Closed vargenau closed 1 year ago
vargenau
commented
1 year ago It seems to be a "heisenbug".
I had the huge message above the first time; running it a second time gave the correct warning message:
The following warning(s) were raised: [Package at line 35850 invalid: LGPL-2.1 is deprecated. in libseccomp2, Package at line 9216 invalid: LGPL-2.1 is deprecated. in gcc-9-base, Package at line 72638 invalid: LGPL-2.1 is deprecated. in libnpth0]It occurred in "validate" and "convert".
goneall
commented
1 year ago Thanks @vargenau for reporting the issue. I'm able to reproduce it using the command line tool-java.
Based on the results from the command line tool, the long string should be returned on every validate - it looks like on some executions it is using the older version of the Java library validator. This is likely a server configuration issue resulting from the last hardware upgrade.
There are two separate issues involving two separate libraries. Both of these are introduced with the fix for verifying related elements:
goneall
commented
1 year ago One possible solution is to parse the results in the tools-java library. Added https://github.com/spdx/tools-java/issues/134 with the proposal.
vargenau
commented
1 year ago @goneall Thank you for the detailed explanations.
As a minor remark, it would be good to add some CR/LF to the output in order not to have the huge message on a single line.
goneall
commented
1 year ago @vargenau I noticed that too - turns out the Java library is adding CR/LF, but the online tools are treating them as whitespace when rendering the HTML - so some kind of conversion is needed - yet one issue
vargenau
commented
1 year ago Hi @goneall
I have not tested, but something like that might do the trick:
In file src/app/core.py:
- ajaxdict["data"] = "The following warning(s) were raised:\n" + str(retval)
+ warnings = str(retval)
+ ajaxdict["data"] = "The following warning(s) were raised:\n" + warnings.replace('\n', '<br />')(you have to do it 3 times in this file)
goneall
commented
1 year ago I have not tested, but something like that might do the trick:
Thanks @vargenau - @BassCoder2808 - Is this something you can do?
BassCoder2808
commented
1 year ago Hi @goneall, sure I will look into this and will let you know if I am able to add the following
goneall
commented
1 year ago Hi @goneall, sure I will look into this and will let you know if I am able to add the following
Thanks @BassCoder2808
BassCoder2808
commented
1 year ago Hi @goneall I have created the PR #495, let me know if anything else needs to be done in that
goneall
commented
1 year ago Since @BassCoder2808 solved the formatting issue related to this repo and there are other issues added to address the main issue raised here, I'll close this issue.
If I missed something, please feel free to open a new issue.
The following SPDX file has: one line with
PackageLicenseDeclared: LGPL-2.1two lines withPackageLicenseDeclared: LGPL-2.1+airflow-tern2.12.1.spdx.txt
So we expect warnings about deprecated licenses.
The issue is that the warning message is HUGE and mentions relationships.
Extract: