Add support for bitbake recipes #1243 #3092
Conversation
|
@chinyeungli @priv-kweihmann you review is welcomed! |
requirements.txt
Outdated
| @@ -39,6 +39,7 @@ lxml==4.9.1 | |||
| MarkupSafe==2.1.1 | |||
| more-itertools==8.13.0 | |||
| normality==2.3.3 | |||
| oelint_parser==2.6.0 | |||
There was a problem hiding this comment.
I think current version is 2.8.0 - so this might need an update
|
|
||
| # add any bitbake like-file | ||
| # TODO: may be we should handle the bbclass and bbappend here? | ||
| oestash.AddFile(location) |
There was a problem hiding this comment.
bbclass files are handled automatically (if being within the same layer) - but yeah, bbappends have to be added manually
| version = data.get('PV') | ||
| description = data.get('DESCRIPTION') | ||
| homepage_url = data.get('HOMEPAGE') | ||
| download_url = data.get('PREMIRRORS') |
There was a problem hiding this comment.
Why premirrors? Normally one would take this kind of information from SRC_URI
| # Therefore, I cannot differentiate md5, sha1, or src file location reference | ||
| # See: https://github.com/priv-kweihmann/oelint-parser/issues/3 | ||
| sha1 = data.get('SRC_URI[sha1sum]') | ||
| md5 = data.get('SRC_URI[md5sum]') |
There was a problem hiding this comment.
md5sum is pretty outdated a while now - people have been encouraged to drop the support for md5 for years now - sha256 on the other hand is mandatory for most of the file based downloads, so this one should be used
|
|
||
| # Build deps: this is a list of plain BB recipes names | ||
| # https://docs.yoctoproject.org/bitbake/bitbake-user-manual/bitbake-user-manual-ref-variables.html#term-DEPENDS | ||
| build_deps = data.get('DEPENDS', '').split() |
There was a problem hiding this comment.
DEPENDS just refers to buildtime dependencies - I think what you really want is a mix of RDEPENDS:* and DEPENDS - while RDEPENDS (the packages needed at runtime are more of importance) - sometimes DEPENDS contains elements that will be only used at buildtime and leave no trace within the shipped binaries, so from a license point of view they can be safely ignored
There was a problem hiding this comment.
I personally would say that license wise DEPENDS doesn't play any role and should not be considered
| SRC_URI = "file://init-install-testfs.sh" | ||
| DEPENDS = "do_this and that" | ||
|
|
||
| RDEPENDS_${PN} = "grub (== 12.23) parted e2fsprogs-mke2fs" |
There was a problem hiding this comment.
I think the test should use a recipe that is a bit more complex than this one here - for me https://git.yoctoproject.org/poky/plain/meta/recipes-graphics/cairo/cairo_1.16.0.bb was always a good example
src/packagedcode/bitbake.py
Outdated
| description = data.get('DESCRIPTION') | ||
| homepage_url = data.get('HOMEPAGE') | ||
| download_url = data.get('PREMIRRORS') | ||
| declared_license = data.get('LICENSE') |
There was a problem hiding this comment.
Please keep in mind that LICENSE settings can also be package specific (fine example can be found here https://git.yoctoproject.org/poky/plain/meta/recipes-graphics/cairo/cairo_1.16.0.bb) - so it would be better to iterate over all variable items of LICENSE and then pick the best matching, where plain LICENSE should always be the fall back
Signed-off-by: Chin Yeung Li <tli@nexb.com> Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
force-pushed
the
1243-bitbake
branch
from
329909d to
a8acee2
Compare
|
@pombredanne I am a bit curious how would you handle the empty SRC_URI [1] for the gcc builds? There are also a couple of recipes which have just "local" files and no upstream download URL or where the a couple of files get constructed on the fly. Like mender-artifact-info.bb. I would extract also the download_url from the SRC_URI. The SRC_URI array should include also the patches. In case of git download URLs the SRCREV is also helpful. I made the experience that some older recipes SRC_URIs are broken. In example for mesa 22.0.3 (https://mesa.freedesktop.org/archive/mesa-22.0.3.tar.xz The redirect to https://archive.mesa3d.org/older-versions/ is not working correctly) and chrony 4.2 (https://download.tuxfamily.org/chrony/chrony-4.2.tar.gz tuxfamily does not work anymore). How will you handle broken download_urls? It would be nice to extract also LIC_FILES_CHKSUM? Sometimes it includes also license snippets with bline and eline. |
This PR adds basic support bitbake recipes treated as package data.
Tasks
Run tests locally to check for errors.