-
Notifications
You must be signed in to change notification settings - Fork 188
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
generate_sbom: add license mapping to rewrite licenses spdx conform
Added functionalities to configure license mapping files (json-formatted) to do a rewrite of the licenses to write spdx conform ones into the generated document. This is to handle non spdx conform license naming in packages taken from upstream without forking/fixing each package. The mapping has to be part of the image sources/created rootfs (e.g. livebuild). Example of a mapping file: ``` { "GPL-1+": "GPL-1.0-or-later", "LGPL-1+": "LGPL-1.0-or-later", "LGPL-1.0+": "LGPL-1.0-or-later", "GPL-2+": "GPL-2.0-or-later", "GPL-2.0+": "GPL-2.0-or-later", "GPL-2": "GPL-2.0-only", "GPL-2.0": "GPL-2.0-only", "GPL-3+": "GPL-3.0-or-later" } ``` The mapping is activated by specifying the files in the project configuration: ``` BuildFlags: spdx-license-mapping:/license_mapping.json spdx-license-mapping:/spdx_licenses.json ``` The flag can be defined multiple times for different files if needed, the content of the files gets merged. The files are defined in the BuildFlag with its path in the created rootfs.
- Loading branch information
1 parent
86c4c66
commit 5f7e431
Showing
1 changed file
with
81 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters