[yocto] questions about spdx

Flanagan, Elizabeth elizabeth.flanagan at intel.com
Wed Jul 30 13:19:10 PDT 2014 

On Mon, Jul 28, 2014 at 4:57 AM, leimaohui at cn.fujitsu.com
<leimaohui at cn.fujitsu.com> wrote:
> Hello all,
>
> About yocto-spdx, I need some help.
> 1. I'm trying to use yocto(poky: 8f52c69183a6c2b50ed470c27383697ebc38efef) to get spdx information.
> I add " spdx " to the USER_CLASSES  in my local.conf, and configured my meta/conf/licenses.conf as below.
>
> But, in the generated *.spdx files,I do not get any license information. (the spdx file can be found in the end of the mail),
> Is there something wrong with my method?
>

If I'm remembering this right (Mark?), you need to have a Fossology
server to point to as Fossology will try to determine what the license
is to make sure they match the declared license.

> I noticed that in meta/conf/licenses.conf,the FOSS_SERVER is set to
> FOSS_SERVER = "http://localhost//?mod=spdx_license_once&noCopyright=${FOSS_COPYRIGHT}&recursiveUnpack=${FOSS_RECURSIVE_UNPACK}".
> Should I have to set up a FOSSologySPDX instance server in my localhost?
>

Yes, looking at the log, the spdx class requires a fossology instance
somewhere. I'd like to see it where it does not and it could spit out
just the declared license in the metadata (which honestly, should be a
trivial fix).

> 2. I noticed that from 4253671d46e3c350110bc73a1f55a054df0fc909(Wed Dec 4 11:47:02 2013),there is no update about spdx.
> In "Yocto 1.7 Schedule", I saw only two enhancements about spdx.
> Could someone explain the current progress and future work plan about spdx in detail?
>

I haven't touched any of the spdx code in a few months. There was work
being done by Matt Germonprez's team out of the University of Nebraska
Omaha, but I think that we need to discuss looking at some of what was
done and where we go from there. To be honest, not a lot of people
have asked for it so I've not worked on it.

> Any help would be appreciated.
>
> Lei Maohui
>
> ----------------------------------
> diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
> index b1d5480..d94cb36 100644
> --- a/meta/conf/licenses.conf
> +++ b/meta/conf/licenses.conf
> @@ -116,15 +116,15 @@ SPDXLICENSEMAP[SGIv1] = "SGI-1"
>  # LICENSE_PATH += "${COREBASE}/custom-licenses"
>
>  # Set if you want the license.manifest copied to the image
> -#COPY_LIC_MANIFEST = "1"
> +COPY_LIC_MANIFEST = "1"
>
>  # If you want the pkg licenses copied over as well you must set
>  # both COPY_LIC_MANIFEST and COPY_LIC_DIRS
> -#COPY_LIC_DIRS = "1"
> +COPY_LIC_DIRS = "1"
>
>  ## SPDX Format info
>  SPDX_VERSION = "SPDX-1.1"
> @@ -144,7 +144,7 @@ DATA_LICENSE = "CC0-1.0"
>  #   information.
>  #
>
> -FOSS_COPYRIGHT = "true"
> +FOSS_COPYRIGHT = "false"
>
>  # A option defined as[FOSS_RECURSIVE_UNPACK] in ./meta/conf/licenses.conf. is
>  # used to control if FOSSology server need recursively unpack tar.gz file which
> @@ -158,14 +158,16 @@ FOSS_COPYRIGHT = "true"
>  #    FOSSology server recursively unpack components.
>  #
>
> -FOSS_RECURSIVE_UNPACK = "false"
> +FOSS_RECURSIVE_UNPACK = "true"
> $
> --------------------------------------------
> $ cat bluez5.spdx
> SPDXVersion: SPDX-1.1
> DataLicense: CC0-1.0
> DocumentComment: <text>SPDX for bluez5 version 5.21</text>
>
> ## Creation Information
> Creator: fossology-spdx
> Created: 2014-07-25T18:19:53
> CreatorComment: <text>UNO</text>
>
> ## Package Information
> PackageName: bluez5
> PackageVersion: 5.21
> PackageDownloadLocation: NOASSERTION
> PackageSummary: <text></text>
> PackageFileName: bluez5.tar.gz
> PackageSupplier: Person:NOASSERTION
> PackageOriginator: Person:NOASSERTION
> PackageChecksum: SHA1: b9667bcd50f9531dde17344cde1cc2afd10e3067
> PackageVerificationCode: 8967d6f42622f39d1833e758b67dc4378d3d6922
> PackageDescription: <text>bluez5 version 5.21</text>
>
> PackageCopyrightText: <text>NOASSERTION</text>
>
> PackageLicenseDeclared: NOASSERTION
> PackageLicenseConcluded: NOASSERTION
> PackageLicenseInfoFromFiles: NOASSERTION
>
> ## File Information
>
> FileName: tools/bccmd.1
>
> FileName: android/pts-avrcp.txt
>
> FileName: doc/heartrate-api.txt
>
> FileName: profiles/proximity/proximity.conf
>
> FileName: profiles/input/hog.c
> ......
>
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto



-- 
Elizabeth Flanagan
Yocto Project
Build and Release

More information about the yocto mailing list