c2ae5b3bbf
The list of files which are included in the `build.spdx` SPDX SBOM document is based on the files recorded as build artifacts based on the CMake file-based API metadata response. In some situations, such as the case indicated in #42072, a build artifact may be reported by CMake but no such file is present on the system following the build. This results in the `build.spdx` SPDX SBOM being invalid, as a result of trying to provide metadata for a non-existent file (and specifically being unable to provide its checksum). This commit fixes this bug by omitting files from `build.spdx` if they do not exist on disk after the build is complete, even if the CMake metadata claims that they should. The resulting SPDX document should then be valid. Fixes #42072 Signed-off-by: Steve Winslow <steve@swinslow.net> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| cmakecache.py | ||
| cmakefileapi.py | ||
| cmakefileapijson.py | ||
| datatypes.py | ||
| getincludes.py | ||
| licenses.py | ||
| sbom.py | ||
| scanner.py | ||
| spdxids.py | ||
| util.py | ||
| walker.py | ||
| writer.py | ||