| Age | Commit message (Collapse) | Author |
|---|
|
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
For licenses which are not known to SPDX, find and embed the actual
license text in an ExtractedLicesingInfo block.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
add_extracted_document() is only called if the license isn't known to
SPDX, so there's no need to check again.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
spdx-licenses.json contains an array of licenses objects. As we'll be
searching it often, convert that to a dictionary when we parse it.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
|
|
|
|
|
|
|
|
Adds a script to synchronize the SPDX license JSON manifest, and also
update or add the local generic licenses to match the SPDX versions
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
|
|
Now that recipetool writes BSD-3-Clause, update the test appropriately.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The PyPI license classifiers include "OSI Approved: BSD", which does not
specify which of the many variations of BSD license it actually means.
The generic "BSD" license in the oe-core set is actually BSD-3-Clause.
From a random sample of ten PyPI modules that use "BSD", they are all
BSD-3-Clause. As we expect the recipe maintainer to verify the license
anyway, and this matches the previous license text, explicitly set the
license to BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The bulk of hdparm is under a unique license. Set the correct BSD
version, and specify that the hdparm license is also used.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, ffmpeg comprises of several licenses which are
BSD-like.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, use the precise licenses BSD-3-Clause-Attribution
and BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, use the precise license BSD-2-Clause-Patent.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
This recipe is just a single data file from shadow, but as we can't
easily tell what license that specific file is under just copy the full
license statement.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Note that the actual license text is BSD 4-Clause with clause 3 rescinded:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/blob/master/COPYING#L157
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Specifically, the actual recipe now has LICENSE=MIT.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The python-async-test recipe is now BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
"BSD" is ambiguous, use the precise license BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The xinetd license is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use the specific xinetd
license.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
Upstream has moved to GitHub. Whilst it's now too late to upgrade to
the latest release, we can add upstream check variables so that we get
notified we're out of date.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
The lsof LICENSE is superficially BSD-like, but it isn't BSD. Now that
we have the full SPDX license set in oe-core, use Spencer-94.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
This log checking fix is needed for both qemux86 and qemux86-64 so move
to the common section.
[YOCTO #14528]
(From OE-Core rev: 2475ce68f0bc1f342c75364dfcfaf7f30499badf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the previously added general git repo fallback rule the server
specific fallback mirrors for git.savannah.gnu.org and
git.yoctoproject.org are redundant. Remove them.
(From OE-Core rev: da864dbed0c29b3e3f0d1676ec1bb974f332ff3f)
Signed-off-by: Daniel Wagenknecht <dwagenknecht@emlix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Git hosting servers that require a slightly different URL when accessing
repositories via https protocol instead of the git native protocol
are not uncommon (servers using cgit as web UI). Provide a general rule
to try HOST/git/PATH via https as git repo fallback.
(From OE-Core rev: 0682697987873ab395360035b70630acfe66cd3a)
Signed-off-by: Daniel Wagenknecht <dwagenknecht@emlix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
readline uses ncurses for terminal capabilities database, but it fails to
specify it correctly in the pkg-config .pc file, resulting in:
Requires.private: termcap
As ncurses by default provides newer terminfo instead of termcap, there's
no termcap.pc in the system and pkg-config fails when linking with readline:
readline.pc X-> termcap.pc
Help configure script to set pkg-config to use ncurses for the correct
terminal capabilities database:
Requires.private: ncurses
This fixes pkg-config dependency chain:
readline.pc -> ncurses.pc -> tinfo.pc
(From OE-Core rev: b4364cc44ae47d3b41a4fd181c904ae97e213842)
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't want this warning causing problems on the AB, so leave it
comment out for now
(From OE-Core rev: d41018311abf91899645b8f3160db540abdb5398)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Native recipes do not produce packages and should not process them,
otherwise it can trigger an error in read_subpackage_metadata
(From OE-Core rev: ea077b1ff6a4ccd5241a085bf9a3f67011e0f7bf)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Stop filtering the runtime dependencies based on do_create_sdpx (makes
it only pick up things in DEPENDS) and instead include all task
dependencies that are not the current PN. This allows other dependency
methods to be picked up correctly, for example the dependency on the
kernel used by kernel modules.
(From OE-Core rev: c9659562cf88a820c668ff1eb20814dcb4829392)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Public Domain license (PD) needs a special exception in the license
processing since there is no common license text to be extracted for
these licenses.
(From OE-Core rev: fe5b757712aa99ff1ff10d2304ac320100635200)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
file:// URIs should not be included as the downloadLocation. Instead,
loop until a non-file:// URI is found, or set the location to
NOASSERTION if none is found
(From OE-Core rev: 19c61ec3986213b336d965d90b1329085e7d6179)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use the bb.utils.sha* utilities to hash files since they are much faster
than the loops we were rolling ourselves
(From OE-Core rev: a6d9de5350937c7e25899491db59f473345f0b69)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Licenses reported in the SPDX documents should be either:
A) A valid SPDX identifier cross referenced from the SPDX license
database
B) A "LicenseRef" to a license described in the SPDX document
The licensing code will now add a placeholder extracted license with
corresponding "LicenseRef" for any licenses that are not matched to the
SPDX database
Parenthesis in the license expression are now handled correctly
(From OE-Core rev: 28d9d035c0ff8fcaf28bc96a976a43a602a47e94)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This will create a more uniq DocumentRef, which will allow
the individual spdx files to be merged into a single SBOM
file reflecting the image. Do the same with the runtime dependencies
also
(From OE-Core rev: df7c88a48621d32c02f328eedc314f10d475b758)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes another creator that was missed earlier
(From OE-Core rev: 046c05fec9fc5162d7a14971ed1402d86605d229)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If a debug source cannot be found, mark it as NOASSERTION so that other
tools at least know we were unable to locate it.
(From OE-Core rev: 0e6bdd3f208c50153087c2baca67e9fd64a458d0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 82f3229bce41dc101c79865033432161dac269d8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add the index to DEPLOYDIR in addition to adding it to the SPDX archive
(From OE-Core rev: 374dc08c0f22e98a267676f71308592d17f77d64)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ebfe78ad26b643ce0fb22ba5b3ede43da4a78987)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the creator name since this no longer lives in meta-doubleopen
(From OE-Core rev: 6fdea64ef53eb4de3d0e58e70ae6b391fdff6cd0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds a class as a first attempt to create SPDX SBoM documents during the
build. This initial work was influenced by [meta-doubleopen][1],
although almost completely rewritten.
[1]: https://github.com/doubleopen-project/meta-doubleopen
(From OE-Core rev: 78c79821ae7e2f060b9a74ea9aefce98102bb00e)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds extended package data which is encoded as JSON which allows it to
encode more structure than the "flat" package data files. The extended
data might be much larger than the standard package data, so it is not
read by default and instead requires
oe.packagedata.read_subpkgdata_extended() to be called
Currently, the file sizes and ELF debug sources are saved off into the
extended package data
(From OE-Core rev: db9cf430e54ae68da80fbc3fba80ce88d8df164d)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adds the SPDX license database from https://github.com/spdx/license-list-data
(From OE-Core rev: a8048931701438e2f267a52a43869c27743907e3)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As part of the work to converge our license support with SPDX, ensure
that we have all of the licenses that SPDX supports.
(From OE-Core rev: e2f9092c37395f4e3ee9d0777e28c83cce6007ee)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-2-Clause.
(From OE-Core rev: 391895306c44545843dca1ab8ac5b299194f18a9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-2-Clause.
(From OE-Core rev: 521664fea3f21c1fe08ab19227519cbb224f353c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise license BSD-2-Clause.
(From OE-Core rev: fea814494865976e78be308642db553102ca9e02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"BSD" is ambiguous, use the precise licenses BSD-2-Clause BSD-4-Clause.
(From OE-Core rev: e55bc3bdb8698ea6673174d33f659518b55f1ff2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Ross Burton
Joshua Watt
Richard Purdie
Daniel Wagenknecht
Denys Dmytriyenko
Saul Wold
Ross Burton