cdxgen Fails to Detect License Info for Ubuntu Packages

[pooja0805]

Hello Team, It has come to our attention that cdxgen is encountering difficulties in detecting the license information for certain Ubuntu distribution packages. This issue is specifically observed with packages like e2fsprogs ,libhogweed5 etc, despite the presence of license information in the copyright file located under /usr/share/doc/{package-name}.

Environment Details:

• Operating System: Ubuntu 20.04

Examples:

• e2fsprogs: License information is available in the copyright file i.e. GPL-2.0, LGPL-2.0 but not being detected by cdxgen.
• libhogweed5: Similar behavior where license information is present i.e. LGPL-2.1+ but not recognized.

Expected Behavior: cdxgen should be able to correctly detect the license information from the copyright files for these packages on Ubuntu 20.04.

If you have insights into why this might be happening, please share your findings. Your input will be valuable. Thank you for your attention.

[prabhu]

@pooja0805, thank you for filing this issue. I can reproduce this issue locally. Due to some existing limitations, Cdxgen is reporting only the first license correctly for container images. The license info is incomplete for multiple packages since it doesn't search for a license inside the /usr/share/doc/ directory yet.

We're accepting contributions and sponsorships since this will be a significant effort for us.

Edit: I think there is a quicker way to make cdxgen report all licenses for things like e2fsprogs.