[yocto] questions about spdx

leimaohui at cn.fujitsu.com leimaohui at cn.fujitsu.com
Thu Jul 31 00:55:45 PDT 2014 

Hi, Elizabeth

> If I'm remembering this right (Mark?), you need to have a Fossology server to
> point to as Fossology will try to determine what the license is to make sure
> they match the declared license.

Thanks for your reply.

I'll try to set up a FOSSologySPDX instance server and try again.

Seriously, in documents of yocto, the description of spdx is too simple.

> I haven't touched any of the spdx code in a few months. There was work being
> done by Matt Germonprez's team out of the University of Nebraska Omaha, but
> I think that we need to discuss looking at some of what was done and where we
> go from there. To be honest, not a lot of people have asked for it so I've not
> worked on it.

That's to say, In the future yocto 1.7, there will be no improvement about spdx ?

Thanks,

Lei Maohui


> -----Original Message-----
> From: Flanagan, Elizabeth [mailto:elizabeth.flanagan at intel.com]
> Sent: Thursday, July 31, 2014 4:19 AM
> To: Lei, Maihui; Matt Germonprez; Hatle, Mark
> Cc: yocto at yoctoproject.org
> Subject: Re: [yocto] questions about spdx
> 
> On Mon, Jul 28, 2014 at 4:57 AM, leimaohui at cn.fujitsu.com
> <leimaohui at cn.fujitsu.com> wrote:
> > Hello all,
> >
> > About yocto-spdx, I need some help.
> > 1. I'm trying to use yocto(poky: 8f52c69183a6c2b50ed470c27383697ebc38efef)
> to get spdx information.
> > I add " spdx " to the USER_CLASSES  in my local.conf, and configured my
> meta/conf/licenses.conf as below.
> >
> > But, in the generated *.spdx files,I do not get any license
> > information. (the spdx file can be found in the end of the mail), Is there
> something wrong with my method?
> >
> 
> If I'm remembering this right (Mark?), you need to have a Fossology server to
> point to as Fossology will try to determine what the license is to make sure
> they match the declared license.
> 
> > I noticed that in meta/conf/licenses.conf,the FOSS_SERVER is set to
> > FOSS_SERVER =
> "http://localhost//?mod=spdx_license_once&noCopyright=${FOSS_COPYRIGHT}&re
> cursiveUnpack=${FOSS_RECURSIVE_UNPACK}".
> > Should I have to set up a FOSSologySPDX instance server in my localhost?
> >
> 
> Yes, looking at the log, the spdx class requires a fossology instance somewhere.
> I'd like to see it where it does not and it could spit out just the declared
> license in the metadata (which honestly, should be a trivial fix).
> 
> > 2. I noticed that from 4253671d46e3c350110bc73a1f55a054df0fc909(Wed Dec 4
> 11:47:02 2013),there is no update about spdx.
> > In "Yocto 1.7 Schedule", I saw only two enhancements about spdx.
> > Could someone explain the current progress and future work plan about spdx
> in detail?
> >
> 
> I haven't touched any of the spdx code in a few months. There was work being
> done by Matt Germonprez's team out of the University of Nebraska Omaha, but
> I think that we need to discuss looking at some of what was done and where we
> go from there. To be honest, not a lot of people have asked for it so I've not
> worked on it.
> 
> > Any help would be appreciated.
> >
> > Lei Maohui
> >
> > ----------------------------------
> > diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf index
> > b1d5480..d94cb36 100644
> > --- a/meta/conf/licenses.conf
> > +++ b/meta/conf/licenses.conf
> > @@ -116,15 +116,15 @@ SPDXLICENSEMAP[SGIv1] = "SGI-1"
> >  # LICENSE_PATH += "${COREBASE}/custom-licenses"
> >
> >  # Set if you want the license.manifest copied to the image
> > -#COPY_LIC_MANIFEST = "1"
> > +COPY_LIC_MANIFEST = "1"
> >
> >  # If you want the pkg licenses copied over as well you must set  #
> > both COPY_LIC_MANIFEST and COPY_LIC_DIRS -#COPY_LIC_DIRS = "1"
> > +COPY_LIC_DIRS = "1"
> >
> >  ## SPDX Format info
> >  SPDX_VERSION = "SPDX-1.1"
> > @@ -144,7 +144,7 @@ DATA_LICENSE = "CC0-1.0"
> >  #   information.
> >  #
> >
> > -FOSS_COPYRIGHT = "true"
> > +FOSS_COPYRIGHT = "false"
> >
> >  # A option defined as[FOSS_RECURSIVE_UNPACK] in
> > ./meta/conf/licenses.conf. is  # used to control if FOSSology server
> > need recursively unpack tar.gz file which @@ -158,14 +158,16 @@ FOSS_COPYRIGHT
> = "true"
> >  #    FOSSology server recursively unpack components.
> >  #
> >
> > -FOSS_RECURSIVE_UNPACK = "false"
> > +FOSS_RECURSIVE_UNPACK = "true"
> > $
> > --------------------------------------------
> > $ cat bluez5.spdx
> > SPDXVersion: SPDX-1.1
> > DataLicense: CC0-1.0
> > DocumentComment: <text>SPDX for bluez5 version 5.21</text>
> >
> > ## Creation Information
> > Creator: fossology-spdx
> > Created: 2014-07-25T18:19:53
> > CreatorComment: <text>UNO</text>
> >
> > ## Package Information
> > PackageName: bluez5
> > PackageVersion: 5.21
> > PackageDownloadLocation: NOASSERTION
> > PackageSummary: <text></text>
> > PackageFileName: bluez5.tar.gz
> > PackageSupplier: Person:NOASSERTION
> > PackageOriginator: Person:NOASSERTION
> > PackageChecksum: SHA1: b9667bcd50f9531dde17344cde1cc2afd10e3067
> > PackageVerificationCode: 8967d6f42622f39d1833e758b67dc4378d3d6922
> > PackageDescription: <text>bluez5 version 5.21</text>
> >
> > PackageCopyrightText: <text>NOASSERTION</text>
> >
> > PackageLicenseDeclared: NOASSERTION
> > PackageLicenseConcluded: NOASSERTION
> > PackageLicenseInfoFromFiles: NOASSERTION
> >
> > ## File Information
> >
> > FileName: tools/bccmd.1
> >
> > FileName: android/pts-avrcp.txt
> >
> > FileName: doc/heartrate-api.txt
> >
> > FileName: profiles/proximity/proximity.conf
> >
> > FileName: profiles/input/hog.c
> > ......
> >
> > --
> > _______________________________________________
> > yocto mailing list
> > yocto at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/yocto
> 
> 
> 
> --
> Elizabeth Flanagan
> Yocto Project
> Build and Release

More information about the yocto mailing list