FOSSology: Difference between revisions

From OSSelot
Jump to navigation Jump to search
No edit summary
(Add License-Ref patch)
Line 3: Line 3:
==Manual addition of [[Scancode]]==
==Manual addition of [[Scancode]]==
In addition to the default installation, the [[Scancode]] Open Source scan tool should be installed, and an interface from the FOSSology instance to it should be configured. The rationale behind the recommendation to use a certain variety of scanners is that each scanner has its own strengths and weaknesses and by combining the individual scan findings, the overall result can be optimized.
In addition to the default installation, the [[Scancode]] Open Source scan tool should be installed, and an interface from the FOSSology instance to it should be configured. The rationale behind the recommendation to use a certain variety of scanners is that each scanner has its own strengths and weaknesses and by combining the individual scan findings, the overall result can be optimized.
== Customization ==
In the SPDX standard, licenses are denoted by a short identifier (e.g. GPL-2.0-only or LicenseRef-MIT-customized). Licenses that are not listed in the [https://spdx.org/licenses SPDX License List] are prefixed by "LicenseRef-", and in the section "License information" of the SPDX tag:value file, the full license text is given. Licenses with standard texts according to the [https://spdx.org/licenses SPDX License List] do not carry the "LicenseRef-" prefix, and their license text is not given in the tag:value file. For the <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> project however, the SPDX tag:value file is intended to be self-consistent, i.e. for every short license identifier the corresponding full license text must be given. In order to achieve this while ensuring the SPDX file can be valid, we have patched our Fossology installation to add the "LicenseRef-" prefix to all license identifiers. In our Fossology installation, the patch directory is /usr/local/share/fossology/patches and the patch list-all-license-texts-in-spdxtv-export.patch looks as follows:<syntaxhighlight lang="diff">
Index: fossology/spdx2/agent/template/spdx2-document.xml.twig
===================================================================
--- fossology.orig/spdx2/agent/template/spdx2-document.xml.twig
+++ fossology/spdx2/agent/template/spdx2-document.xml.twig
@@ -21,7 +21,7 @@
  <rdfs:comment>
    This document was created using license information and a generator from Fossology.
  </rdfs:comment>
-  {% for licenseId,licenseData in licenseTexts %}{% if licenseId starts with 'LicenseRef-' %}
+  {% for licenseId,licenseData in licenseTexts %}
  <spdx:hasExtractedLicensingInfo>
{% if licenseId starts with 'LicenseRef-' %}
    <spdx:ExtractedLicensingInfo rdf:about="{{ uri }}#{{ licenseId|replace({' ': '-'})|url_encode }}">
@@ -36,7 +36,7 @@
      ]]></spdx:extractedText>
    </spdx:ExtractedLicensingInfo>
  </spdx:hasExtractedLicensingInfo>
-{% endif %}{% endfor %}
+{% endfor %}
  {{ packageNodes|replace({'\n':'\n  '}) }}
</spdx:SpdxDocument>
</rdf:RDF>
Index: fossology/spdx2/agent/template/spdx2tv-document.twig
===================================================================
--- fossology.orig/spdx2/agent/template/spdx2tv-document.twig
+++ fossology/spdx2/agent/template/spdx2tv-document.twig
@@ -40,10 +40,10 @@ LicenseListVersion: 2.6
## License Information
##-------------------------
-{% for licenseId,licenseData in licenseTexts %}{% if licenseId starts with 'LicenseRef-' %}
+{% for licenseId,licenseData in licenseTexts %}
LicenseID: {{ licenseId|replace({' ': '-'}) }}
LicenseName: {{ licenseData['name'] }}
ExtractedText: <text> {{ licenseData['text']|replace({'<text>':'&lt;text&gt;','</text>':'&lt;/text&gt;'})
                                            |replace({'\f':''}) }} </text>
-{% endif %}{% endfor %}
+{% endfor %}
</syntaxhighlight>
==Community server==
==Community server==
The reference community FOSSology server <i>[https://fossy.osadl.org Fossy]</i> is available on the Internet and internally used for primary curation and review; however, it is not publicly available. Future contributors may be granted login to the <i>Fossy</i> server after they successfully underwent <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> curators' training.
The reference community FOSSology server <i>[https://fossy.osadl.org Fossy]</i> is available on the Internet and internally used for primary curation and review; however, it is not publicly available. Future contributors may be granted login to the <i>Fossy</i> server after they successfully underwent <span style="font-family: OSSelot-Bold; font-weight: 500; color: #1565af;">O</span> curators' training.

Revision as of 09:02, 3 August 2023

Installation

The Fossology software can be downloaded from the project's home page.

Manual addition of Scancode

In addition to the default installation, the Scancode Open Source scan tool should be installed, and an interface from the FOSSology instance to it should be configured. The rationale behind the recommendation to use a certain variety of scanners is that each scanner has its own strengths and weaknesses and by combining the individual scan findings, the overall result can be optimized.

Customization

In the SPDX standard, licenses are denoted by a short identifier (e.g. GPL-2.0-only or LicenseRef-MIT-customized). Licenses that are not listed in the SPDX License List are prefixed by "LicenseRef-", and in the section "License information" of the SPDX tag:value file, the full license text is given. Licenses with standard texts according to the SPDX License List do not carry the "LicenseRef-" prefix, and their license text is not given in the tag:value file. For the O project however, the SPDX tag:value file is intended to be self-consistent, i.e. for every short license identifier the corresponding full license text must be given. In order to achieve this while ensuring the SPDX file can be valid, we have patched our Fossology installation to add the "LicenseRef-" prefix to all license identifiers. In our Fossology installation, the patch directory is /usr/local/share/fossology/patches and the patch list-all-license-texts-in-spdxtv-export.patch looks as follows:

Index: fossology/spdx2/agent/template/spdx2-document.xml.twig
===================================================================
--- fossology.orig/spdx2/agent/template/spdx2-document.xml.twig
+++ fossology/spdx2/agent/template/spdx2-document.xml.twig
@@ -21,7 +21,7 @@
   <rdfs:comment>
     This document was created using license information and a generator from Fossology.
   </rdfs:comment>
-  {% for licenseId,licenseData in licenseTexts %}{% if licenseId starts with 'LicenseRef-' %}
+  {% for licenseId,licenseData in licenseTexts %}
   <spdx:hasExtractedLicensingInfo>
 {% if licenseId starts with 'LicenseRef-' %}
     <spdx:ExtractedLicensingInfo rdf:about="{{ uri }}#{{ licenseId|replace({' ': '-'})|url_encode }}">
@@ -36,7 +36,7 @@
       ]]></spdx:extractedText>
     </spdx:ExtractedLicensingInfo>
   </spdx:hasExtractedLicensingInfo>
-{% endif %}{% endfor %}
+{% endfor %}
   {{ packageNodes|replace({'\n':'\n  '}) }}
 </spdx:SpdxDocument>
 </rdf:RDF>

Index: fossology/spdx2/agent/template/spdx2tv-document.twig
===================================================================
--- fossology.orig/spdx2/agent/template/spdx2tv-document.twig
+++ fossology/spdx2/agent/template/spdx2tv-document.twig
@@ -40,10 +40,10 @@ LicenseListVersion: 2.6
 ## License Information
 ##-------------------------
 
-{% for licenseId,licenseData in licenseTexts %}{% if licenseId starts with 'LicenseRef-' %}
+{% for licenseId,licenseData in licenseTexts %}
 LicenseID: {{ licenseId|replace({' ': '-'}) }}
 LicenseName: {{ licenseData['name'] }}
 ExtractedText: <text> {{ licenseData['text']|replace({'<text>':'&lt;text&gt;','</text>':'&lt;/text&gt;'})
                                             |replace({'\f':''}) }} </text>
 
-{% endif %}{% endfor %}
+{% endfor %}

Community server

The reference community FOSSology server Fossy is available on the Internet and internally used for primary curation and review; however, it is not publicly available. Future contributors may be granted login to the Fossy server after they successfully underwent O curators' training.