According to Specification Version 3.0.1
NoneElement should be used if [1]
the SPDX creator desires to assert that there are NO elements for the given
context of use.
NoAssertionElement should be used if [2]
the SPDX creator has attempted to but cannot reach a reasonable objective
determination;
the SPDX creator has made no attempt to determine this field; or
the SPDX creator has intentionally provided no information (no meaning
should be implied by doing so).
If we indicates to look for licenses and didn't find any. It should be
NoAssertionElement other than NoneElement?
If so, I will set it to NoAssertionElement in V2
[1] https://spdx.github.io/spdx-spec/v3.0.1/model/Core/Individuals/NoneElement/
[2]
https://spdx.github.io/spdx-spec/v3.0.1/model/Core/Individuals/NoAssertionElement/
//Hongxu
On Fri, Oct 25, 2024 at 9:25 PM Hongxu Jia <[email protected]> wrote:
>
> If file_licenses is empty, the hasDeclaredLicense relationship from sourcefile
> to NoneElement which makes no sense. Such as
This is intentional, as it indicates that we looked for licenses and
didn't find any. Omitting the relationship means we didn't even look
for any licenses (which can also be done explicitly by making a
relationship to "NoAssertion")
>
> {
> "type": "Relationship",
> ...
> "from":
> "http://spdx.org/spdxdocs/gettext-minimal-native-1fa0d5cb/sourcefile/3323";,
> "relationshipType": "hasDeclaredLicense",
> "to": [
> "NoneElement"
> ]
> },
>
> Create hasDeclaredLicense relationship only if file_licenses is not empty
>
> Signed-off-by: Hongxu Jia <[email protected]>
> ---
> meta/lib/oe/sbom30.py | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
> index f4cc1f49dd..6df5759596 100644
> --- a/meta/lib/oe/sbom30.py
> +++ b/meta/lib/oe/sbom30.py
> @@ -620,11 +620,12 @@ class ObjectSet(oe.spdx30.SHACLObjectSet):
> for extracted_lic in oe.spdx_common.extract_licenses(filepath):
> file_licenses.add(self.new_license_expression(extracted_lic,
> license_data))
>
> - self.new_relationship(
> - [spdx_file],
> - oe.spdx30.RelationshipType.hasDeclaredLicense,
> - file_licenses,
> - )
> + if file_licenses:
> + self.new_relationship(
> + [spdx_file],
> + oe.spdx30.RelationshipType.hasDeclaredLicense,
> + file_licenses,
> + )
> spdx_file.extension.append(OELicenseScannedExtension())
>
> def new_file(self, _id, name, path, *, purposes=[]):
> --
> 2.25.1
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#206470):
https://lists.openembedded.org/g/openembedded-core/message/206470
Mute This Topic: https://lists.openembedded.org/mt/109220134/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
