search

openSUSE / obs-build

OBS build script, can be used with OBS or stand alone
GNU General Public License v2.0
130 stars 181 forks source link

generate_sbom: add license mapping to rewrite licenses spdx conform #1006

Open cschneemann opened 2 months ago

cschneemann commented 2 months ago

Added functionalities to configure license mapping files (json-formatted) to do a rewrite of the licenses to write spdx conform ones into the generated document.

This is to handle non spdx conform license naming in packages taken from upstream without forking/fixing each package.

The mapping has to be part of the image sources/created rootfs (e.g. livebuild).

Example of a mapping file:

{
  "GPL-1+": "GPL-1.0-or-later",
  "LGPL-1+": "LGPL-1.0-or-later",
  "LGPL-1.0+": "LGPL-1.0-or-later",
  "GPL-2+": "GPL-2.0-or-later",
  "GPL-2.0+": "GPL-2.0-or-later",
  "GPL-2": "GPL-2.0-only",
  "GPL-2.0": "GPL-2.0-only",
  "GPL-3+": "GPL-3.0-or-later"
}

The mapping is activated by specifying the files in the project configuration:

BuildFlags: spdx-license-mapping:/license_mapping.json spdx-license-mapping:/spdx_licenses.json

The flag can be defined multiple times for different files if needed, the content of the files gets merged. The files are defined in the BuildFlag with its path in the created rootfs.