SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
SPDX_ORG ??= "OpenEmbedded ()"
+SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
+SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
+ this recipe. For SPDX documents create using this class during the build, this \
+ is the contact information for the person or organization who is doing the \
+ build."
do_image_complete[depends] = "virtual/kernel:do_create_spdx"
recipe.name = d.getVar("PN")
recipe.versionInfo = d.getVar("PV")
recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
+ recipe.packageSupplier = d.getVar("SPDX_SUPPLIER")
if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
recipe.annotations.append(create_annotation(d, "isNative"))
spdx_package.name = pkg_name
spdx_package.versionInfo = d.getVar("PV")
spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
+ spdx_package.packageSupplier = d.getVar("SPDX_SUPPLIER")
package_doc.packages.append(spdx_package)
image.name = d.getVar("PN")
image.versionInfo = d.getVar("PV")
image.SPDXID = oe.sbom.get_image_spdxid(image_name)
+ image.packageSupplier = d.getVar("SPDX_SUPPLIER")
doc.packages.append(image)
