spdx.bbclass: improved stability, fixed SPDX compliance issues. Changes are reflected in licenses.conf.

The previous version could crash on dead links in the rootfs, or if the manifest directory did not exist. The generated files were also not compliant with the SPDX specification, for example file entries did not always start with the FileName tag, time stamps were incorrectly formatted etc. Stability issues are addressed by added checks, originally written by Johan Thelin <johan.thelin@pelagicore.com>, who never upstreamed them. I've also added an option for getting full SPDX output from FOSSology, i.e. not only for all files, but for the package as well, including license references. License refs are required in order to process the output by SPDXTools. For that reason, this option defaults to true. (From OE-Core rev: 5d3a4f4f57e4d8581fd88a14324f94e93104a690) Signed-off-by: Tobias Olausson <tobias.olausson@pelagicore.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Tobias Olausson <tobias.olausson@pelagicore.com> 2014-10-20 16:09:15 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-24 17:36:15 +0100
commit: f348071efd9419de3fa7f4e4ad78dfa5f8445412 (patch)
tree: 7210e42b132f8cfd8df9a89dde184629a7b3fb81 /meta/conf/licenses.conf
parent: 8882eaaf97821fd96a72dc1382517689912d357b (diff)
download: poky-f348071efd9419de3fa7f4e4ad78dfa5f8445412.tar.gz
1 files changed, 21 insertions, 3 deletions
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index fe96066e4e..629916b6a5 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -143,7 +143,7 @@ DATA_LICENSE = "CC0-1.0"
 #   information.
 #
-FOSS_COPYRIGHT = "true"
+FOSS_NO_COPYRIGHT = "true"
 # A option defined as[FOSS_RECURSIVE_UNPACK] in ./meta/conf/licenses.conf. is
 # used to control if FOSSology server need recursively unpack tar.gz file which
@@ -159,12 +159,30 @@ FOSS_COPYRIGHT = "true"
 FOSS_RECURSIVE_UNPACK = "false"
-# FOSSologySPDX instance server.
+# An option defined as [FOSS_FULL_SPDX] in ./meta/conf/licenses.conf is used to
+# control what kind of SPDX output to get from the FOSSology server.
+#
+# FOSS_FULL_SPDX = "true":
+#   Tell FOSSology server to return full SPDX output, like if the program was
+#   run from the command line. This is needed in order to get license refs for
+#   the full package rather than individual files only.
+#
+# FOSS_FULL_SPDX = "false":
+#   Tell FOSSology to only process license information for files. All package
+#   license tags in the report will be "NOASSERTION"
+#
+FOSS_FULL_SPDX = "true"
+# FOSSologySPDX instance server. http://localhost/repo is the default
+# installation location for FOSSology.
+#
 # For more information on FOSSologySPDX commandline:
 #   https://github.com/spdx-tools/fossology-spdx/wiki/Fossology-SPDX-Web-API
 #
-FOSS_SERVER = "http://localhost//?mod=spdx_license_once&noCopyright=${FOSS_COPYRIGHT}&recursiveUnpack=${FOSS_RECURSIVE_UNPACK}"
+FOSS_BASE_URL = "http://localhost/repo/?mod=spdx_license_once"
+FOSS_SERVER = "${FOSS_BASE_URL}&fullSPDXFlag=${FOSS_FULL_SPDX}&noCopyright=${FOSS_NO_COPYRIGHT}&recursiveUnpack=${FOSS_RECURSIVE_UNPACK}"
 FOSS_WGET_FLAGS = "-qO - --no-check-certificate --timeout=0"
author	Tobias Olausson <tobias.olausson@pelagicore.com>	2014-10-20 16:09:15 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-10-24 17:36:15 +0100
commit	f348071efd9419de3fa7f4e4ad78dfa5f8445412 (patch)
tree	7210e42b132f8cfd8df9a89dde184629a7b3fb81 /meta/conf/licenses.conf
parent	8882eaaf97821fd96a72dc1382517689912d357b (diff)
download	poky-f348071efd9419de3fa7f4e4ad78dfa5f8445412.tar.gz