create-spdx: Get SPDX-License-Identifier from source

This patch will read the begining of source files and try to find the SPDX-License-Identifier to populate the licenseInfoInFiles field for each source file. This does not populate licenseConcluded at this time, nor rolls it up to package level. We read as binary file since some source code seem to have some binary characters, the license is then converted to ascii strings. (From OE-Core rev: 51e5f328635eb022143178c3169bae719509697a) Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Saul Wold <Saul.Wold@windriver.com> 2022-02-08 07:02:11 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-02-12 17:05:35 +0000
commit: 75f9785a2b28eddd1f6ca0c8a6c6507dd97df409 (patch)
tree: e420848e19d47b7c7d84ee05b6178ea50c8d4b71 /meta
parent: 76b3d141c027abced340c573f6c0f3836c55639c (diff)
download: poky-75f9785a2b28eddd1f6ca0c8a6c6507dd97df409.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 8b4203fdb5..64aada8593 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -37,6 +37,23 @@ SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created f
 do_image_complete[depends] = "virtual/kernel:do_create_spdx"
+def extract_licenses(filename):
+    import re
+    lic_regex = re.compile(b'^\W*SPDX-License-Identifier:\s*([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
+    try:
+        with open(filename, 'rb') as f:
+            size = min(15000, os.stat(filename).st_size)
+            txt = f.read(size)
+            licenses = re.findall(lic_regex, txt)
+            if licenses:
+                ascii_licenses = [lic.decode('ascii') for lic in licenses]
+                return ascii_licenses
+    except Exception as e:
+        bb.warn(f"Exception reading {filename}: {e}")
+    return None
 def get_doc_namespace(d, doc):
    import uuid
    namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
@@ -232,6 +249,11 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
                        checksumValue=bb.utils.sha256_file(filepath),
                    ))
+                if "SOURCE" in spdx_file.fileTypes:
+                    extracted_lics = extract_licenses(filepath)
+                    if extracted_lics:
+                        spdx_file.licenseInfoInFiles = extracted_lics
                doc.files.append(spdx_file)
                doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
                spdx_pkg.hasFiles.append(spdx_file.SPDXID)
author	Saul Wold <Saul.Wold@windriver.com>	2022-02-08 07:02:11 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-02-12 17:05:35 +0000
commit	75f9785a2b28eddd1f6ca0c8a6c6507dd97df409 (patch)
tree	e420848e19d47b7c7d84ee05b6178ea50c8d4b71 /meta
parent	76b3d141c027abced340c573f6c0f3836c55639c (diff)
download	poky-75f9785a2b28eddd1f6ca0c8a6c6507dd97df409.tar.gz

diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index 8b4203fdb5..64aada8593 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass
@@ -37,6 +37,23 @@ SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created f
37		37
38	do_image_complete[depends] = "virtual/kernel:do_create_spdx"	38	do_image_complete[depends] = "virtual/kernel:do_create_spdx"
39		39
		40	def extract_licenses(filename):
		41	import re
		42
		43	lic_regex = re.compile(b'^\WSPDX-License-Identifier:\s([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
		44
		45	try:
		46	with open(filename, 'rb') as f:
		47	size = min(15000, os.stat(filename).st_size)
		48	txt = f.read(size)
		49	licenses = re.findall(lic_regex, txt)
		50	if licenses:
		51	ascii_licenses = [lic.decode('ascii') for lic in licenses]
		52	return ascii_licenses
		53	except Exception as e:
		54	bb.warn(f"Exception reading {filename}: {e}")
		55	return None
		56
40	def get_doc_namespace(d, doc):	57	def get_doc_namespace(d, doc):
41	import uuid	58	import uuid
42	namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))	59	namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
@@ -232,6 +249,11 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
232	checksumValue=bb.utils.sha256_file(filepath),	249	checksumValue=bb.utils.sha256_file(filepath),
233	))	250	))
234		251
		252	if "SOURCE" in spdx_file.fileTypes:
		253	extracted_lics = extract_licenses(filepath)
		254	if extracted_lics:
		255	spdx_file.licenseInfoInFiles = extracted_lics
		256
235	doc.files.append(spdx_file)	257	doc.files.append(spdx_file)
236	doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)	258	doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
237	spdx_pkg.hasFiles.append(spdx_file.SPDXID)	259	spdx_pkg.hasFiles.append(spdx_file.SPDXID)