelationshipType.VARIANT_OF,

                                                id2=upstream_package_id))



  if metadata_file_path:

    metadata_proto = metadata_file_protos[metadata_file_path]
@@ -317,7 +325,7 @@ def get_sbom_fragments(installed_file_metadata, metadata_file_path): 
                                                               uri=sbom_url,

                                                               checksum=sbom_checksum)

        relationships.append(

            sbom_data.Relationship(id1=prebuilt_package_id,

          sbom_data.Relationship(id1=upstream_package_id,

                                 relationship=sbom_data.RelationshipType.VARIANT_OF,

                                 id2=doc_ref_id + ':' + upstream_element_id))