ci-license-scan does not fail on UNKNOWN
Affected images versions
Not relevant, this bug affects our ci-license-scan pipeline.
Steps to reproduce
Run a new pipeline on the v2024dev2 branch of aom.
scan-licenses should fail with UNKNOWN license error
scan-licenses passes and debian/apertis/copyright reports UNKNOWN licenses.
How often the issue is hit when repeating the test and changing nothing (same device, same image, etc.)?
- often, but not always
Impact of bug
This bug is blocking the rebase since we cannot move packages to target and license scan is reporting UNKNOWN licenses for packages in target.
When license scanner returns UNKNOWN license, it uses Files: * paragraph of debian/copyright and use it as the default license and dumps this data in debian/apertis/copyright.new. It compares the original debian/apertis/copyright and modified copyright debian/apertis/copyrigh.new files. If it differs it returns error.
So when UNKNOWN license is reported, the original and modified files show a diff and the license scan pipeline fails with UNKNOWN license error. This is the behavior in bullseye python-debian version 0.1.39. In bookworm version 0.1.49 the UNKNOWN license is not replaced by the license in debian/copyright. So both the original and modified copyright files are same and the pipelines passes. The issue is caused by commit https://salsa.debian.org/python-debian-team/python-debian/-/commit/e7990d2ab83057a2aaf7851f4250f1072f6fee8c. As a workaround revert it for the license scanner to report correct licenses.
Report this issue to upstream with a reproducible test case.
This section is for management only, it should be the last one in the description.
/cc @andrunko @em @sagar @sudarshan @wlozano
Phabricator link: https://phabricator.apertis.org/T9737