a3428e282d
Introduce a new class `SpdxLicenseExpressionCreator`, responsible for converting license texts extracted from packages, into an SPDX-compliant license expressions. If the `license_expression` Python package is available on the system, it is used to determine the license text extracted from a package is a valid SPDX license expression. If it is, it's returned as is back to the caller. If it is not, or of the package is not available on the system, the license text is wrapped in a `ExtractedLicensingInfo` instance. The `SpdxLicenseExpressionCreator` object keeps track of all generated `ExtractedLicensingInfo` instances and de-duplicates them based on the license text. This means that if two packages use the same SPDX-non-compliant license text, they will be wrapped by an `ExtractedLicensingInfo` instance with the same `LicenseRef-` ID. The reason for fallback when `license_expression` package is not available is that it is not available on RHEL and CentOS Stream. This implementation allows us to ship the functionality in RHEL and optionally enabling it by installing `license_expression` from a 3rd party repository. In any case, the generated SBOM document will always contain valid SPDX license expressions. Extend unit tests to cover the newly added functionality. Signed-off-by: Tomáš Hozza <thozza@redhat.com> FIXUP: sbom/spdx: use compliant license expressions Signed-off-by: Tomáš Hozza <thozza@redhat.com>
22 lines
347 B
INI
22 lines
347 B
INI
[mypy]
|
|
|
|
[mypy-jsonschema.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-mako.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-tomli.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-hawkey.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-dnf.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-libdnf5.*]
|
|
ignore_missing_imports = True
|
|
|
|
[mypy-license_expression.*]
|
|
ignore_missing_imports = True
|