[PATCH 1/3] create-spdx: Remove ";name=..." for downloadLocation

[PATCH 1/3] create-spdx: Remove ";name=..." for downloadLocation

[Keiya Nobuta]

Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
---
 meta/classes/create-spdx.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 47dd12c383..c190ad3889 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -459,6 +459,7 @@ python do_create_spdx() {
 
     for s in d.getVar('SRC_URI').split():
         if not s.startswith("file://"):
+            s = s.split(';')[0]
             recipe.downloadLocation = s
             break
     else:
-- 
2.25.1

[PATCH 2/3] create-spdx: Fix "licenseDeclared" shows weird value

[Keiya Nobuta]

Fixed an issue that "licenseDeclared" shows weird value, for example
`busybox.spdx.json` shows like:

"GPL-2.0-only AND DocumentRef-recipe-busybox:LicenseRef-bzip2-1.0.4"
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^
                   unwanted value

Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
---
 meta/classes/create-spdx.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index c190ad3889..1661c7d2f0 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -534,7 +534,7 @@ python do_create_spdx() {
     recipe_ref.checksum.checksumValue = doc_sha1
 
     sources = collect_dep_sources(d, dep_recipes)
-    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
+    found_licenses = {license.name: license.licenseId for license in doc.hasExtractedLicensingInfos}
 
     if not recipe_spdx_is_native(d, recipe):
         bb.build.exec_func("read_subpackage_metadata", d)
-- 
2.25.1

[PATCH 3/3] gnutls: Unified pakcage names to lower-case

[Keiya Nobuta]

create-spdx can't detect the license properly if the case doesn't
match, so fix it.

Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
---
 meta/recipes-support/gnutls/gnutls_3.7.7.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/meta/recipes-support/gnutls/gnutls_3.7.7.bb
index 01fd4dba3d..c7d782e4eb 100644
--- a/meta/recipes-support/gnutls/gnutls_3.7.7.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.7.7.bb
@@ -8,7 +8,7 @@ LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
 LICENSE:${PN} = "LGPL-2.1-or-later"
 LICENSE:${PN}-xx = "LGPL-2.1-or-later"
 LICENSE:${PN}-bin = "GPL-3.0-or-later"
-LICENSE:${PN}-OpenSSL = "GPL-3.0-or-later"
+LICENSE:${PN}-openssl = "GPL-3.0-or-later"
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
                     file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \
-- 
2.25.1

Re: [OE-core] [PATCH 3/3] gnutls: Unified pakcage names to lower-case

[Khem Raj]

On Wed, Oct 19, 2022 at 4:08 AM Keiya Nobuta <nobuta.keiya@fujitsu.com> wrote:
>
> create-spdx can't detect the license properly if the case doesn't
> match, so fix it.

I wonder if this could be some sort of QA warning that can flags such
issues, I do see this
might be a common error to make.

>
> Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
> ---
>  meta/recipes-support/gnutls/gnutls_3.7.7.bb | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-support/gnutls/gnutls_3.7.7.bb b/meta/recipes-support/gnutls/gnutls_3.7.7.bb
> index 01fd4dba3d..c7d782e4eb 100644
> --- a/meta/recipes-support/gnutls/gnutls_3.7.7.bb
> +++ b/meta/recipes-support/gnutls/gnutls_3.7.7.bb
> @@ -8,7 +8,7 @@ LICENSE = "GPL-3.0-or-later & LGPL-2.1-or-later"
>  LICENSE:${PN} = "LGPL-2.1-or-later"
>  LICENSE:${PN}-xx = "LGPL-2.1-or-later"
>  LICENSE:${PN}-bin = "GPL-3.0-or-later"
> -LICENSE:${PN}-OpenSSL = "GPL-3.0-or-later"
> +LICENSE:${PN}-openssl = "GPL-3.0-or-later"
>
>  LIC_FILES_CHKSUM = "file://LICENSE;md5=71391c8e0c1cfe68077e7fce3b586283 \
>                      file://doc/COPYING;md5=c678957b0c8e964aa6c70fd77641a71e \
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#171966): https://lists.openembedded.org/g/openembedded-core/message/171966
> Mute This Topic: https://lists.openembedded.org/mt/94428130/1997914
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [OE-core] [PATCH 3/3] gnutls: Unified pakcage names to lower-case

[Ross Burton]

On 19 Oct 2022, at 11:57, Keiya Nobuta via lists.openembedded.org <nobuta.keiya=fujitsu.com@lists.openembedded.org> wrote:
> 
> create-spdx can't detect the license properly if the case doesn't
> match, so fix it.

This isn’t spdx-specific: nothing would have seen that package-specific license. Well spotted!

Ross

Re: [OE-core] [PATCH 2/3] create-spdx: Fix "licenseDeclared" shows weird value

[Joshua Watt]

On Wed, Oct 19, 2022 at 6:08 AM Keiya Nobuta <nobuta.keiya@fujitsu.com> wrote:
>
> Fixed an issue that "licenseDeclared" shows weird value, for example
> `busybox.spdx.json` shows like:
>
> "GPL-2.0-only AND DocumentRef-recipe-busybox:LicenseRef-bzip2-1.0.4"
>                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>                    unwanted value

I don't believe this is unwanted: the license text lives in another
document (ecipe-busybox.spdx.json) so we need to indicate that here

>
> Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
> ---
>  meta/classes/create-spdx.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
> index c190ad3889..1661c7d2f0 100644
> --- a/meta/classes/create-spdx.bbclass
> +++ b/meta/classes/create-spdx.bbclass
> @@ -534,7 +534,7 @@ python do_create_spdx() {
>      recipe_ref.checksum.checksumValue = doc_sha1
>
>      sources = collect_dep_sources(d, dep_recipes)
> -    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
> +    found_licenses = {license.name: license.licenseId for license in doc.hasExtractedLicensingInfos}
>
>      if not recipe_spdx_is_native(d, recipe):
>          bb.build.exec_func("read_subpackage_metadata", d)
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#171967): https://lists.openembedded.org/g/openembedded-core/message/171967
> Mute This Topic: https://lists.openembedded.org/mt/94428131/3616693
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [JPEWhacker@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [PATCH 2/3] create-spdx: Fix "licenseDeclared" shows weird value

[Keiya Nobuta]

[-- Attachment #1: Type: text/plain, Size: 2122 bytes --]

On Thu, Oct 20, 2022 at 06:17 AM, Joshua Watt wrote:

> 
> On Wed, Oct 19, 2022 at 6:08 AM Keiya Nobuta <nobuta.keiya@fujitsu.com>
> wrote:
> 
>> Fixed an issue that "licenseDeclared" shows weird value, for example
>> `busybox.spdx.json` shows like:
>> 
>> "GPL-2.0-only AND DocumentRef-recipe-busybox:LicenseRef-bzip2-1.0.4"
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> unwanted value
> 
> I don't believe this is unwanted: the license text lives in another
> document (ecipe-busybox.spdx.json) so we need to indicate that here

Thanks for your comment.
I was misunderstanding, so I'm withdrawing this patch.

The reason I got it wrong was because the SPDX validation tool[1]
gave me the following message:

```
The following warning(s) were raised: [Invalid package
declared license:Incompatible type for property member: class
org.spdx.library.model.license.AnyLicenseInfo]
```

But this is probably due to a flaw in the validation tool. So I checked the
SPDX specification[2], and understood that it complies with the user defined
license reference.

[1] https://tools.spdx.org/app/validate/
[2] https://spdx.github.io/spdx-spec/SPDX-license-expressions/

> 
> 
>> Signed-off-by: Keiya Nobuta <nobuta.keiya@fujitsu.com>
>> ---
>> meta/classes/create-spdx.bbclass | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/meta/classes/create-spdx.bbclass
>> b/meta/classes/create-spdx.bbclass
>> index c190ad3889..1661c7d2f0 100644
>> --- a/meta/classes/create-spdx.bbclass
>> +++ b/meta/classes/create-spdx.bbclass
>> @@ -534,7 +534,7 @@ python do_create_spdx() {
>> recipe_ref.checksum.checksumValue = doc_sha1
>> 
>> sources = collect_dep_sources(d, dep_recipes)
>> - found_licenses = {license.name:recipe_ref.externalDocumentId + ":" +
>> license.licenseId for license in doc.hasExtractedLicensingInfos}
>> + found_licenses = {license.name: license.licenseId for license in
>> doc.hasExtractedLicensingInfos}
>> 
>> if not recipe_spdx_is_native(d, recipe):
>> bb.build.exec_func("read_subpackage_metadata", d)
>> --
>> 2.25.1
>> 
>> 
>> 
> 
>

[-- Attachment #2: Type: text/html, Size: 2497 bytes --]

Re: [OE-core] [PATCH 2/3] create-spdx: Fix "licenseDeclared" shows weird value

[Alberto Pianon]

Il 2022-10-19 23:17 Joshua Watt ha scritto:
> On Wed, Oct 19, 2022 at 6:08 AM Keiya Nobuta <nobuta.keiya@fujitsu.com> 
> wrote:
>> 
>> Fixed an issue that "licenseDeclared" shows weird value, for example
>> `busybox.spdx.json` shows like:
>> 
>> "GPL-2.0-only AND DocumentRef-recipe-busybox:LicenseRef-bzip2-1.0.4"
>>                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>                    unwanted value
> 
> I don't believe this is unwanted: the license text lives in another
> document (ecipe-busybox.spdx.json) so we need to indicate that here
> 

That is correct, according to the specs:

https://spdx.github.io/spdx-spec/SPDX-license-expressions/#d3-simple-license-expressions

Cheers,

Alberto