From 551d1f4ef23a19664b64adc92aba15534a4644dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Mon, 17 Feb 2025 06:56:03 +0100 Subject: [PATCH] sbom/spdx: always use license ref IDs as is MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always return License ref IDs as is, if used as package license, regardless if license_expression package is available. This will prevent wrapping them again as extracted license info and generating yet another license ref ID. Signed-off-by: Tomáš Hozza --- osbuild/util/sbom/spdx.py | 6 ++++++ test/mod/test_util_sbom_spdx.py | 3 +++ 2 files changed, 9 insertions(+) diff --git a/osbuild/util/sbom/spdx.py b/osbuild/util/sbom/spdx.py index de9daead..541452b3 100644 --- a/osbuild/util/sbom/spdx.py +++ b/osbuild/util/sbom/spdx.py @@ -53,7 +53,13 @@ class SpdxLicenseExpressionCreator: If the license-expression package is not available, the license string is always wrapped in an ExtractedLicensingInfo object. + + License strings that are already SPDX license ref IDs are returned as is. """ + if license_str.startswith("LicenseRef-"): + # The license string is already an SPDX license ref ID. + return license_str + if self._spdx_licensing is None: return self._to_extracted_license_info(license_str) diff --git a/test/mod/test_util_sbom_spdx.py b/test/mod/test_util_sbom_spdx.py index 6d237df0..6ea904a6 100644 --- a/test/mod/test_util_sbom_spdx.py +++ b/test/mod/test_util_sbom_spdx.py @@ -27,6 +27,9 @@ def test_spdxlicenseexpressionfactory_license_expression_availability(licensing_ lf = SpdxLicenseExpressionCreator() license_expression = lf.ensure_license_expression("MIT") + license_expression2 = lf.ensure_license_expression("LicenseRef-123") + assert license_expression2 == "LicenseRef-123" + if licensing_available: assert mocked_licensing is not None # The license string should be a SPDX license expression string.