[elbe-devel] [PATCH 8/8] elbepack: commands: cyclonedx-sbom: add error report

Thomas Weißschuh thomas.weissschuh at linutronix.de
Fri Aug 30 09:10:15 CEST 2024


Add licence-error report as seperate file to the SBOM generation.

Signed-off-by: Eduard Krein <eduard.krein at linutronix.de>
---
 elbepack/commands/cyclonedx-sbom.py           |  31 +
 .../cyclonedx/cyclonedx_reference.json.errors | 658 ++++++++++++++++++
 .../tests/cyclonedx/test_cyclonedx_sbom.py    |  14 +-
 3 files changed, 699 insertions(+), 4 deletions(-)
 create mode 100644 elbepack/tests/cyclonedx/cyclonedx_reference.json.errors

diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
index 34f0dd298894..deffd4e93a1f 100644
--- a/elbepack/commands/cyclonedx-sbom.py
+++ b/elbepack/commands/cyclonedx-sbom.py
@@ -3,10 +3,12 @@
 # SPDX-FileCopyrightText: 2024 Linutronix GmbH
 
 import argparse
+import contextlib
 import datetime
 import itertools
 import json
 import os
+import sys
 import urllib
 
 from elbepack.aptpkgutils import XMLPackage
@@ -106,9 +108,17 @@ def _component_from_apt_pkg(pkg, licenses):
     })
 
 
+def _errorreport(val):
+    if val == '-':
+        return contextlib.nullcontext(sys.stderr)
+    else:
+        return argparse.FileType('w')(val)
+
+
 def run_command(argv):
     aparser = argparse.ArgumentParser(prog='elbe cyclonedx-sbom')
     aparser.add_argument('-o', '--output', type=argparse.FileType('w'), default='-')
+    aparser.add_argument('-e', '--errors', type=_errorreport, default='-')
     aparser.add_argument('-d', dest='elbe_build', required=True)
     aparser.add_argument('-m', dest='mapping', nargs='?', default=None)
     args = aparser.parse_args(argv)
@@ -176,3 +186,24 @@ def run_command(argv):
     with args.output:
         json.dump(output, args.output, indent=2, cls=CycloneDXEncoder)
         args.output.write('\n')
+
+    def _print_error_report(dest, pkg_errors):
+        if pkg_errors is not None:
+            print(f'{pkg.name}', file=errors)
+            for error in pkg_errors:
+                print(f'  {error}', file=errors)
+            print('', file=errors)
+
+    def _errors_from_pkg(pkg, licenses):
+        if pkg.name in licenses:
+            if licenses[pkg.name][1]:
+                return licenses[pkg.name][1]
+
+    with args.errors as errors:
+        errors.write('\nThe following target-packages have errors:\n\n')
+        for pkg in pkg_list:
+            _print_error_report(errors, _errors_from_pkg(pkg, licenses))
+
+        errors.write('\nThe following chroot-packages have errors:\n\n')
+        for pkg in pkg_list:
+            _print_error_report(errors, _errors_from_pkg(pkg, chroot_lics))
diff --git a/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors b/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors
new file mode 100644
index 000000000000..0262c1e10fdc
--- /dev/null
+++ b/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors
@@ -0,0 +1,658 @@
+
+The following target-packages have errors:
+
+bash
+  no mapping for "GFDL-NIV-1.3" for pkg "bash"
+  no mapping for "BSD-4-clause-UC" for pkg "bash"
+  no mapping for "MIT-like" for pkg "bash"
+  no mapping for "permissive" for pkg "bash"
+
+bsdutils
+  no mapping for "BSLA" for pkg "bsdutils"
+
+coreutils
+  no mapping for "BSD-4-clause-UC" for pkg "coreutils"
+  no mapping for "GFDL-NIV-1.3" for pkg "coreutils"
+
+cron
+  no mapping for "Paul-Vixie's-license" for pkg "cron"
+
+cron-daemon-common
+  no mapping for "Paul-Vixie's-license" for pkg "cron-daemon-common"
+
+debianutils
+  no mapping for "SMAIL-GPL" for pkg "debianutils"
+
+diffutils
+  no mapping for "LGPL-2.0+" for pkg "diffutils"
+  no mapping for "GFDL-NIV-1.3" for pkg "diffutils"
+
+dpkg
+  no mapping for "public-domain-s-s-d" for pkg "dpkg"
+
+e2fsprogs
+  no mapping for "Apache-2" for pkg "e2fsprogs"
+  no mapping for "GPL" for pkg "e2fsprogs"
+  no mapping for "MIT-US-export" for pkg "e2fsprogs"
+
+fdisk
+  no mapping for "BSLA" for pkg "fdisk"
+
+findutils
+  no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+  no mapping for "GPL" for pkg "findutils"
+  no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+  no mapping for "LGPL-3" for pkg "findutils"
+  no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gcc-12-base
+  no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+  no mapping for "GPL" for pkg "findutils"
+  no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+  no mapping for "LGPL-3" for pkg "findutils"
+  no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gpgv
+  no mapping for "permissive" for pkg "gpgv"
+  no mapping for "RFC-Reference" for pkg "gpgv"
+  no mapping for "TinySCHEME" for pkg "gpgv"
+
+gzip
+  no mapping for "GFDL-1.3+-no-invariant" for pkg "gzip"
+  no mapping for "FSF-manpages" for pkg "gzip"
+
+less
+  no mapping for "Less" for pkg "less"
+  no mapping for "Less," for pkg "less"
+
+libargon2-1
+  no mapping for "CC0" for pkg "libargon2-1"
+
+libblkid1
+  no mapping for "BSLA" for pkg "libblkid1"
+
+libbsd0
+  no mapping for "BSD-4-clause-Niels-Provos" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-Regents" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-NetBSD" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-author" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-John-Birrell" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-verbatim" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-author" for pkg "libbsd0"
+  no mapping for "ISC-Original" for pkg "libbsd0"
+
+libbz2-1.0
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc-bin
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc6
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libcom-err2
+  no mapping for "Apache-2" for pkg "libcom-err2"
+  no mapping for "GPL" for pkg "libcom-err2"
+  no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcrypt1
+  no mapping for "Apache-2" for pkg "libcom-err2"
+  no mapping for "GPL" for pkg "libcom-err2"
+  no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcryptsetup12
+  no mapping for "CC0" for pkg "libcryptsetup12"
+
+libdb5.3
+  no mapping for "Ms-PL" for pkg "libdb5.3"
+  no mapping for "GPL" for pkg "libdb5.3"
+  no mapping for "MIT-old" for pkg "libdb5.3"
+  no mapping for "TCL-like" for pkg "libdb5.3"
+  no mapping for "BSD-3-clause-fjord" for pkg "libdb5.3"
+
+libelf1
+  no override for heuristics based package "libelf1"
+  no mapping for "GFDL-NIV-1.3" for pkg "libelf1"
+
+libext2fs2
+  no mapping for "Apache-2" for pkg "libext2fs2"
+  no mapping for "GPL" for pkg "libext2fs2"
+  no mapping for "MIT-US-export" for pkg "libext2fs2"
+
+libfdisk1
+  no mapping for "BSLA" for pkg "libfdisk1"
+
+libffi8
+  no mapping for "GPL" for pkg "libffi8"
+
+libgcc-s1
+  no mapping for "GPL" for pkg "libffi8"
+
+libgcrypt20
+  no override for heuristics based package "libgcrypt20"
+
+libgnutls30
+  no override for heuristics based package "libgnutls30"
+  no mapping for "The main library is licensed under GNU Lesser" for pkg "libgnutls30"
+  no mapping for "CC0 license" for pkg "libgnutls30"
+  no mapping for "LGPLv2.1+" for pkg "libgnutls30"
+  no mapping for "LGPLv3+_or_GPLv2+" for pkg "libgnutls30"
+
+libgpg-error0
+  no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libgssapi-krb5-2
+  no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libhogweed6
+  no mapping for "GAP" for pkg "libhogweed6"
+
+libidn2-0
+  no mapping for "Unicode" for pkg "libidn2-0"
+
+libip4tc2
+  no mapping for "custom" for pkg "libip4tc2"
+
+liblzma5
+  no mapping for "PD" for pkg "liblzma5"
+  no mapping for "probably-PD" for pkg "liblzma5"
+  no mapping for "permissive-fsf" for pkg "liblzma5"
+  no mapping for "Autoconf" for pkg "liblzma5"
+  no mapping for "permissive-nowarranty" for pkg "liblzma5"
+  no mapping for "none" for pkg "liblzma5"
+  no mapping for "config-h" for pkg "liblzma5"
+  no mapping for "noderivs" for pkg "liblzma5"
+  no mapping for "PD-debian" for pkg "liblzma5"
+
+libmd0
+  no mapping for "BSD-3-clause-Aaron-D-Gifford" for pkg "libmd0"
+  no mapping for "BSD-2-clause-NetBSD" for pkg "libmd0"
+  no mapping for "public-domain-md4" for pkg "libmd0"
+  no mapping for "public-domain-md5" for pkg "libmd0"
+  no mapping for "public-domain-sha1" for pkg "libmd0"
+
+libmount1
+  no mapping for "BSLA" for pkg "libmount1"
+
+libncursesw6
+  no mapping for "MIT/X11" for pkg "libncursesw6"
+
+libnettle8
+  no mapping for "GAP" for pkg "libnettle8"
+
+libp11-kit0
+  no mapping for "permissive-like-automake-output" for pkg "libp11-kit0"
+  no mapping for "ISC+IBM" for pkg "libp11-kit0"
+  no mapping for "same-as-rest-of-p11kit" for pkg "libp11-kit0"
+
+libpam-modules
+  no mapping for "GPL" for pkg "libpam-modules"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules"
+
+libpam-modules-bin
+  no mapping for "GPL" for pkg "libpam-modules-bin"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules-bin"
+
+libpam-runtime
+  no mapping for "GPL" for pkg "libpam-runtime"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-runtime"
+
+libpam0g
+  no mapping for "GPL" for pkg "libpam0g"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam0g"
+
+libpcre2-8-0
+  no mapping for "BSD-3-clause-Cambridge" for pkg "libpcre2-8-0"
+
+libpopt0
+  no mapping for "expat" for pkg "libpopt0"
+
+libproc2-0
+  no mapping for "LGPL-2.0+" for pkg "libproc2-0"
+
+libreadline8
+  no mapping for "GFDL-NIV-1.3+" for pkg "libreadline8"
+  no mapping for "ISC-no-attribution" for pkg "libreadline8"
+
+libsmartcols1
+  no mapping for "BSLA" for pkg "libsmartcols1"
+
+libss2
+  no mapping for "Apache-2" for pkg "libss2"
+  no mapping for "GPL" for pkg "libss2"
+  no mapping for "MIT-US-export" for pkg "libss2"
+
+libtinfo6
+  no mapping for "MIT/X11" for pkg "libtinfo6"
+
+libtirpc-common
+  no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc-common"
+  no mapping for "PERMISSIVE" for pkg "libtirpc-common"
+
+libtirpc3
+  no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc3"
+  no mapping for "PERMISSIVE" for pkg "libtirpc3"
+
+libunistring2
+  no mapping for "FreeSoftware" for pkg "libunistring2"
+
+libuuid1
+  no mapping for "BSLA" for pkg "libuuid1"
+
+libxtables12
+  no mapping for "custom" for pkg "libxtables12"
+
+login
+  no mapping for "GPL-1" for pkg "login"
+
+logsave
+  no mapping for "Apache-2" for pkg "logsave"
+  no mapping for "GPL" for pkg "logsave"
+  no mapping for "MIT-US-export" for pkg "logsave"
+
+mount
+  no mapping for "BSLA" for pkg "mount"
+
+nano
+  no mapping for "GFDL-NIV+" for pkg "nano"
+
+ncurses-base
+  no mapping for "MIT/X11" for pkg "ncurses-base"
+
+ncurses-bin
+  no mapping for "MIT/X11" for pkg "ncurses-bin"
+
+passwd
+  no mapping for "GPL-1" for pkg "passwd"
+
+perl-base
+  no mapping for "REGCOMP," for pkg "perl-base"
+  no mapping for "GPL-3+-WITH-BISON-EXCEPTION" for pkg "perl-base"
+  no mapping for "Unicode" for pkg "perl-base"
+  no mapping for "Artistic," for pkg "perl-base"
+  no mapping for "BZIP" for pkg "perl-base"
+  no mapping for "RRA-KEEP-THIS-NOTICE" for pkg "perl-base"
+  no mapping for "BSD-3-clause-with-weird-numbering" for pkg "perl-base"
+  no mapping for "TEXT-TABS" for pkg "perl-base"
+  no mapping for "BSD-4-clause-POWERDOG" for pkg "perl-base"
+  no mapping for "BSD-3-clause-GENERIC" for pkg "perl-base"
+  no mapping for "SDBM-PUBLIC-DOMAIN" for pkg "perl-base"
+  no mapping for "DONT-CHANGE-THE-GPL" for pkg "perl-base"
+  no mapping for "Artistic-dist" for pkg "perl-base"
+
+procps
+  no mapping for "LGPL-2.0+" for pkg "procps"
+
+readline-common
+  no mapping for "GFDL-NIV-1.3+" for pkg "readline-common"
+  no mapping for "ISC-no-attribution" for pkg "readline-common"
+
+sed
+  no mapping for "GFDL-NIV-1.3+" for pkg "sed"
+  no mapping for "BSD-4-clause-UC" for pkg "sed"
+  no mapping for "BSL-1" for pkg "sed"
+  no mapping for "pcre" for pkg "sed"
+
+sensible-utils
+  no mapping for "All-permissive" for pkg "sensible-utils"
+  no mapping for "configure" for pkg "sensible-utils"
+  no mapping for "installsh" for pkg "sensible-utils"
+
+sysvinit-utils
+  no mapping for "GPL-3.0" for pkg "sysvinit-utils"
+
+util-linux
+  no mapping for "BSLA" for pkg "util-linux"
+
+util-linux-extra
+  no mapping for "BSLA" for pkg "util-linux-extra"
+
+vim-common
+  no mapping for "OPL-1+" for pkg "vim-common"
+  no mapping for "Apache" for pkg "vim-common"
+  no mapping for "Artistic-1" for pkg "vim-common"
+  no mapping for "Vim-Regexp" for pkg "vim-common"
+  no mapping for "UC" for pkg "vim-common"
+  no mapping for "Compaq" for pkg "vim-common"
+  no mapping for "XPM" for pkg "vim-common"
+  no mapping for "EDL-1" for pkg "vim-common"
+
+vim-tiny
+  no mapping for "OPL-1+" for pkg "vim-tiny"
+  no mapping for "Apache" for pkg "vim-tiny"
+  no mapping for "Artistic-1" for pkg "vim-tiny"
+  no mapping for "Vim-Regexp" for pkg "vim-tiny"
+  no mapping for "UC" for pkg "vim-tiny"
+  no mapping for "Compaq" for pkg "vim-tiny"
+  no mapping for "XPM" for pkg "vim-tiny"
+  no mapping for "EDL-1" for pkg "vim-tiny"
+
+
+The following chroot-packages have errors:
+
+bash
+  no mapping for "GFDL-NIV-1.3" for pkg "bash"
+  no mapping for "BSD-4-clause-UC" for pkg "bash"
+  no mapping for "MIT-like" for pkg "bash"
+  no mapping for "permissive" for pkg "bash"
+
+bsdutils
+  no mapping for "BSLA" for pkg "bsdutils"
+
+coreutils
+  no mapping for "BSD-4-clause-UC" for pkg "coreutils"
+  no mapping for "GFDL-NIV-1.3" for pkg "coreutils"
+
+cron
+  no mapping for "Paul-Vixie's-license" for pkg "cron"
+
+cron-daemon-common
+  no mapping for "Paul-Vixie's-license" for pkg "cron-daemon-common"
+
+debianutils
+  no mapping for "SMAIL-GPL" for pkg "debianutils"
+
+diffutils
+  no mapping for "LGPL-2.0+" for pkg "diffutils"
+  no mapping for "GFDL-NIV-1.3" for pkg "diffutils"
+
+dpkg
+  no mapping for "public-domain-s-s-d" for pkg "dpkg"
+
+e2fsprogs
+  no mapping for "Apache-2" for pkg "e2fsprogs"
+  no mapping for "GPL" for pkg "e2fsprogs"
+  no mapping for "MIT-US-export" for pkg "e2fsprogs"
+
+fdisk
+  no mapping for "BSLA" for pkg "fdisk"
+
+findutils
+  no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+  no mapping for "GPL" for pkg "findutils"
+  no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+  no mapping for "LGPL-3" for pkg "findutils"
+  no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gcc-12-base
+  no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+  no mapping for "GPL" for pkg "findutils"
+  no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+  no mapping for "LGPL-3" for pkg "findutils"
+  no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gpgv
+  no mapping for "permissive" for pkg "gpgv"
+  no mapping for "RFC-Reference" for pkg "gpgv"
+  no mapping for "TinySCHEME" for pkg "gpgv"
+
+gzip
+  no mapping for "GFDL-1.3+-no-invariant" for pkg "gzip"
+  no mapping for "FSF-manpages" for pkg "gzip"
+
+less
+  no mapping for "Less" for pkg "less"
+  no mapping for "Less," for pkg "less"
+
+libargon2-1
+  no mapping for "CC0" for pkg "libargon2-1"
+
+libblkid1
+  no mapping for "BSLA" for pkg "libblkid1"
+
+libbsd0
+  no mapping for "BSD-4-clause-Niels-Provos" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-Regents" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-NetBSD" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-author" for pkg "libbsd0"
+  no mapping for "BSD-3-clause-John-Birrell" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-verbatim" for pkg "libbsd0"
+  no mapping for "BSD-2-clause-author" for pkg "libbsd0"
+  no mapping for "ISC-Original" for pkg "libbsd0"
+
+libbz2-1.0
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc-bin
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc6
+  no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libcom-err2
+  no mapping for "Apache-2" for pkg "libcom-err2"
+  no mapping for "GPL" for pkg "libcom-err2"
+  no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcrypt1
+  no mapping for "Apache-2" for pkg "libcom-err2"
+  no mapping for "GPL" for pkg "libcom-err2"
+  no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcryptsetup12
+  no mapping for "CC0" for pkg "libcryptsetup12"
+
+libdb5.3
+  no mapping for "Ms-PL" for pkg "libdb5.3"
+  no mapping for "GPL" for pkg "libdb5.3"
+  no mapping for "MIT-old" for pkg "libdb5.3"
+  no mapping for "TCL-like" for pkg "libdb5.3"
+  no mapping for "BSD-3-clause-fjord" for pkg "libdb5.3"
+
+libelf1
+  no override for heuristics based package "libelf1"
+  no mapping for "GFDL-NIV-1.3" for pkg "libelf1"
+
+libext2fs2
+  no mapping for "Apache-2" for pkg "libext2fs2"
+  no mapping for "GPL" for pkg "libext2fs2"
+  no mapping for "MIT-US-export" for pkg "libext2fs2"
+
+libfdisk1
+  no mapping for "BSLA" for pkg "libfdisk1"
+
+libffi8
+  no mapping for "GPL" for pkg "libffi8"
+
+libgcc-s1
+  no mapping for "GPL" for pkg "libffi8"
+
+libgcrypt20
+  no override for heuristics based package "libgcrypt20"
+
+libgnutls30
+  no override for heuristics based package "libgnutls30"
+  no mapping for "The main library is licensed under GNU Lesser" for pkg "libgnutls30"
+  no mapping for "CC0 license" for pkg "libgnutls30"
+  no mapping for "LGPLv2.1+" for pkg "libgnutls30"
+  no mapping for "LGPLv3+_or_GPLv2+" for pkg "libgnutls30"
+
+libgpg-error0
+  no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libgssapi-krb5-2
+  no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libhogweed6
+  no mapping for "GAP" for pkg "libhogweed6"
+
+libidn2-0
+  no mapping for "Unicode" for pkg "libidn2-0"
+
+libip4tc2
+  no mapping for "custom" for pkg "libip4tc2"
+
+liblzma5
+  no mapping for "PD" for pkg "liblzma5"
+  no mapping for "probably-PD" for pkg "liblzma5"
+  no mapping for "permissive-fsf" for pkg "liblzma5"
+  no mapping for "Autoconf" for pkg "liblzma5"
+  no mapping for "permissive-nowarranty" for pkg "liblzma5"
+  no mapping for "none" for pkg "liblzma5"
+  no mapping for "config-h" for pkg "liblzma5"
+  no mapping for "noderivs" for pkg "liblzma5"
+  no mapping for "PD-debian" for pkg "liblzma5"
+
+libmd0
+  no mapping for "BSD-3-clause-Aaron-D-Gifford" for pkg "libmd0"
+  no mapping for "BSD-2-clause-NetBSD" for pkg "libmd0"
+  no mapping for "public-domain-md4" for pkg "libmd0"
+  no mapping for "public-domain-md5" for pkg "libmd0"
+  no mapping for "public-domain-sha1" for pkg "libmd0"
+
+libmount1
+  no mapping for "BSLA" for pkg "libmount1"
+
+libncursesw6
+  no mapping for "MIT/X11" for pkg "libncursesw6"
+
+libnettle8
+  no mapping for "GAP" for pkg "libnettle8"
+
+libp11-kit0
+  no mapping for "permissive-like-automake-output" for pkg "libp11-kit0"
+  no mapping for "ISC+IBM" for pkg "libp11-kit0"
+  no mapping for "same-as-rest-of-p11kit" for pkg "libp11-kit0"
+
+libpam-modules
+  no mapping for "GPL" for pkg "libpam-modules"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules"
+
+libpam-modules-bin
+  no mapping for "GPL" for pkg "libpam-modules-bin"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules-bin"
+
+libpam-runtime
+  no mapping for "GPL" for pkg "libpam-runtime"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam-runtime"
+
+libpam0g
+  no mapping for "GPL" for pkg "libpam0g"
+  no mapping for "BSD-tcp_wrappers" for pkg "libpam0g"
+
+libpcre2-8-0
+  no mapping for "BSD-3-clause-Cambridge" for pkg "libpcre2-8-0"
+
+libpopt0
+  no mapping for "expat" for pkg "libpopt0"
+
+libproc2-0
+  no mapping for "LGPL-2.0+" for pkg "libproc2-0"
+
+libreadline8
+  no mapping for "GFDL-NIV-1.3+" for pkg "libreadline8"
+  no mapping for "ISC-no-attribution" for pkg "libreadline8"
+
+libsmartcols1
+  no mapping for "BSLA" for pkg "libsmartcols1"
+
+libss2
+  no mapping for "Apache-2" for pkg "libss2"
+  no mapping for "GPL" for pkg "libss2"
+  no mapping for "MIT-US-export" for pkg "libss2"
+
+libtinfo6
+  no mapping for "MIT/X11" for pkg "libtinfo6"
+
+libtirpc-common
+  no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc-common"
+  no mapping for "PERMISSIVE" for pkg "libtirpc-common"
+
+libtirpc3
+  no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc3"
+  no mapping for "PERMISSIVE" for pkg "libtirpc3"
+
+libunistring2
+  no mapping for "FreeSoftware" for pkg "libunistring2"
+
+libuuid1
+  no mapping for "BSLA" for pkg "libuuid1"
+
+libxtables12
+  no mapping for "custom" for pkg "libxtables12"
+
+login
+  no mapping for "GPL-1" for pkg "login"
+
+logsave
+  no mapping for "Apache-2" for pkg "logsave"
+  no mapping for "GPL" for pkg "logsave"
+  no mapping for "MIT-US-export" for pkg "logsave"
+
+mount
+  no mapping for "BSLA" for pkg "mount"
+
+nano
+  no mapping for "GFDL-NIV+" for pkg "nano"
+
+ncurses-base
+  no mapping for "MIT/X11" for pkg "ncurses-base"
+
+ncurses-bin
+  no mapping for "MIT/X11" for pkg "ncurses-bin"
+
+passwd
+  no mapping for "GPL-1" for pkg "passwd"
+
+perl-base
+  no mapping for "REGCOMP," for pkg "perl-base"
+  no mapping for "GPL-3+-WITH-BISON-EXCEPTION" for pkg "perl-base"
+  no mapping for "Unicode" for pkg "perl-base"
+  no mapping for "Artistic," for pkg "perl-base"
+  no mapping for "BZIP" for pkg "perl-base"
+  no mapping for "RRA-KEEP-THIS-NOTICE" for pkg "perl-base"
+  no mapping for "BSD-3-clause-with-weird-numbering" for pkg "perl-base"
+  no mapping for "TEXT-TABS" for pkg "perl-base"
+  no mapping for "BSD-4-clause-POWERDOG" for pkg "perl-base"
+  no mapping for "BSD-3-clause-GENERIC" for pkg "perl-base"
+  no mapping for "SDBM-PUBLIC-DOMAIN" for pkg "perl-base"
+  no mapping for "DONT-CHANGE-THE-GPL" for pkg "perl-base"
+  no mapping for "Artistic-dist" for pkg "perl-base"
+
+procps
+  no mapping for "LGPL-2.0+" for pkg "procps"
+
+readline-common
+  no mapping for "GFDL-NIV-1.3+" for pkg "readline-common"
+  no mapping for "ISC-no-attribution" for pkg "readline-common"
+
+sed
+  no mapping for "GFDL-NIV-1.3+" for pkg "sed"
+  no mapping for "BSD-4-clause-UC" for pkg "sed"
+  no mapping for "BSL-1" for pkg "sed"
+  no mapping for "pcre" for pkg "sed"
+
+sensible-utils
+  no mapping for "All-permissive" for pkg "sensible-utils"
+  no mapping for "configure" for pkg "sensible-utils"
+  no mapping for "installsh" for pkg "sensible-utils"
+
+sysvinit-utils
+  no mapping for "GPL-3.0" for pkg "sysvinit-utils"
+
+util-linux
+  no mapping for "BSLA" for pkg "util-linux"
+
+util-linux-extra
+  no mapping for "BSLA" for pkg "util-linux-extra"
+
+vim-common
+  no mapping for "OPL-1+" for pkg "vim-common"
+  no mapping for "Apache" for pkg "vim-common"
+  no mapping for "Artistic-1" for pkg "vim-common"
+  no mapping for "Vim-Regexp" for pkg "vim-common"
+  no mapping for "UC" for pkg "vim-common"
+  no mapping for "Compaq" for pkg "vim-common"
+  no mapping for "XPM" for pkg "vim-common"
+  no mapping for "EDL-1" for pkg "vim-common"
+
+vim-tiny
+  no mapping for "OPL-1+" for pkg "vim-tiny"
+  no mapping for "Apache" for pkg "vim-tiny"
+  no mapping for "Artistic-1" for pkg "vim-tiny"
+  no mapping for "Vim-Regexp" for pkg "vim-tiny"
+  no mapping for "UC" for pkg "vim-tiny"
+  no mapping for "Compaq" for pkg "vim-tiny"
+  no mapping for "XPM" for pkg "vim-tiny"
+  no mapping for "EDL-1" for pkg "vim-tiny"
+
diff --git a/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py b/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
index 0d0393b6159a..b05864f64be2 100644
--- a/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
+++ b/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
@@ -41,17 +41,19 @@ here = pathlib.Path(__file__).parent
 def generate_test_bom():
     source_dir = here.joinpath('build-simple-example')
     mapping_file = here.joinpath('example-mapping.xml')
-    with tempfile.NamedTemporaryFile() as output:
+    with tempfile.NamedTemporaryFile() as output, \
+         tempfile.NamedTemporaryFile('r') as errors:
         run_elbe_subcommand([
             'cyclonedx-sbom', '--output', output.name,
+            '--errors', errors.name,
             '-m', mapping_file, '-d', source_dir,
         ])
         output.seek(0)
-        return json.load(output)
+        return json.load(output), errors.read()
 
 
 def test_schema():
-    test_bom = generate_test_bom()
+    test_bom, _ = generate_test_bom()
     with here.joinpath('bom-1.6.schema.json').open() as f:
         bom_schema = json.load(f)
     with here.joinpath('spdx.schema.json').open() as f:
@@ -63,10 +65,14 @@ def test_schema():
 
 
 def test_reference_data():
-    test_bom = generate_test_bom()
+    test_bom, error_report = generate_test_bom()
     test_bom['metadata']['timestamp'] = '0001-01-01T00:00:00+00:00'
     test_bom['serialNumber'] = uuid.UUID(int=0).urn
     test_bom['metadata']['tools'][0]['version'] = 'INVALID'
     with here.joinpath('cyclonedx_reference.json').open() as f:
         reference_data = json.load(f)
+
     assert test_bom == reference_data
+
+    reference_errors = here.joinpath('cyclonedx_reference.json.errors').read_text()
+    assert error_report == reference_errors
-- 
2.46.0



More information about the elbe-devel mailing list