[elbe-devel] [PATCH 8/8] elbepack: commands: cyclonedx-sbom: add error report
Thomas Weißschuh
thomas.weissschuh at linutronix.de
Fri Aug 30 09:10:15 CEST 2024
Add licence-error report as seperate file to the SBOM generation.
Signed-off-by: Eduard Krein <eduard.krein at linutronix.de>
---
elbepack/commands/cyclonedx-sbom.py | 31 +
.../cyclonedx/cyclonedx_reference.json.errors | 658 ++++++++++++++++++
.../tests/cyclonedx/test_cyclonedx_sbom.py | 14 +-
3 files changed, 699 insertions(+), 4 deletions(-)
create mode 100644 elbepack/tests/cyclonedx/cyclonedx_reference.json.errors
diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
index 34f0dd298894..deffd4e93a1f 100644
--- a/elbepack/commands/cyclonedx-sbom.py
+++ b/elbepack/commands/cyclonedx-sbom.py
@@ -3,10 +3,12 @@
# SPDX-FileCopyrightText: 2024 Linutronix GmbH
import argparse
+import contextlib
import datetime
import itertools
import json
import os
+import sys
import urllib
from elbepack.aptpkgutils import XMLPackage
@@ -106,9 +108,17 @@ def _component_from_apt_pkg(pkg, licenses):
})
+def _errorreport(val):
+ if val == '-':
+ return contextlib.nullcontext(sys.stderr)
+ else:
+ return argparse.FileType('w')(val)
+
+
def run_command(argv):
aparser = argparse.ArgumentParser(prog='elbe cyclonedx-sbom')
aparser.add_argument('-o', '--output', type=argparse.FileType('w'), default='-')
+ aparser.add_argument('-e', '--errors', type=_errorreport, default='-')
aparser.add_argument('-d', dest='elbe_build', required=True)
aparser.add_argument('-m', dest='mapping', nargs='?', default=None)
args = aparser.parse_args(argv)
@@ -176,3 +186,24 @@ def run_command(argv):
with args.output:
json.dump(output, args.output, indent=2, cls=CycloneDXEncoder)
args.output.write('\n')
+
+ def _print_error_report(dest, pkg_errors):
+ if pkg_errors is not None:
+ print(f'{pkg.name}', file=errors)
+ for error in pkg_errors:
+ print(f' {error}', file=errors)
+ print('', file=errors)
+
+ def _errors_from_pkg(pkg, licenses):
+ if pkg.name in licenses:
+ if licenses[pkg.name][1]:
+ return licenses[pkg.name][1]
+
+ with args.errors as errors:
+ errors.write('\nThe following target-packages have errors:\n\n')
+ for pkg in pkg_list:
+ _print_error_report(errors, _errors_from_pkg(pkg, licenses))
+
+ errors.write('\nThe following chroot-packages have errors:\n\n')
+ for pkg in pkg_list:
+ _print_error_report(errors, _errors_from_pkg(pkg, chroot_lics))
diff --git a/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors b/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors
new file mode 100644
index 000000000000..0262c1e10fdc
--- /dev/null
+++ b/elbepack/tests/cyclonedx/cyclonedx_reference.json.errors
@@ -0,0 +1,658 @@
+
+The following target-packages have errors:
+
+bash
+ no mapping for "GFDL-NIV-1.3" for pkg "bash"
+ no mapping for "BSD-4-clause-UC" for pkg "bash"
+ no mapping for "MIT-like" for pkg "bash"
+ no mapping for "permissive" for pkg "bash"
+
+bsdutils
+ no mapping for "BSLA" for pkg "bsdutils"
+
+coreutils
+ no mapping for "BSD-4-clause-UC" for pkg "coreutils"
+ no mapping for "GFDL-NIV-1.3" for pkg "coreutils"
+
+cron
+ no mapping for "Paul-Vixie's-license" for pkg "cron"
+
+cron-daemon-common
+ no mapping for "Paul-Vixie's-license" for pkg "cron-daemon-common"
+
+debianutils
+ no mapping for "SMAIL-GPL" for pkg "debianutils"
+
+diffutils
+ no mapping for "LGPL-2.0+" for pkg "diffutils"
+ no mapping for "GFDL-NIV-1.3" for pkg "diffutils"
+
+dpkg
+ no mapping for "public-domain-s-s-d" for pkg "dpkg"
+
+e2fsprogs
+ no mapping for "Apache-2" for pkg "e2fsprogs"
+ no mapping for "GPL" for pkg "e2fsprogs"
+ no mapping for "MIT-US-export" for pkg "e2fsprogs"
+
+fdisk
+ no mapping for "BSLA" for pkg "fdisk"
+
+findutils
+ no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+ no mapping for "GPL" for pkg "findutils"
+ no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+ no mapping for "LGPL-3" for pkg "findutils"
+ no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gcc-12-base
+ no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+ no mapping for "GPL" for pkg "findutils"
+ no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+ no mapping for "LGPL-3" for pkg "findutils"
+ no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gpgv
+ no mapping for "permissive" for pkg "gpgv"
+ no mapping for "RFC-Reference" for pkg "gpgv"
+ no mapping for "TinySCHEME" for pkg "gpgv"
+
+gzip
+ no mapping for "GFDL-1.3+-no-invariant" for pkg "gzip"
+ no mapping for "FSF-manpages" for pkg "gzip"
+
+less
+ no mapping for "Less" for pkg "less"
+ no mapping for "Less," for pkg "less"
+
+libargon2-1
+ no mapping for "CC0" for pkg "libargon2-1"
+
+libblkid1
+ no mapping for "BSLA" for pkg "libblkid1"
+
+libbsd0
+ no mapping for "BSD-4-clause-Niels-Provos" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-Regents" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-NetBSD" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-author" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-John-Birrell" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-verbatim" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-author" for pkg "libbsd0"
+ no mapping for "ISC-Original" for pkg "libbsd0"
+
+libbz2-1.0
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc-bin
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc6
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libcom-err2
+ no mapping for "Apache-2" for pkg "libcom-err2"
+ no mapping for "GPL" for pkg "libcom-err2"
+ no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcrypt1
+ no mapping for "Apache-2" for pkg "libcom-err2"
+ no mapping for "GPL" for pkg "libcom-err2"
+ no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcryptsetup12
+ no mapping for "CC0" for pkg "libcryptsetup12"
+
+libdb5.3
+ no mapping for "Ms-PL" for pkg "libdb5.3"
+ no mapping for "GPL" for pkg "libdb5.3"
+ no mapping for "MIT-old" for pkg "libdb5.3"
+ no mapping for "TCL-like" for pkg "libdb5.3"
+ no mapping for "BSD-3-clause-fjord" for pkg "libdb5.3"
+
+libelf1
+ no override for heuristics based package "libelf1"
+ no mapping for "GFDL-NIV-1.3" for pkg "libelf1"
+
+libext2fs2
+ no mapping for "Apache-2" for pkg "libext2fs2"
+ no mapping for "GPL" for pkg "libext2fs2"
+ no mapping for "MIT-US-export" for pkg "libext2fs2"
+
+libfdisk1
+ no mapping for "BSLA" for pkg "libfdisk1"
+
+libffi8
+ no mapping for "GPL" for pkg "libffi8"
+
+libgcc-s1
+ no mapping for "GPL" for pkg "libffi8"
+
+libgcrypt20
+ no override for heuristics based package "libgcrypt20"
+
+libgnutls30
+ no override for heuristics based package "libgnutls30"
+ no mapping for "The main library is licensed under GNU Lesser" for pkg "libgnutls30"
+ no mapping for "CC0 license" for pkg "libgnutls30"
+ no mapping for "LGPLv2.1+" for pkg "libgnutls30"
+ no mapping for "LGPLv3+_or_GPLv2+" for pkg "libgnutls30"
+
+libgpg-error0
+ no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libgssapi-krb5-2
+ no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libhogweed6
+ no mapping for "GAP" for pkg "libhogweed6"
+
+libidn2-0
+ no mapping for "Unicode" for pkg "libidn2-0"
+
+libip4tc2
+ no mapping for "custom" for pkg "libip4tc2"
+
+liblzma5
+ no mapping for "PD" for pkg "liblzma5"
+ no mapping for "probably-PD" for pkg "liblzma5"
+ no mapping for "permissive-fsf" for pkg "liblzma5"
+ no mapping for "Autoconf" for pkg "liblzma5"
+ no mapping for "permissive-nowarranty" for pkg "liblzma5"
+ no mapping for "none" for pkg "liblzma5"
+ no mapping for "config-h" for pkg "liblzma5"
+ no mapping for "noderivs" for pkg "liblzma5"
+ no mapping for "PD-debian" for pkg "liblzma5"
+
+libmd0
+ no mapping for "BSD-3-clause-Aaron-D-Gifford" for pkg "libmd0"
+ no mapping for "BSD-2-clause-NetBSD" for pkg "libmd0"
+ no mapping for "public-domain-md4" for pkg "libmd0"
+ no mapping for "public-domain-md5" for pkg "libmd0"
+ no mapping for "public-domain-sha1" for pkg "libmd0"
+
+libmount1
+ no mapping for "BSLA" for pkg "libmount1"
+
+libncursesw6
+ no mapping for "MIT/X11" for pkg "libncursesw6"
+
+libnettle8
+ no mapping for "GAP" for pkg "libnettle8"
+
+libp11-kit0
+ no mapping for "permissive-like-automake-output" for pkg "libp11-kit0"
+ no mapping for "ISC+IBM" for pkg "libp11-kit0"
+ no mapping for "same-as-rest-of-p11kit" for pkg "libp11-kit0"
+
+libpam-modules
+ no mapping for "GPL" for pkg "libpam-modules"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules"
+
+libpam-modules-bin
+ no mapping for "GPL" for pkg "libpam-modules-bin"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules-bin"
+
+libpam-runtime
+ no mapping for "GPL" for pkg "libpam-runtime"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-runtime"
+
+libpam0g
+ no mapping for "GPL" for pkg "libpam0g"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam0g"
+
+libpcre2-8-0
+ no mapping for "BSD-3-clause-Cambridge" for pkg "libpcre2-8-0"
+
+libpopt0
+ no mapping for "expat" for pkg "libpopt0"
+
+libproc2-0
+ no mapping for "LGPL-2.0+" for pkg "libproc2-0"
+
+libreadline8
+ no mapping for "GFDL-NIV-1.3+" for pkg "libreadline8"
+ no mapping for "ISC-no-attribution" for pkg "libreadline8"
+
+libsmartcols1
+ no mapping for "BSLA" for pkg "libsmartcols1"
+
+libss2
+ no mapping for "Apache-2" for pkg "libss2"
+ no mapping for "GPL" for pkg "libss2"
+ no mapping for "MIT-US-export" for pkg "libss2"
+
+libtinfo6
+ no mapping for "MIT/X11" for pkg "libtinfo6"
+
+libtirpc-common
+ no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc-common"
+ no mapping for "PERMISSIVE" for pkg "libtirpc-common"
+
+libtirpc3
+ no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc3"
+ no mapping for "PERMISSIVE" for pkg "libtirpc3"
+
+libunistring2
+ no mapping for "FreeSoftware" for pkg "libunistring2"
+
+libuuid1
+ no mapping for "BSLA" for pkg "libuuid1"
+
+libxtables12
+ no mapping for "custom" for pkg "libxtables12"
+
+login
+ no mapping for "GPL-1" for pkg "login"
+
+logsave
+ no mapping for "Apache-2" for pkg "logsave"
+ no mapping for "GPL" for pkg "logsave"
+ no mapping for "MIT-US-export" for pkg "logsave"
+
+mount
+ no mapping for "BSLA" for pkg "mount"
+
+nano
+ no mapping for "GFDL-NIV+" for pkg "nano"
+
+ncurses-base
+ no mapping for "MIT/X11" for pkg "ncurses-base"
+
+ncurses-bin
+ no mapping for "MIT/X11" for pkg "ncurses-bin"
+
+passwd
+ no mapping for "GPL-1" for pkg "passwd"
+
+perl-base
+ no mapping for "REGCOMP," for pkg "perl-base"
+ no mapping for "GPL-3+-WITH-BISON-EXCEPTION" for pkg "perl-base"
+ no mapping for "Unicode" for pkg "perl-base"
+ no mapping for "Artistic," for pkg "perl-base"
+ no mapping for "BZIP" for pkg "perl-base"
+ no mapping for "RRA-KEEP-THIS-NOTICE" for pkg "perl-base"
+ no mapping for "BSD-3-clause-with-weird-numbering" for pkg "perl-base"
+ no mapping for "TEXT-TABS" for pkg "perl-base"
+ no mapping for "BSD-4-clause-POWERDOG" for pkg "perl-base"
+ no mapping for "BSD-3-clause-GENERIC" for pkg "perl-base"
+ no mapping for "SDBM-PUBLIC-DOMAIN" for pkg "perl-base"
+ no mapping for "DONT-CHANGE-THE-GPL" for pkg "perl-base"
+ no mapping for "Artistic-dist" for pkg "perl-base"
+
+procps
+ no mapping for "LGPL-2.0+" for pkg "procps"
+
+readline-common
+ no mapping for "GFDL-NIV-1.3+" for pkg "readline-common"
+ no mapping for "ISC-no-attribution" for pkg "readline-common"
+
+sed
+ no mapping for "GFDL-NIV-1.3+" for pkg "sed"
+ no mapping for "BSD-4-clause-UC" for pkg "sed"
+ no mapping for "BSL-1" for pkg "sed"
+ no mapping for "pcre" for pkg "sed"
+
+sensible-utils
+ no mapping for "All-permissive" for pkg "sensible-utils"
+ no mapping for "configure" for pkg "sensible-utils"
+ no mapping for "installsh" for pkg "sensible-utils"
+
+sysvinit-utils
+ no mapping for "GPL-3.0" for pkg "sysvinit-utils"
+
+util-linux
+ no mapping for "BSLA" for pkg "util-linux"
+
+util-linux-extra
+ no mapping for "BSLA" for pkg "util-linux-extra"
+
+vim-common
+ no mapping for "OPL-1+" for pkg "vim-common"
+ no mapping for "Apache" for pkg "vim-common"
+ no mapping for "Artistic-1" for pkg "vim-common"
+ no mapping for "Vim-Regexp" for pkg "vim-common"
+ no mapping for "UC" for pkg "vim-common"
+ no mapping for "Compaq" for pkg "vim-common"
+ no mapping for "XPM" for pkg "vim-common"
+ no mapping for "EDL-1" for pkg "vim-common"
+
+vim-tiny
+ no mapping for "OPL-1+" for pkg "vim-tiny"
+ no mapping for "Apache" for pkg "vim-tiny"
+ no mapping for "Artistic-1" for pkg "vim-tiny"
+ no mapping for "Vim-Regexp" for pkg "vim-tiny"
+ no mapping for "UC" for pkg "vim-tiny"
+ no mapping for "Compaq" for pkg "vim-tiny"
+ no mapping for "XPM" for pkg "vim-tiny"
+ no mapping for "EDL-1" for pkg "vim-tiny"
+
+
+The following chroot-packages have errors:
+
+bash
+ no mapping for "GFDL-NIV-1.3" for pkg "bash"
+ no mapping for "BSD-4-clause-UC" for pkg "bash"
+ no mapping for "MIT-like" for pkg "bash"
+ no mapping for "permissive" for pkg "bash"
+
+bsdutils
+ no mapping for "BSLA" for pkg "bsdutils"
+
+coreutils
+ no mapping for "BSD-4-clause-UC" for pkg "coreutils"
+ no mapping for "GFDL-NIV-1.3" for pkg "coreutils"
+
+cron
+ no mapping for "Paul-Vixie's-license" for pkg "cron"
+
+cron-daemon-common
+ no mapping for "Paul-Vixie's-license" for pkg "cron-daemon-common"
+
+debianutils
+ no mapping for "SMAIL-GPL" for pkg "debianutils"
+
+diffutils
+ no mapping for "LGPL-2.0+" for pkg "diffutils"
+ no mapping for "GFDL-NIV-1.3" for pkg "diffutils"
+
+dpkg
+ no mapping for "public-domain-s-s-d" for pkg "dpkg"
+
+e2fsprogs
+ no mapping for "Apache-2" for pkg "e2fsprogs"
+ no mapping for "GPL" for pkg "e2fsprogs"
+ no mapping for "MIT-US-export" for pkg "e2fsprogs"
+
+fdisk
+ no mapping for "BSLA" for pkg "fdisk"
+
+findutils
+ no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+ no mapping for "GPL" for pkg "findutils"
+ no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+ no mapping for "LGPL-3" for pkg "findutils"
+ no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gcc-12-base
+ no mapping for "GFDL-NIV-1.3+" for pkg "findutils"
+ no mapping for "GPL" for pkg "findutils"
+ no mapping for "BSD-3-clause and/or GPL-3+" for pkg "findutils"
+ no mapping for "LGPL-3" for pkg "findutils"
+ no mapping for "ISC and/or LGPL-2.1+" for pkg "findutils"
+
+gpgv
+ no mapping for "permissive" for pkg "gpgv"
+ no mapping for "RFC-Reference" for pkg "gpgv"
+ no mapping for "TinySCHEME" for pkg "gpgv"
+
+gzip
+ no mapping for "GFDL-1.3+-no-invariant" for pkg "gzip"
+ no mapping for "FSF-manpages" for pkg "gzip"
+
+less
+ no mapping for "Less" for pkg "less"
+ no mapping for "Less," for pkg "less"
+
+libargon2-1
+ no mapping for "CC0" for pkg "libargon2-1"
+
+libblkid1
+ no mapping for "BSLA" for pkg "libblkid1"
+
+libbsd0
+ no mapping for "BSD-4-clause-Niels-Provos" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-Regents" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-NetBSD" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-author" for pkg "libbsd0"
+ no mapping for "BSD-3-clause-John-Birrell" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-verbatim" for pkg "libbsd0"
+ no mapping for "BSD-2-clause-author" for pkg "libbsd0"
+ no mapping for "ISC-Original" for pkg "libbsd0"
+
+libbz2-1.0
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc-bin
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libc6
+ no mapping for "BSD-variant" for pkg "libbz2-1.0"
+
+libcom-err2
+ no mapping for "Apache-2" for pkg "libcom-err2"
+ no mapping for "GPL" for pkg "libcom-err2"
+ no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcrypt1
+ no mapping for "Apache-2" for pkg "libcom-err2"
+ no mapping for "GPL" for pkg "libcom-err2"
+ no mapping for "MIT-US-export" for pkg "libcom-err2"
+
+libcryptsetup12
+ no mapping for "CC0" for pkg "libcryptsetup12"
+
+libdb5.3
+ no mapping for "Ms-PL" for pkg "libdb5.3"
+ no mapping for "GPL" for pkg "libdb5.3"
+ no mapping for "MIT-old" for pkg "libdb5.3"
+ no mapping for "TCL-like" for pkg "libdb5.3"
+ no mapping for "BSD-3-clause-fjord" for pkg "libdb5.3"
+
+libelf1
+ no override for heuristics based package "libelf1"
+ no mapping for "GFDL-NIV-1.3" for pkg "libelf1"
+
+libext2fs2
+ no mapping for "Apache-2" for pkg "libext2fs2"
+ no mapping for "GPL" for pkg "libext2fs2"
+ no mapping for "MIT-US-export" for pkg "libext2fs2"
+
+libfdisk1
+ no mapping for "BSLA" for pkg "libfdisk1"
+
+libffi8
+ no mapping for "GPL" for pkg "libffi8"
+
+libgcc-s1
+ no mapping for "GPL" for pkg "libffi8"
+
+libgcrypt20
+ no override for heuristics based package "libgcrypt20"
+
+libgnutls30
+ no override for heuristics based package "libgnutls30"
+ no mapping for "The main library is licensed under GNU Lesser" for pkg "libgnutls30"
+ no mapping for "CC0 license" for pkg "libgnutls30"
+ no mapping for "LGPLv2.1+" for pkg "libgnutls30"
+ no mapping for "LGPLv3+_or_GPLv2+" for pkg "libgnutls30"
+
+libgpg-error0
+ no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libgssapi-krb5-2
+ no mapping for "g10-permissive" for pkg "libgpg-error0"
+
+libhogweed6
+ no mapping for "GAP" for pkg "libhogweed6"
+
+libidn2-0
+ no mapping for "Unicode" for pkg "libidn2-0"
+
+libip4tc2
+ no mapping for "custom" for pkg "libip4tc2"
+
+liblzma5
+ no mapping for "PD" for pkg "liblzma5"
+ no mapping for "probably-PD" for pkg "liblzma5"
+ no mapping for "permissive-fsf" for pkg "liblzma5"
+ no mapping for "Autoconf" for pkg "liblzma5"
+ no mapping for "permissive-nowarranty" for pkg "liblzma5"
+ no mapping for "none" for pkg "liblzma5"
+ no mapping for "config-h" for pkg "liblzma5"
+ no mapping for "noderivs" for pkg "liblzma5"
+ no mapping for "PD-debian" for pkg "liblzma5"
+
+libmd0
+ no mapping for "BSD-3-clause-Aaron-D-Gifford" for pkg "libmd0"
+ no mapping for "BSD-2-clause-NetBSD" for pkg "libmd0"
+ no mapping for "public-domain-md4" for pkg "libmd0"
+ no mapping for "public-domain-md5" for pkg "libmd0"
+ no mapping for "public-domain-sha1" for pkg "libmd0"
+
+libmount1
+ no mapping for "BSLA" for pkg "libmount1"
+
+libncursesw6
+ no mapping for "MIT/X11" for pkg "libncursesw6"
+
+libnettle8
+ no mapping for "GAP" for pkg "libnettle8"
+
+libp11-kit0
+ no mapping for "permissive-like-automake-output" for pkg "libp11-kit0"
+ no mapping for "ISC+IBM" for pkg "libp11-kit0"
+ no mapping for "same-as-rest-of-p11kit" for pkg "libp11-kit0"
+
+libpam-modules
+ no mapping for "GPL" for pkg "libpam-modules"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules"
+
+libpam-modules-bin
+ no mapping for "GPL" for pkg "libpam-modules-bin"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-modules-bin"
+
+libpam-runtime
+ no mapping for "GPL" for pkg "libpam-runtime"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam-runtime"
+
+libpam0g
+ no mapping for "GPL" for pkg "libpam0g"
+ no mapping for "BSD-tcp_wrappers" for pkg "libpam0g"
+
+libpcre2-8-0
+ no mapping for "BSD-3-clause-Cambridge" for pkg "libpcre2-8-0"
+
+libpopt0
+ no mapping for "expat" for pkg "libpopt0"
+
+libproc2-0
+ no mapping for "LGPL-2.0+" for pkg "libproc2-0"
+
+libreadline8
+ no mapping for "GFDL-NIV-1.3+" for pkg "libreadline8"
+ no mapping for "ISC-no-attribution" for pkg "libreadline8"
+
+libsmartcols1
+ no mapping for "BSLA" for pkg "libsmartcols1"
+
+libss2
+ no mapping for "Apache-2" for pkg "libss2"
+ no mapping for "GPL" for pkg "libss2"
+ no mapping for "MIT-US-export" for pkg "libss2"
+
+libtinfo6
+ no mapping for "MIT/X11" for pkg "libtinfo6"
+
+libtirpc-common
+ no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc-common"
+ no mapping for "PERMISSIVE" for pkg "libtirpc-common"
+
+libtirpc3
+ no mapping for "__AUTO_PERMISSIVE__" for pkg "libtirpc3"
+ no mapping for "PERMISSIVE" for pkg "libtirpc3"
+
+libunistring2
+ no mapping for "FreeSoftware" for pkg "libunistring2"
+
+libuuid1
+ no mapping for "BSLA" for pkg "libuuid1"
+
+libxtables12
+ no mapping for "custom" for pkg "libxtables12"
+
+login
+ no mapping for "GPL-1" for pkg "login"
+
+logsave
+ no mapping for "Apache-2" for pkg "logsave"
+ no mapping for "GPL" for pkg "logsave"
+ no mapping for "MIT-US-export" for pkg "logsave"
+
+mount
+ no mapping for "BSLA" for pkg "mount"
+
+nano
+ no mapping for "GFDL-NIV+" for pkg "nano"
+
+ncurses-base
+ no mapping for "MIT/X11" for pkg "ncurses-base"
+
+ncurses-bin
+ no mapping for "MIT/X11" for pkg "ncurses-bin"
+
+passwd
+ no mapping for "GPL-1" for pkg "passwd"
+
+perl-base
+ no mapping for "REGCOMP," for pkg "perl-base"
+ no mapping for "GPL-3+-WITH-BISON-EXCEPTION" for pkg "perl-base"
+ no mapping for "Unicode" for pkg "perl-base"
+ no mapping for "Artistic," for pkg "perl-base"
+ no mapping for "BZIP" for pkg "perl-base"
+ no mapping for "RRA-KEEP-THIS-NOTICE" for pkg "perl-base"
+ no mapping for "BSD-3-clause-with-weird-numbering" for pkg "perl-base"
+ no mapping for "TEXT-TABS" for pkg "perl-base"
+ no mapping for "BSD-4-clause-POWERDOG" for pkg "perl-base"
+ no mapping for "BSD-3-clause-GENERIC" for pkg "perl-base"
+ no mapping for "SDBM-PUBLIC-DOMAIN" for pkg "perl-base"
+ no mapping for "DONT-CHANGE-THE-GPL" for pkg "perl-base"
+ no mapping for "Artistic-dist" for pkg "perl-base"
+
+procps
+ no mapping for "LGPL-2.0+" for pkg "procps"
+
+readline-common
+ no mapping for "GFDL-NIV-1.3+" for pkg "readline-common"
+ no mapping for "ISC-no-attribution" for pkg "readline-common"
+
+sed
+ no mapping for "GFDL-NIV-1.3+" for pkg "sed"
+ no mapping for "BSD-4-clause-UC" for pkg "sed"
+ no mapping for "BSL-1" for pkg "sed"
+ no mapping for "pcre" for pkg "sed"
+
+sensible-utils
+ no mapping for "All-permissive" for pkg "sensible-utils"
+ no mapping for "configure" for pkg "sensible-utils"
+ no mapping for "installsh" for pkg "sensible-utils"
+
+sysvinit-utils
+ no mapping for "GPL-3.0" for pkg "sysvinit-utils"
+
+util-linux
+ no mapping for "BSLA" for pkg "util-linux"
+
+util-linux-extra
+ no mapping for "BSLA" for pkg "util-linux-extra"
+
+vim-common
+ no mapping for "OPL-1+" for pkg "vim-common"
+ no mapping for "Apache" for pkg "vim-common"
+ no mapping for "Artistic-1" for pkg "vim-common"
+ no mapping for "Vim-Regexp" for pkg "vim-common"
+ no mapping for "UC" for pkg "vim-common"
+ no mapping for "Compaq" for pkg "vim-common"
+ no mapping for "XPM" for pkg "vim-common"
+ no mapping for "EDL-1" for pkg "vim-common"
+
+vim-tiny
+ no mapping for "OPL-1+" for pkg "vim-tiny"
+ no mapping for "Apache" for pkg "vim-tiny"
+ no mapping for "Artistic-1" for pkg "vim-tiny"
+ no mapping for "Vim-Regexp" for pkg "vim-tiny"
+ no mapping for "UC" for pkg "vim-tiny"
+ no mapping for "Compaq" for pkg "vim-tiny"
+ no mapping for "XPM" for pkg "vim-tiny"
+ no mapping for "EDL-1" for pkg "vim-tiny"
+
diff --git a/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py b/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
index 0d0393b6159a..b05864f64be2 100644
--- a/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
+++ b/elbepack/tests/cyclonedx/test_cyclonedx_sbom.py
@@ -41,17 +41,19 @@ here = pathlib.Path(__file__).parent
def generate_test_bom():
source_dir = here.joinpath('build-simple-example')
mapping_file = here.joinpath('example-mapping.xml')
- with tempfile.NamedTemporaryFile() as output:
+ with tempfile.NamedTemporaryFile() as output, \
+ tempfile.NamedTemporaryFile('r') as errors:
run_elbe_subcommand([
'cyclonedx-sbom', '--output', output.name,
+ '--errors', errors.name,
'-m', mapping_file, '-d', source_dir,
])
output.seek(0)
- return json.load(output)
+ return json.load(output), errors.read()
def test_schema():
- test_bom = generate_test_bom()
+ test_bom, _ = generate_test_bom()
with here.joinpath('bom-1.6.schema.json').open() as f:
bom_schema = json.load(f)
with here.joinpath('spdx.schema.json').open() as f:
@@ -63,10 +65,14 @@ def test_schema():
def test_reference_data():
- test_bom = generate_test_bom()
+ test_bom, error_report = generate_test_bom()
test_bom['metadata']['timestamp'] = '0001-01-01T00:00:00+00:00'
test_bom['serialNumber'] = uuid.UUID(int=0).urn
test_bom['metadata']['tools'][0]['version'] = 'INVALID'
with here.joinpath('cyclonedx_reference.json').open() as f:
reference_data = json.load(f)
+
assert test_bom == reference_data
+
+ reference_errors = here.joinpath('cyclonedx_reference.json.errors').read_text()
+ assert error_report == reference_errors
--
2.46.0
More information about the elbe-devel
mailing list