c2ae5b3bbf
The list of files which are included in the `build.spdx` SPDX SBOM document is based on the files recorded as build artifacts based on the CMake file-based API metadata response. In some situations, such as the case indicated in #42072, a build artifact may be reported by CMake but no such file is present on the system following the build. This results in the `build.spdx` SPDX SBOM being invalid, as a result of trying to provide metadata for a non-existent file (and specifically being unable to provide its checksum). This commit fixes this bug by omitting files from `build.spdx` if they do not exist on disk after the build is complete, even if the CMake metadata claims that they should. The resulting SPDX document should then be valid. Fixes #42072 Signed-off-by: Steve Winslow <steve@swinslow.net> |
||
|---|---|---|
| .. | ||
| completion | ||
| runners | ||
| tests | ||
| zspdx | ||
| boards.py | ||
| build.py | ||
| build_helpers.py | ||
| completion.py | ||
| debug.py | ||
| export.py | ||
| flash.py | ||
| mypy.ini | ||
| README.txt | ||
| run_common.py | ||
| run_tests.py | ||
| sign.py | ||
| spdx.py | ||
| zcmake.py | ||
| zephyr_ext_common.py | ||
This directory contains implementations for west commands which are tightly coupled to the zephyr tree. This includes the build, flash, and debug commands. Before adding more here, consider whether you might want to put new extensions in upstream west. For example, any commands which operate on the multi-repo need to be in upstream west, not here. Try to limit what goes in here to Zephyr-specific features. When extending this code, please keep the unit tests (in tests/) up to date. The mypy static type checker is also run on the runners package. To run these tests locally on Windows, run: py -3 run_tests.py On macOS and Linux: ./run_tests.py Note that these tests are run as part of Zephyr's CI when submitting an upstream pull request, and pull requests which break the tests cannot be merged. Thanks!