v2023.1 SBOM licenses not found for few packages
Background
For every stable release,
- Concluded licenses for each release articrafts are provided by the OSS team (contact OSS team)
- concluded License data to be updated in master yaml file will be used by product teams
Automation of above process requires,
- Parsing SBOM license file
- Extracting the package and binary information (Required fields: pkg name, pkg license,binary name binary license)
- After extracting update the licenses for all the packages and binaries respectively. And the output will be
Prerequisetes: In v2022.5/v2023.1 stable release SBOM file Ex: https://images.apertis.org/release/v2023/v2023.1/armhf/hmi/apertis_v2023-hmi-armhf-uboot_v2023.1.img.licenses.gz
Steps to Reproduce:
In step2 after extracting the required data, we could observe few packages license information is not available i.e. 'NoSourceInfoFound'. ['adduser', ['NoSourceInfoFound'], {'NONE': 'NONE'}] ['adwaita-icon-theme', ['NoSourceInfoFound'], {'NONE': 'NONE'}]
-> attached the file which has all the list of packages whose licenses are not found.
Expected result
Licenses should be available for all the packages in SBOM after parsing with required fields e.g. below is the output which has license data for source packages and it's respective binary data ['libwayland-server0', ['Expat'], {'libwayland-server.so.0.1.0': ['Expat']}] ['libsodium23', ['CC0-1.0', 'BSD-2-clause'], {'libsodium.so.23.3.0': ['CC0-1.0', 'BSD-2-clause']}]
Actual result
Licenses not available for few packages in SBOM e.g: ['adduser', ['NoSourceInfoFound'], {'NONE': 'NONE'}] ['apparmor-profiles', ['NoSourceInfoFound'], {'NONE': 'NONE'}]
Attachments
Please find the file License_v2023.1.txt has the list of licenses for which licenses are not found License_v2023.1.txt
Root cause
TBC
Outcomes
TBD
Management data
This section is for management only, it should be the last one in the description.
/cc @andrunko @em @sagar @sudarshan @wlozano
Phabricator link: https://phabricator.apertis.org/T9898