From 6fec865d06eb6684c5fb95285965949dcc3d1f68 Mon Sep 17 00:00:00 2001
From: Indresh Sharma <indresh@timesys.com>
Date: Wed, 21 Jun 2023 11:44:50 +0530
Subject: [PATCH] [vigiles.bbclass] Sort package dependencies and
 component_type

List package dependencies and component type in the same order to avoid SBOM hash changing due to changes in this order
---
 classes/vigiles.bbclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/classes/vigiles.bbclass b/classes/vigiles.bbclass
index 8ab2a01..8d2e24f 100644
--- a/classes/vigiles.bbclass
+++ b/classes/vigiles.bbclass
@@ -529,8 +529,8 @@ def vigiles_image_collect(d):
         dict_out['packages'][key].update({
             'package_supplier': d.getVar('SPDX_SUPPLIER'),
             'dependencies': {
-                'build': bdeps.get('deps', []),
-                'runtime': rdeps.get('deps', []),
+                'build': sorted(bdeps.get('deps', [])),
+                'runtime': sorted(rdeps.get('deps', [])),
             },
             
         })
@@ -554,6 +554,7 @@ def vigiles_image_collect(d):
                     continue
                 if component_type and component_type not in component_type_list:
                     dict_out["packages"][dep]["component_type"].append(component_type)
+                    dict_out["packages"][dep]["component_type"].sort()
                 if "component" not in component_type_list:
                     if "build" in component_type_list and "runtime" in component_type_list:
                         dict_out['packages'][dep]["comment"] = dependency_only_comment["build&runtime"]