Re: repost: how to create a SPDX "notice file" from a build?

Khem Raj

On Fri, Nov 22, 2019 at 9:03 AM rpjday@...
<rpjday@...> wrote:

On Fri, 22 Nov 2019, Robert P. J. Day wrote:

i asked about this a couple months ago but didn't see any replies,
so i'll ask again with a little more detail.

colleague wants to, from YP (actually petalinux but should be
irrelevant), some sort of SPDX "notice file", along the lines of what
can be generated by black duck. it doesn't need to be identical, but
it would be useful to at least have a first pass that people can look
at and say what they want tweaked.

is there an example of how to (using the spdx.bbclass class file, i
assume) do something like this? thanks.
a lilttle more progress, and then an error -- i installed fossology
on my ubuntu 18.04 dev box, then added

INHERIT += "spdx"

to local.conf, and tried to build a simple qemuarmx86-64, and very
quickly had a number of native packages fail with:

//////////// start //////////

DEBUG: Executing python function do_spdx
ERROR: Error executing a python function in exec_python_func() autogenerated:

The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
*** 0002:do_spdx(d)
File: '/home/rpjday/oe/dist/layers/poky/meta/classes/spdx.bbclass', lineno: 83, function: do_spdx
0079: foss_full_spdx = d.getVar('FOSS_FULL_SPDX') == "true" or False
0080: foss_command = "wget %s --post-file=%s %s"\
0081: % (foss_flags, info['tar_file'], foss_server)
*** 0083: foss_result = run_fossology(foss_command, foss_full_spdx)
0084: if foss_result is not None:
0085: (foss_package_info, foss_file_info, foss_license_info) = foss_result
0086: spdx_file_info = create_spdx_doc(local_file_info, foss_file_info)
0087: ## write to cache
File: '/home/rpjday/oe/dist/layers/poky/meta/classes/spdx.bbclass', lineno: 230, function: run_fossology
0226: # Package info
0227: package_info = {}
0228: if full_spdx:
0229: # All mandatory, only one occurrence
*** 0230: package_info['PackageCopyrightText'] = re.findall('PackageCopyrightText: (.*?</text>)', foss_output, re.S)[0]
0231: package_info['PackageLicenseDeclared'] = re.findall('PackageLicenseDeclared: (.*)', foss_output)[0]
0232: package_info['PackageLicenseConcluded'] = re.findall('PackageLicenseConcluded: (.*)', foss_output)[0]
0233: # These may be more than one
0234: package_info['PackageLicenseInfoFromFiles'] = re.findall('PackageLicenseInfoFromFiles: (.*)', foss_output)
Exception: IndexError: list index out of range

ERROR: list index out of range
DEBUG: Python function do_spdx finished
ERROR: Function failed: do_spdx

/////////// end /////////

i have absolutely no idea what to think of this, and am open to
suggestions. does anyone have a working scenario to simply demonstrate
the usage of spdx.bbclass?
it once generated SPDX manifest from patched sources for package and
file level it has sadly regressed, so would need some love as you see



Robert P. J. Day Ottawa, Ontario, CANADA

Links: You receive all messages sent to this group.

View/Reply Online (#47387):
Mute This Topic:
Group Owner: yocto+owner@...
Unsubscribe: [raj.khem@...]

Join { to automatically receive all group messages.