fd31b9b4ac
This adds support to generate SPDX 2.2 tag-value documents via the new west spdx command. The CMake file-based APIs are leveraged to create relationships from source files to the corresponding generated build files. SPDX-License-Identifier comments in source files are scanned and filled into the SPDX documents. Before `west build` is run, a specific file must be created in the build directory so that the CMake API reply will run. This can be done by running: west spdx --init -d BUILD_DIR After `west build` is run, SPDX generation is then activated by calling `west spdx`; currently this requires passing the build directory as a parameter again: west spdx -d BUILD_DIR This will generate three SPDX documents in `BUILD_DIR/spdx/`: 1) `app.spdx`: This contains the bill-of-materials for the application source files used for the build. 2) `zephyr.spdx`: This contains the bill-of-materials for the specific Zephyr source code files that are used for the build. 3) `build.spdx`: This contains the bill-of-materials for the built output files. Each file in the bill-of-materials is scanned, so that its hashes (SHA256 and SHA1) can be recorded, along with any detected licenses if an `SPDX-License-Identifier` appears in the file. SPDX Relationships are created to indicate dependencies between CMake build targets; build targets that are linked together; and source files that are compiled to generate the built library files. `west spdx` can be called with optional parameters for further configuration: * `-n PREFIX`: specifies a prefix for the Document Namespaces that will be included in the generated SPDX documents. See SPDX spec 2.2 section 2.5 at https://spdx.github.io/spdx-spec/2-document-creation-information/. If -n is omitted, a default namespace will be generated according to the default format described in section 2.5 using a random UUID. * `-s SPDX_DIR`: specifies an alternate directory where the SPDX documents should be written. If not specified, they will be saved in `BUILD_DIR/spdx/`. * `--analyze-includes`: in addition to recording the compiled source code files (e.g. `.c`, `.S`) in the bills-of-materials, if this flag is specified, `west spdx` will attempt to determine the specific header files that are included for each `.c` file. This will take longer, as it performs a dry run using the C compiler for each `.c` file (using the same arguments that were passed to it for the actual build). * `--include-sdk`: if `--analyze-includes` is used, then adding `--include-sdk` will create a fourth SPDX document, `sdk.spdx`, which will list any header files included from the SDK. Signed-off-by: Steve Winslow <steve@swinslow.net>
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
# Keep the help strings in sync with the values in the .py files!
|
|
west-commands:
|
|
- file: scripts/west_commands/completion.py
|
|
commands:
|
|
- name: completion
|
|
class: Completion
|
|
help: display shell completion scripts
|
|
- file: scripts/west_commands/boards.py
|
|
commands:
|
|
- name: boards
|
|
class: Boards
|
|
help: display information about supported boards
|
|
- file: scripts/west_commands/build.py
|
|
commands:
|
|
- name: build
|
|
class: Build
|
|
help: compile a Zephyr application
|
|
- file: scripts/west_commands/sign.py
|
|
commands:
|
|
- name: sign
|
|
class: Sign
|
|
help: sign a Zephyr binary for bootloader chain-loading
|
|
- file: scripts/west_commands/flash.py
|
|
commands:
|
|
- name: flash
|
|
class: Flash
|
|
help: flash and run a binary on a board
|
|
- file: scripts/west_commands/debug.py
|
|
commands:
|
|
- name: debug
|
|
class: Debug
|
|
help: flash and interactively debug a Zephyr application
|
|
- name: debugserver
|
|
class: DebugServer
|
|
help: connect to board and launch a debug server
|
|
- name: attach
|
|
class: Attach
|
|
help: interactively debug a board
|
|
- file: scripts/west_commands/export.py
|
|
commands:
|
|
- name: zephyr-export
|
|
class: ZephyrExport
|
|
help: export Zephyr installation as a CMake config package
|
|
- file: scripts/west_commands/spdx.py
|
|
commands:
|
|
- name: spdx
|
|
class: ZephyrSpdx
|
|
help: create SPDX bill of materials
|