osbuild-depsolve-dnf: allow passing custom license index db file

Allow passing a custom license index db file for SBOM generation by
specifying it in the solver configuration.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>

osbuild/solver/dnf.py

@@ -17,7 +17,7 @@ from osbuild.util.sbom.spdx import sbom_pkgset_to_spdx2_doc
 
 
 class DNF(SolverBase):
-    def __init__(self, request, persistdir, cache_dir):
+    def __init__(self, request, persistdir, cache_dir, license_index_path=None):
         arch = request["arch"]
         releasever = request.get("releasever")
         module_platform_id = request["module_platform_id"]
@@ -93,6 +93,9 @@ class DNF(SolverBase):
         # enable module resolving
         self.base_module = dnf.module.module_base.ModuleBase(self.base)
 
+        # Custom license index file path use for SBOM generation
+        self.license_index_path = license_index_path
+
     @staticmethod
     def _dnfrepo(desc, parent_conf=None):
         """Makes a dnf.repo.Repo out of a JSON repository description"""
@@ -167,15 +170,14 @@ class DNF(SolverBase):
     def _timestamp_to_rfc3339(timestamp):
         return datetime.utcfromtimestamp(timestamp).strftime('%Y-%m-%dT%H:%M:%SZ')
 
-    @staticmethod
-    def _sbom_for_pkgset(pkgset: List[dnf.package.Package]) -> Dict:
+    def _sbom_for_pkgset(self, pkgset: List[dnf.package.Package]) -> Dict:
         """
         Create an SBOM document for the given package set.
 
         For now, only SPDX v2 is supported.
         """
         pkgset = dnf_pkgset_to_sbom_pkgset(pkgset)
-        spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset)
+        spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset, self.license_index_path)
         return spdx_doc.to_dict()
 
     def dump(self):

osbuild/solver/dnf5.py

@@ -56,7 +56,7 @@ class DNF5(SolverBase):
     """
 
     # pylint: disable=too-many-arguments
-    def __init__(self, request, persistdir, cachedir):
+    def __init__(self, request, persistdir, cachedir, license_index_path=None):
         arch = request["arch"]
         releasever = request.get("releasever")
         module_platform_id = request["module_platform_id"]
@@ -167,6 +167,9 @@ class DNF5(SolverBase):
         except RuntimeError as e:
             raise RepoError(e) from e
 
+        # Custom license index file path use for SBOM generation
+        self.license_index_path = license_index_path
+
     _BASEARCH_MAP = _invert({
         'aarch64': ('aarch64',),
         'alpha': ('alpha', 'alphaev4', 'alphaev45', 'alphaev5', 'alphaev56',
@@ -278,15 +281,14 @@ class DNF5(SolverBase):
     def _timestamp_to_rfc3339(timestamp):
         return datetime.utcfromtimestamp(timestamp).strftime('%Y-%m-%dT%H:%M:%SZ')
 
-    @staticmethod
-    def _sbom_for_pkgset(pkgset: List[dnf5.rpm.Package]) -> Dict:
+    def _sbom_for_pkgset(self, pkgset: List[dnf5.rpm.Package]) -> Dict:
         """
         Create an SBOM document for the given package set.
 
         For now, only SPDX v2 is supported.
         """
         pkgset = dnf_pkgset_to_sbom_pkgset(pkgset)
-        spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset)
+        spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset, self.license_index_path)
         return spdx_doc.to_dict()
 
     def dump(self):

tools/osbuild-depsolve-dnf

@@ -59,7 +59,7 @@ def solve(request, cache_dir):
 
     with tempfile.TemporaryDirectory() as persistdir:
         try:
-            solver = Solver(request, persistdir, cache_dir)
+            solver = Solver(request, persistdir, cache_dir, config.get("license_index_path"))
             if command == "dump":
                 result = solver.dump()
             elif command == "depsolve":