Skip to content

Commit

Permalink
feat(spdx): Allow LicenseRef- exceptions for licenseInfoInFiles
Browse files Browse the repository at this point in the history
SPDX v2 does not allow using custom (`LicenseRef-`) IDs as exceptions
and an SPDX expression. Whether / how that could be supported in future
is currently being discussed, see [1].

When the SPDX reporter creates an SPDX document containing `LicenseRef-`
exceptions it crashes due to an exception from
`SpdxExpression.validate()`. The only SPDX V2 compliant options for
preventing that crash are:

1. Come up with a whole new `LicenseRef-` license string which denotes
   to a text containing both, the license and the exception.
2. Allow `LicenseRef-` in the report.

So, this commit implements #2 which is an easy fix, at least for the
short term.

[1] spdx/change-proposal#4

Signed-off-by: Marcel Bochtler <marcel.bochtler@bosch.com>
  • Loading branch information
MarcelBochtler authored and fviernau committed Aug 21, 2023
1 parent c141107 commit a89faf9
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion utils/spdx/src/main/kotlin/model/SpdxFile.kt
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import com.fasterxml.jackson.annotation.JsonProperty

import org.ossreviewtoolkit.utils.spdx.SpdxConstants
import org.ossreviewtoolkit.utils.spdx.SpdxConstants.REF_PREFIX
import org.ossreviewtoolkit.utils.spdx.SpdxExpression
import org.ossreviewtoolkit.utils.spdx.isSpdxExpressionOrNotPresent

/**
Expand Down Expand Up @@ -187,7 +188,9 @@ data class SpdxFile(

// TODO: The check for [licenseInfoInFiles] can be made more strict, but the SPDX specification is not exact
// enough yet to do this safely.
licenseInfoInFiles.filterNot { it.isSpdxExpressionOrNotPresent() }.let {
licenseInfoInFiles.filterNot {
it.isSpdxExpressionOrNotPresent(SpdxExpression.Strictness.ALLOW_LICENSEREF_EXCEPTIONS)
}.let {
require(it.isEmpty()) {
"The entries in licenseInfoInFiles must each be either an SpdxExpression, 'NONE' or 'NOASSERTION', " +
"but found ${it.joinToString()}."
Expand Down

0 comments on commit a89faf9

Please sign in to comment.