particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sbom/spdx: always use license ref IDs as is

Browse source 
Always return License ref IDs as is, if used as package license,
regardless if license_expression package is available. This will prevent
wrapping them again as extracted license info and generating yet another
license ref ID.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This commit is contained in:
Tomáš Hozza 2025-02-17 06:56:03 +01:00 committed by Tomáš Hozza
parent 35993fe256
commit 551d1f4ef2
2 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
osbuild/util/sbom/spdx.py
View file

@ -53,7 +53,13 @@ class SpdxLicenseExpressionCreator:
If the license-expression package is not available, the license string is always wrapped in an
ExtractedLicensingInfo object.
License strings that are already SPDX license ref IDs are returned as is.
"""
if license_str.startswith("LicenseRef-"):
# The license string is already an SPDX license ref ID.
return license_str
if self._spdx_licensing is None:
return self._to_extracted_license_info(license_str)

3
test/mod/test_util_sbom_spdx.py
View file

@ -27,6 +27,9 @@ def test_spdxlicenseexpressionfactory_license_expression_availability(licensing_
lf = SpdxLicenseExpressionCreator()
license_expression = lf.ensure_license_expression("MIT")
license_expression2 = lf.ensure_license_expression("LicenseRef-123")
assert license_expression2 == "LicenseRef-123"
if licensing_available:
assert mocked_licensing is not None
# The license string should be a SPDX license expression string.