* [OE-core][PATCH 00/31] Add initial SBoM support
@ 2021-09-01 13:44 Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 01/31] classes/package: Add extended packaged data Joshua Watt
` (30 more replies)
0 siblings, 31 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Adds initial support for generating SBoMs in SPDX json format. SBoM
generation can be enabled by adding:
INHERIT += "create-spdx"
to local.conf
Joshua Watt (30):
classes/package: Add extended packaged data
classes/create-spdx: Add class
classes/create-spdx: Change creator
classes/create-spdx: Add SHA1 to index file
classes/create-spdx: Add index to DEPLOYDIR
classes/create-spdx: Add runtime dependency mapping
classes/create-spdx: Add NOASSERTION for unknown debug sources
classes/create-spdx: Fix another creator
Add SPDX licenses
classes/create-spdx: Fix up license reporting
classes/create-spdx: Speed up hash calculations
classes/create-spdx: Fix file:// in downloadLocation
classes/create-spdx: Add special exception for Public Domain license
classes/create-spdx: Collect all task dependencies
classes/create-spdx: Skip package processing for native recipes
classes/create-spdx: Comment out placeholder license warning
conf/licenses: Add FreeType SPDX mapping
tzdata: Remove BSD License specifier
glib-2.0: Use specific BSD license variant
e2fsprogs: Use specific BSD license variant
shadow: Use specific BSD license variant
sudo: Use specific BSD license variant
libcap: Use specific BSD license variant
libpam: Use specific BSD license variant
libxfont2: Use specific BSD license variant
libjitterentropy: Use specific BSD license variant
libx11: Use specific BSD license variant
font-util: Use specific BSD license variant
flac: Use specific BSD license variant
swig: Use specific BSD license variant
Saul Wold (1):
classes/create-spdx: extend DocumentRef to include name
meta/classes/create-spdx.bbclass | 901 +++
meta/classes/package.bbclass | 39 +-
meta/conf/licenses.conf | 1 +
meta/files/spdx-licenses.json | 5938 +++++++++++++++++
meta/lib/oe/packagedata.py | 12 +
meta/lib/oe/sbom.py | 74 +
meta/lib/oe/spdx.py | 271 +
meta/recipes-core/glib-2.0/glib.inc | 2 +-
meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +-
meta/recipes-devtools/swig/swig.inc | 2 +-
meta/recipes-extended/pam/libpam_1.5.1.bb | 2 +-
meta/recipes-extended/shadow/shadow.inc | 2 +-
meta/recipes-extended/sudo/sudo.inc | 2 +-
meta/recipes-extended/timezone/timezone.inc | 2 +-
.../xorg-font/font-util_1.3.2.bb | 2 +-
.../recipes-graphics/xorg-lib/libx11_1.7.2.bb | 2 +-
.../xorg-lib/libxfont2_2.0.5.bb | 2 +-
meta/recipes-multimedia/flac/flac_1.3.3.bb | 2 +-
meta/recipes-support/libcap/libcap_2.51.bb | 2 +-
.../libjitterentropy_3.1.0.bb | 2 +-
20 files changed, 7246 insertions(+), 16 deletions(-)
create mode 100644 meta/classes/create-spdx.bbclass
create mode 100644 meta/files/spdx-licenses.json
create mode 100644 meta/lib/oe/sbom.py
create mode 100644 meta/lib/oe/spdx.py
--
2.32.0
^ permalink raw reply [flat|nested] 34+ messages in thread
* [OE-core][PATCH 01/31] classes/package: Add extended packaged data
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 02/31] classes/create-spdx: Add class Joshua Watt
` (29 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Adds extended package data which is encoded as JSON which allows it to
encode more structure than the "flat" package data files. The extended
data might be much larger than the standard package data, so it is not
read by default and instead requires
oe.packagedata.read_subpkgdata_extended() to be called
Currently, the file sizes and ELF debug sources are saved off into the
extended package data
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/package.bbclass | 39 +++++++++++++++++++++++++++++++++---
meta/lib/oe/packagedata.py | 12 +++++++++++
2 files changed, 48 insertions(+), 3 deletions(-)
diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index c4c5515d5d..89cf42f91e 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1224,6 +1224,14 @@ python split_and_strip_files () {
# Modified the file so clear the cache
cpath.updatecache(file)
+ def strip_pkgd_prefix(f):
+ nonlocal dvar
+
+ if f.startswith(dvar):
+ return f[len(dvar):]
+
+ return f
+
#
# First lets process debug splitting
#
@@ -1237,6 +1245,8 @@ python split_and_strip_files () {
for file in staticlibs:
results.append( (file,source_info(file, d)) )
+ d.setVar("PKGDEBUGSOURCES", {strip_pkgd_prefix(f): sorted(s) for f, s in results})
+
sources = set()
for r in results:
sources.update(r[1])
@@ -1549,6 +1559,7 @@ PKGDATA_VARS = "PN PE PV PR PKGE PKGV PKGR LICENSE DESCRIPTION SUMMARY RDEPENDS
python emit_pkgdata() {
from glob import glob
import json
+ import bb.compress.zstd
def process_postinst_on_target(pkg, mlprefix):
pkgval = d.getVar('PKG:%s' % pkg)
@@ -1621,6 +1632,8 @@ fi
with open(data_file, 'w') as fd:
fd.write("PACKAGES: %s\n" % packages)
+ pkgdebugsource = d.getVar("PKGDEBUGSOURCES") or []
+
pn = d.getVar('PN')
global_variants = (d.getVar('MULTILIB_GLOBAL_VARIANTS') or "").split()
variants = (d.getVar('MULTILIB_VARIANTS') or "").split()
@@ -1640,17 +1653,32 @@ fi
pkgval = pkg
d.setVar('PKG:%s' % pkg, pkg)
+ extended_data = {
+ "files_info": {}
+ }
+
pkgdestpkg = os.path.join(pkgdest, pkg)
files = {}
+ files_extra = {}
total_size = 0
seen = set()
for f in pkgfiles[pkg]:
- relpth = os.path.relpath(f, pkgdestpkg)
+ fpath = os.sep + os.path.relpath(f, pkgdestpkg)
+
fstat = os.lstat(f)
- files[os.sep + relpth] = fstat.st_size
+ files[fpath] = fstat.st_size
+
+ extended_data["files_info"].setdefault(fpath, {})
+ extended_data["files_info"][fpath]['size'] = fstat.st_size
+
if fstat.st_ino not in seen:
seen.add(fstat.st_ino)
total_size += fstat.st_size
+
+ if fpath in pkgdebugsource:
+ extended_data["files_info"][fpath]['debugsrc'] = pkgdebugsource[fpath]
+ del pkgdebugsource[fpath]
+
d.setVar('FILES_INFO:' + pkg , json.dumps(files, sort_keys=True))
process_postinst_on_target(pkg, d.getVar("MLPREFIX"))
@@ -1671,6 +1699,11 @@ fi
sf.write('%s:%s: %d\n' % ('PKGSIZE', pkg, total_size))
+ subdata_extended_file = pkgdatadir + "/extended/%s.json.zstd" % pkg
+ num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+ with bb.compress.zstd.open(subdata_extended_file, "wt", encoding="utf-8", num_threads=num_threads) as f:
+ json.dump(extended_data, f, sort_keys=True, separators=(",", ":"))
+
# Symlinks needed for rprovides lookup
rprov = d.getVar('RPROVIDES:%s' % pkg) or d.getVar('RPROVIDES')
if rprov:
@@ -1701,7 +1734,7 @@ fi
write_extra_runtime_pkgs(global_variants, packages, pkgdatadir)
}
-emit_pkgdata[dirs] = "${PKGDESTWORK}/runtime ${PKGDESTWORK}/runtime-reverse ${PKGDESTWORK}/runtime-rprovides"
+emit_pkgdata[dirs] = "${PKGDESTWORK}/runtime ${PKGDESTWORK}/runtime-reverse ${PKGDESTWORK}/runtime-rprovides ${PKGDESTWORK}/extended"
ldconfig_postinst_fragment() {
if [ x"$D" = "x" ]; then
diff --git a/meta/lib/oe/packagedata.py b/meta/lib/oe/packagedata.py
index 0b17897e40..02c81e5a52 100644
--- a/meta/lib/oe/packagedata.py
+++ b/meta/lib/oe/packagedata.py
@@ -57,6 +57,18 @@ def read_subpkgdata_dict(pkg, d):
ret[newvar] = subd[var]
return ret
+def read_subpkgdata_extended(pkg, d):
+ import json
+ import bb.compress.zstd
+
+ fn = d.expand("${PKGDATA_DIR}/extended/%s.json.zstd" % pkg)
+ try:
+ num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+ with bb.compress.zstd.open(fn, "rt", encoding="utf-8", num_threads=num_threads) as f:
+ return json.load(f)
+ except FileNotFoundError:
+ return None
+
def _pkgmap(d):
"""Return a dictionary mapping package to recipe name."""
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 02/31] classes/create-spdx: Add class
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 01/31] classes/package: Add extended packaged data Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 03/31] classes/create-spdx: Change creator Joshua Watt
` (28 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Adds a class as a first attempt to create SPDX SBoM documents during the
build. This initial work was influenced by [meta-doubleopen][1],
although almost completely rewritten.
[1]: https://github.com/doubleopen-project/meta-doubleopen
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 679 +++++++++++++++++++++++++++++++
meta/lib/oe/sbom.py | 63 +++
meta/lib/oe/spdx.py | 263 ++++++++++++
3 files changed, 1005 insertions(+)
create mode 100644 meta/classes/create-spdx.bbclass
create mode 100644 meta/lib/oe/sbom.py
create mode 100644 meta/lib/oe/spdx.py
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
new file mode 100644
index 0000000000..35fb4421d0
--- /dev/null
+++ b/meta/classes/create-spdx.bbclass
@@ -0,0 +1,679 @@
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${MACHINE}"
+
+# The product name that the CVE database uses. Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
+
+SPDXDIR ??= "${WORKDIR}/spdx"
+SPDXDEPLOY = "${SPDXDIR}/deploy"
+SPDXWORK = "${SPDXDIR}/work"
+
+SPDX_INCLUDE_SOURCES ??= "0"
+SPDX_INCLUDE_PACKAGED ??= "0"
+SPDX_ARCHIVE_SOURCES ??= "0"
+SPDX_ARCHIVE_PACKAGED ??= "0"
+
+SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
+SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+
+do_image_complete[depends] = "virtual/kernel:do_create_spdx"
+
+def get_doc_namespace(d, doc):
+ import uuid
+ namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
+ return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
+
+
+def is_work_shared(d):
+ pn = d.getVar('PN')
+ return bb.data.inherits_class('kernel', d) or pn.startswith('gcc-source')
+
+
+def convert_license_to_spdx(lic, d):
+ def convert(l):
+ if l == "&":
+ return "AND"
+
+ if l == "|":
+ return "OR"
+
+ spdx = d.getVarFlag('SPDXLICENSEMAP', l)
+ if spdx is not None:
+ return spdx
+
+ return l
+
+ return ' '.join(convert(l) for l in lic.split())
+
+
+def process_sources(d):
+ pn = d.getVar('PN')
+ assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
+ if pn in assume_provided:
+ for p in d.getVar("PROVIDES").split():
+ if p != pn:
+ pn = p
+ break
+
+ # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
+ # so avoid archiving source here.
+ if pn.startswith('glibc-locale'):
+ return False
+ if d.getVar('PN') == "libtool-cross":
+ return False
+ if d.getVar('PN') == "libgcc-initial":
+ return False
+ if d.getVar('PN') == "shadow-sysroot":
+ return False
+
+ # We just archive gcc-source for all the gcc related recipes
+ if d.getVar('BPN') in ['gcc', 'libgcc']:
+ bb.debug(1, 'spdx: There is bug in scan of %s is, do nothing' % pn)
+ return False
+
+ return True
+
+
+def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archive=None, ignore_dirs=[], ignore_top_level_dirs=[]):
+ from pathlib import Path
+ import oe.spdx
+ import hashlib
+
+ source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
+
+ sha1s = []
+ spdx_files = []
+
+ file_counter = 1
+ for subdir, dirs, files in os.walk(topdir):
+ dirs[:] = [d for d in dirs if d not in ignore_dirs]
+ if subdir == str(topdir):
+ dirs[:] = [d for d in dirs if d not in ignore_top_level_dirs]
+
+ for file in files:
+ filepath = Path(subdir) / file
+ filename = str(filepath.relative_to(topdir))
+
+ if filepath.is_file() and not filepath.is_symlink():
+ spdx_file = oe.spdx.SPDXFile()
+ spdx_file.SPDXID = get_spdxid(file_counter)
+ for t in get_types(filepath):
+ spdx_file.fileTypes.append(t)
+ spdx_file.fileName = filename
+
+ hashes = {
+ "SHA1": hashlib.sha1(),
+ "SHA256": hashlib.sha256(),
+ }
+
+ with filepath.open("rb") as f:
+ while True:
+ chunk = f.read(4096)
+ if not chunk:
+ break
+
+ for h in hashes.values():
+ h.update(chunk)
+
+ if archive is not None:
+ f.seek(0)
+ info = archive.gettarinfo(fileobj=f)
+ info.name = filename
+ info.uid = 0
+ info.gid = 0
+ info.uname = "root"
+ info.gname = "root"
+
+ if source_date_epoch is not None and info.mtime > int(source_date_epoch):
+ info.mtime = int(source_date_epoch)
+
+ archive.addfile(info, f)
+
+ for k, v in hashes.items():
+ spdx_file.checksums.append(oe.spdx.SPDXChecksum(
+ algorithm=k,
+ checksumValue=v.hexdigest(),
+ ))
+
+ sha1s.append(hashes["SHA1"].hexdigest())
+
+ doc.files.append(spdx_file)
+ doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
+ spdx_pkg.hasFiles.append(spdx_file.SPDXID)
+
+ spdx_files.append(spdx_file)
+
+ file_counter += 1
+
+ sha1s.sort()
+ verifier = hashlib.sha1()
+ for v in sha1s:
+ verifier.update(v.encode("utf-8"))
+ spdx_pkg.packageVerificationCode.packageVerificationCodeValue = verifier.hexdigest()
+
+ return spdx_files
+
+
+def add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources):
+ from pathlib import Path
+ import hashlib
+ import oe.packagedata
+ import oe.spdx
+
+ debug_search_paths = [
+ Path(d.getVar('PKGD')),
+ Path(d.getVar('STAGING_DIR_TARGET')),
+ Path(d.getVar('STAGING_DIR_NATIVE')),
+ ]
+
+ pkg_data = oe.packagedata.read_subpkgdata_extended(package, d)
+
+ if pkg_data is None:
+ return
+
+ for file_path, file_data in pkg_data["files_info"].items():
+ if not "debugsrc" in file_data:
+ continue
+
+ for pkg_file in package_files:
+ if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
+ break
+ else:
+ bb.fatal("No package file found for %s" % str(file_path))
+ continue
+
+ for debugsrc in file_data["debugsrc"]:
+ for search in debug_search_paths:
+ debugsrc_path = search / debugsrc.lstrip("/")
+ if not debugsrc_path.exists():
+ continue
+
+ with debugsrc_path.open("rb") as f:
+ sha = hashlib.sha256()
+ while True:
+ chunk = f.read(4096)
+ if not chunk:
+ break
+ sha.update(chunk)
+
+ file_sha256 = sha.hexdigest()
+
+ if not file_sha256 in sources:
+ bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
+ continue
+
+ source_file = sources[file_sha256]
+
+ doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
+ if doc_ref is None:
+ doc_ref = oe.spdx.SPDXExternalDocumentRef()
+ doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
+ doc_ref.spdxDocument = source_file.doc.documentNamespace
+ doc_ref.checksum.algorithm = "SHA1"
+ doc_ref.checksum.checksumValue = source_file.doc_sha1
+ package_doc.externalDocumentRefs.append(doc_ref)
+
+ package_doc.add_relationship(
+ pkg_file,
+ "GENERATED_FROM",
+ "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID),
+ comment=debugsrc
+ )
+ break
+ else:
+ bb.debug(1, "Debug source %s not found" % debugsrc)
+
+
+def collect_dep_recipes(d, doc, spdx_recipe):
+ from pathlib import Path
+ import oe.sbom
+ import oe.spdx
+
+ deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+
+ dep_recipes = []
+ taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+ deps = sorted(set(
+ dep[0] for dep in taskdepdata.values() if
+ dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
+ ))
+ for dep_pn in deps:
+ dep_recipe_path = deploy_dir_spdx / "recipes" / ("recipe-%s.spdx.json" % dep_pn)
+
+ spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
+
+ for pkg in spdx_dep_doc.packages:
+ if pkg.name == dep_pn:
+ spdx_dep_recipe = pkg
+ break
+ else:
+ continue
+
+ dep_recipes.append(oe.sbom.DepRecipe(spdx_dep_doc, spdx_dep_sha1, spdx_dep_recipe))
+
+ dep_recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+ dep_recipe_ref.externalDocumentId = "DocumentRef-dependency-" + spdx_dep_doc.name
+ dep_recipe_ref.spdxDocument = spdx_dep_doc.documentNamespace
+ dep_recipe_ref.checksum.algorithm = "SHA1"
+ dep_recipe_ref.checksum.checksumValue = spdx_dep_sha1
+
+ doc.externalDocumentRefs.append(dep_recipe_ref)
+
+ doc.add_relationship(
+ "%s:%s" % (dep_recipe_ref.externalDocumentId, spdx_dep_recipe.SPDXID),
+ "BUILD_DEPENDENCY_OF",
+ spdx_recipe
+ )
+
+ return dep_recipes
+
+collect_dep_recipes[vardepsexclude] += "BB_TASKDEPDATA"
+
+
+def collect_dep_sources(d, dep_recipes):
+ import oe.sbom
+
+ sources = {}
+ for dep in dep_recipes:
+ recipe_files = set(dep.recipe.hasFiles)
+
+ for spdx_file in dep.doc.files:
+ if spdx_file.SPDXID not in recipe_files:
+ continue
+
+ if "SOURCE" in spdx_file.fileTypes:
+ for checksum in spdx_file.checksums:
+ if checksum.algorithm == "SHA256":
+ sources[checksum.checksumValue] = oe.sbom.DepSource(dep.doc, dep.doc_sha1, dep.recipe, spdx_file)
+ break
+
+ return sources
+
+
+python do_create_spdx() {
+ from datetime import datetime, timezone
+ import oe.sbom
+ import oe.spdx
+ import uuid
+ from pathlib import Path
+ from contextlib import contextmanager
+ import oe.cve_check
+
+ @contextmanager
+ def optional_tarfile(name, guard, mode="w"):
+ import tarfile
+ import bb.compress.zstd
+
+ num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+
+ if guard:
+ name.parent.mkdir(parents=True, exist_ok=True)
+ with bb.compress.zstd.open(name, mode=mode + "b", num_threads=num_threads) as f:
+ with tarfile.open(fileobj=f, mode=mode + "|") as tf:
+ yield tf
+ else:
+ yield None
+
+ bb.build.exec_func("read_subpackage_metadata", d)
+
+ deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+ spdx_workdir = Path(d.getVar("SPDXWORK"))
+ include_packaged = d.getVar("SPDX_INCLUDE_PACKAGED") == "1"
+ include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
+ archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
+ archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
+
+ creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+ doc = oe.spdx.SPDXDocument()
+
+ doc.name = "recipe-" + d.getVar("PN")
+ doc.documentNamespace = get_doc_namespace(d, doc)
+ doc.creationInfo.created = creation_time
+ doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
+ doc.creationInfo.creators.append("Tool: meta-doubleopen")
+ doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ doc.creationInfo.creators.append("Person: N/A ()")
+
+ recipe = oe.spdx.SPDXPackage()
+ recipe.name = d.getVar("PN")
+ recipe.versionInfo = d.getVar("PV")
+ recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
+
+ src_uri = d.getVar('SRC_URI')
+ if src_uri:
+ recipe.downloadLocation = src_uri.split()[0]
+
+ homepage = d.getVar("HOMEPAGE")
+ if homepage:
+ recipe.homepage = homepage
+
+ license = d.getVar("LICENSE")
+ if license:
+ recipe.licenseDeclared = convert_license_to_spdx(license, d)
+
+ summary = d.getVar("SUMMARY")
+ if summary:
+ recipe.summary = summary
+
+ description = d.getVar("DESCRIPTION")
+ if description:
+ recipe.description = description
+
+ # Some CVEs may be patched during the build process without incrementing the version number,
+ # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
+ # save the CVEs fixed by patches to source information field in the SPDX.
+ patched_cves = oe.cve_check.get_patched_cves(d)
+ patched_cves = list(patched_cves)
+ patched_cves = ' '.join(patched_cves)
+ if patched_cves:
+ recipe.sourceInfo = "CVEs fixed: " + patched_cves
+
+ cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION"))
+ if cpe_ids:
+ for cpe_id in cpe_ids:
+ cpe = oe.spdx.SPDXExternalReference()
+ cpe.referenceCategory = "SECURITY"
+ cpe.referenceType = "http://spdx.org/rdf/references/cpe23Type"
+ cpe.referenceLocator = cpe_id
+ recipe.externalRefs.append(cpe)
+
+ doc.packages.append(recipe)
+ doc.add_relationship(doc, "DESCRIBES", recipe)
+
+ if process_sources(d) and include_sources:
+ recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
+ with optional_tarfile(recipe_archive, archive_sources) as archive:
+ spdx_get_src(d)
+
+ add_package_files(
+ d,
+ doc,
+ recipe,
+ spdx_workdir,
+ lambda file_counter: "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), file_counter),
+ lambda filepath: ["SOURCE"],
+ ignore_dirs=[".git"],
+ ignore_top_level_dirs=["temp"],
+ archive=archive,
+ )
+
+ if archive is not None:
+ recipe.packageFileName = str(recipe_archive.name)
+
+ dep_recipes = collect_dep_recipes(d, doc, recipe)
+
+ doc_sha1 = oe.sbom.write_doc(d, doc, "recipes")
+ dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
+
+ sources = collect_dep_sources(d, dep_recipes)
+
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ if not oe.packagedata.packaged(package, d):
+ continue
+
+ package_doc = oe.spdx.SPDXDocument()
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ package_doc.name = pkg_name
+ package_doc.documentNamespace = get_doc_namespace(d, package_doc)
+ package_doc.creationInfo.created = creation_time
+ package_doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
+ package_doc.creationInfo.creators.append("Tool: meta-doubleopen")
+ package_doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ package_doc.creationInfo.creators.append("Person: N/A ()")
+
+ recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+ recipe_ref.externalDocumentId = "DocumentRef-recipe"
+ recipe_ref.spdxDocument = doc.documentNamespace
+ recipe_ref.checksum.algorithm = "SHA1"
+ recipe_ref.checksum.checksumValue = doc_sha1
+
+ package_doc.externalDocumentRefs.append(recipe_ref)
+
+ package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+
+ spdx_package = oe.spdx.SPDXPackage()
+
+ spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
+ spdx_package.name = pkg_name
+ spdx_package.versionInfo = d.getVar("PV")
+ spdx_package.licenseDeclared = convert_license_to_spdx(package_license, d)
+
+ package_doc.packages.append(spdx_package)
+
+ package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
+ package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+
+ package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
+ with optional_tarfile(package_archive, archive_packaged) as archive:
+ package_files = add_package_files(
+ d,
+ package_doc,
+ spdx_package,
+ pkgdest / package,
+ lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
+ lambda filepath: ["BINARY"],
+ archive=archive,
+ )
+
+ if archive is not None:
+ spdx_package.packageFileName = str(package_archive.name)
+
+ add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
+
+ oe.sbom.write_doc(d, package_doc, "packages")
+}
+# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
+addtask do_create_spdx after do_package do_packagedata do_unpack before do_build do_rm_work
+
+SSTATETASKS += "do_create_spdx"
+do_create_spdx[sstate-inputdirs] = "${SPDXDEPLOY}"
+do_create_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
+
+python do_create_spdx_setscene () {
+ sstate_setscene(d)
+}
+addtask do_create_spdx_setscene
+
+do_create_spdx[dirs] = "${SPDXDEPLOY} ${SPDXWORK}"
+do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
+do_create_spdx[depends] += "${PATCHDEPENDENCY}"
+do_create_spdx[deptask] = "do_create_spdx"
+
+def spdx_get_src(d):
+ """
+ save patched source of the recipe in SPDX_WORKDIR.
+ """
+ import shutil
+ spdx_workdir = d.getVar('SPDXWORK')
+ spdx_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
+ pn = d.getVar('PN')
+
+ workdir = d.getVar("WORKDIR")
+
+ try:
+ # The kernel class functions require it to be on work-shared, so we dont change WORKDIR
+ if not is_work_shared(d):
+ # Change the WORKDIR to make do_unpack do_patch run in another dir.
+ d.setVar('WORKDIR', spdx_workdir)
+ # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
+ d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
+
+ # The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
+ # possibly requiring of the following tasks (such as some recipes's
+ # do_patch required 'B' existed).
+ bb.utils.mkdirhier(d.getVar('B'))
+
+ bb.build.exec_func('do_unpack', d)
+ # Copy source of kernel to spdx_workdir
+ if is_work_shared(d):
+ d.setVar('WORKDIR', spdx_workdir)
+ d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
+ src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
+ bb.utils.mkdirhier(src_dir)
+ if bb.data.inherits_class('kernel',d):
+ share_src = d.getVar('STAGING_KERNEL_DIR')
+ cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
+ cmd_copy_kernel_result = os.popen(cmd_copy_share).read()
+ bb.note("cmd_copy_kernel_result = " + cmd_copy_kernel_result)
+
+ git_path = src_dir + "/.git"
+ if os.path.exists(git_path):
+ shutils.rmtree(git_path)
+
+ # Make sure gcc and kernel sources are patched only once
+ if not (d.getVar('SRC_URI') == "" or is_work_shared(d)):
+ bb.build.exec_func('do_patch', d)
+
+ # Some userland has no source.
+ if not os.path.exists( spdx_workdir ):
+ bb.utils.mkdirhier(spdx_workdir)
+ finally:
+ d.setVar("WORKDIR", workdir)
+
+do_rootfs[recrdeptask] += "do_create_spdx"
+
+ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
+python image_combine_spdx() {
+ import os
+ import oe.spdx
+ import oe.sbom
+ import io
+ import json
+ from oe.rootfs import image_list_installed_packages
+ from datetime import timezone, datetime
+ from pathlib import Path
+ import tarfile
+ import bb.compress.zstd
+
+ creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+ image_name = d.getVar("IMAGE_NAME")
+ image_link_name = d.getVar("IMAGE_LINK_NAME")
+
+ deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+ imgdeploydir = Path(d.getVar("IMGDEPLOYDIR"))
+ source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
+
+ doc = oe.spdx.SPDXDocument()
+ doc.name = image_name
+ doc.documentNamespace = get_doc_namespace(d, doc)
+ doc.creationInfo.created = creation_time
+ doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
+ doc.creationInfo.creators.append("Tool: meta-doubleopen")
+ doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ doc.creationInfo.creators.append("Person: N/A ()")
+
+ image = oe.spdx.SPDXPackage()
+ image.name = d.getVar("PN")
+ image.versionInfo = d.getVar("PV")
+ image.SPDXID = oe.sbom.get_image_spdxid(image_name)
+
+ doc.packages.append(image)
+
+ spdx_package = oe.spdx.SPDXPackage()
+
+ packages = image_list_installed_packages(d)
+
+ for name in sorted(packages.keys()):
+ pkg_spdx_path = deploy_dir_spdx / "packages" / (name + ".spdx.json")
+ pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+
+ for p in pkg_doc.packages:
+ if p.name == name:
+ pkg_ref = oe.spdx.SPDXExternalDocumentRef()
+ pkg_ref.externalDocumentId = "DocumentRef-%s" % pkg_doc.name
+ pkg_ref.spdxDocument = pkg_doc.documentNamespace
+ pkg_ref.checksum.algorithm = "SHA1"
+ pkg_ref.checksum.checksumValue = pkg_doc_sha1
+
+ doc.externalDocumentRefs.append(pkg_ref)
+ doc.add_relationship(image, "CONTAINS", "%s:%s" % (pkg_ref.externalDocumentId, p.SPDXID))
+ break
+ else:
+ bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path))
+
+ image_spdx_path = imgdeploydir / (image_name + ".spdx.json")
+
+ with image_spdx_path.open("wb") as f:
+ doc.to_json(f, sort_keys=True)
+
+ image_spdx_link = imgdeploydir / (image_link_name + ".spdx.json")
+ image_spdx_link.symlink_to(os.path.relpath(image_spdx_path, image_spdx_link.parent))
+
+ num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+
+ visited_docs = set()
+
+ index = {"documents": []}
+
+ spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
+ with bb.compress.zstd.open(spdx_tar_path, "w", num_threads=num_threads) as f:
+ with tarfile.open(fileobj=f, mode="w|") as tar:
+ def collect_spdx_document(path):
+ nonlocal tar
+ nonlocal deploy_dir_spdx
+ nonlocal source_date_epoch
+ nonlocal index
+
+ if path in visited_docs:
+ return
+
+ visited_docs.add(path)
+
+ with path.open("rb") as f:
+ doc = oe.spdx.SPDXDocument.from_json(f)
+ f.seek(0)
+
+ if doc.documentNamespace in visited_docs:
+ return
+
+ bb.note("Adding SPDX document %s" % path)
+ visited_docs.add(doc.documentNamespace)
+ info = tar.gettarinfo(fileobj=f)
+
+ info.name = doc.name + ".spdx.json"
+ info.uid = 0
+ info.gid = 0
+ info.uname = "root"
+ info.gname = "root"
+
+ if source_date_epoch is not None and info.mtime > int(source_date_epoch):
+ info.mtime = int(source_date_epoch)
+
+ tar.addfile(info, f)
+
+ index["documents"].append({
+ "filename": info.name,
+ "documentNamespace": doc.documentNamespace,
+ })
+
+ for ref in doc.externalDocumentRefs:
+ ref_path = deploy_dir_spdx / "by-namespace" / ref.spdxDocument.replace("/", "_")
+ collect_spdx_document(ref_path)
+
+ collect_spdx_document(image_spdx_path)
+
+ index["documents"].sort(key=lambda x: x["filename"])
+
+ index_str = io.BytesIO(json.dumps(index, sort_keys=True).encode("utf-8"))
+
+ info = tarfile.TarInfo()
+ info.name = "index.json"
+ info.size = len(index_str.getvalue())
+ info.uid = 0
+ info.gid = 0
+ info.uname = "root"
+ info.gname = "root"
+
+ tar.addfile(info, fileobj=index_str)
+
+ spdx_tar_link = imgdeploydir / (image_link_name + ".spdx.tar.zst")
+ spdx_tar_link.symlink_to(os.path.relpath(spdx_tar_path, spdx_tar_link.parent))
+}
+
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
new file mode 100644
index 0000000000..d40e5b792f
--- /dev/null
+++ b/meta/lib/oe/sbom.py
@@ -0,0 +1,63 @@
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import collections
+
+DepRecipe = collections.namedtuple("DepRecipe", ("doc", "doc_sha1", "recipe"))
+DepSource = collections.namedtuple("DepSource", ("doc", "doc_sha1", "recipe", "file"))
+
+
+def get_recipe_spdxid(d):
+ return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN"))
+
+
+def get_package_spdxid(pkg):
+ return "SPDXRef-Package-%s" % pkg
+
+
+def get_source_file_spdxid(d, idx):
+ return "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), idx)
+
+
+def get_packaged_file_spdxid(pkg, idx):
+ return "SPDXRef-PackagedFile-%s-%d" % (pkg, idx)
+
+
+def get_image_spdxid(img):
+ return "SPDXRef-Image-%s" % img
+
+
+def write_doc(d, spdx_doc, subdir):
+ from pathlib import Path
+
+ spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
+
+ dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
+ dest.parent.mkdir(exist_ok=True, parents=True)
+ with dest.open("wb") as f:
+ doc_sha1 = spdx_doc.to_json(f, sort_keys=True)
+
+ l = spdx_deploy / "by-namespace" / spdx_doc.documentNamespace.replace("/", "_")
+ l.parent.mkdir(exist_ok=True, parents=True)
+ l.symlink_to(os.path.relpath(dest, l.parent))
+
+ return doc_sha1
+
+
+def read_doc(filename):
+ import hashlib
+ import oe.spdx
+
+ with filename.open("rb") as f:
+ sha1 = hashlib.sha1()
+ while True:
+ chunk = f.read(4096)
+ if not chunk:
+ break
+ sha1.update(chunk)
+
+ f.seek(0)
+ doc = oe.spdx.SPDXDocument.from_json(f)
+
+ return (doc, sha1.hexdigest())
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
new file mode 100644
index 0000000000..3f569c6862
--- /dev/null
+++ b/meta/lib/oe/spdx.py
@@ -0,0 +1,263 @@
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import hashlib
+import itertools
+import json
+
+SPDX_VERSION = "2.2"
+
+
+class _Property(object):
+ def __init__(self, *, default=None):
+ self.default = default
+
+ def setdefault(self, dest, name):
+ if self.default is not None:
+ dest.setdefault(name, self.default)
+
+
+class _String(_Property):
+ def __init__(self, **kwargs):
+ super().__init__(**kwargs)
+
+ def set_property(self, attrs, name):
+ def get_helper(obj):
+ return obj._spdx[name]
+
+ def set_helper(obj, value):
+ obj._spdx[name] = value
+
+ def del_helper(obj):
+ del obj._spdx[name]
+
+ attrs[name] = property(get_helper, set_helper, del_helper)
+
+ def init(self, source):
+ return source
+
+
+class _Object(_Property):
+ def __init__(self, cls, **kwargs):
+ super().__init__(**kwargs)
+ self.cls = cls
+
+ def set_property(self, attrs, name):
+ def get_helper(obj):
+ if not name in obj._spdx:
+ obj._spdx[name] = self.cls()
+ return obj._spdx[name]
+
+ def set_helper(obj, value):
+ obj._spdx[name] = value
+
+ def del_helper(obj):
+ del obj._spdx[name]
+
+ attrs[name] = property(get_helper, set_helper)
+
+ def init(self, source):
+ return self.cls(**source)
+
+
+class _ListProperty(_Property):
+ def __init__(self, prop, **kwargs):
+ super().__init__(**kwargs)
+ self.prop = prop
+
+ def set_property(self, attrs, name):
+ def get_helper(obj):
+ if not name in obj._spdx:
+ obj._spdx[name] = []
+ return obj._spdx[name]
+
+ def del_helper(obj):
+ del obj._spdx[name]
+
+ attrs[name] = property(get_helper, None, del_helper)
+
+ def init(self, source):
+ return [self.prop.init(o) for o in source]
+
+
+class _StringList(_ListProperty):
+ def __init__(self, **kwargs):
+ super().__init__(_String(), **kwargs)
+
+
+class _ObjectList(_ListProperty):
+ def __init__(self, cls, **kwargs):
+ super().__init__(_Object(cls), **kwargs)
+
+
+class MetaSPDXObject(type):
+ def __new__(mcls, name, bases, attrs):
+ attrs["_properties"] = {}
+
+ for key in attrs.keys():
+ if isinstance(attrs[key], _Property):
+ prop = attrs[key]
+ attrs["_properties"][key] = prop
+ prop.set_property(attrs, key)
+
+ return super().__new__(mcls, name, bases, attrs)
+
+
+class SPDXObject(metaclass=MetaSPDXObject):
+ def __init__(self, **d):
+ self._spdx = {}
+
+ for name, prop in self._properties.items():
+ prop.setdefault(self._spdx, name)
+ if name in d:
+ self._spdx[name] = prop.init(d[name])
+
+ def serializer(self):
+ return self._spdx
+
+ def __setattr__(self, name, value):
+ if name in self._properties or name == "_spdx":
+ super().__setattr__(name, value)
+ return
+ raise KeyError("%r is not a valid SPDX property" % name)
+
+
+class SPDXChecksum(SPDXObject):
+ algorithm = _String()
+ checksumValue = _String()
+
+
+class SPDXRelationship(SPDXObject):
+ spdxElementId = _String()
+ relatedSpdxElement = _String()
+ relationshipType = _String()
+ comment = _String()
+
+
+class SPDXExternalReference(SPDXObject):
+ referenceCategory = _String()
+ referenceType = _String()
+ referenceLocator = _String()
+
+
+class SPDXPackageVerificationCode(SPDXObject):
+ packageVerificationCodeValue = _String()
+ packageVerificationCodeExcludedFiles = _StringList()
+
+
+class SPDXPackage(SPDXObject):
+ name = _String()
+ SPDXID = _String()
+ versionInfo = _String()
+ downloadLocation = _String(default="NOASSERTION")
+ packageSupplier = _String(default="NOASSERTION")
+ homepage = _String()
+ licenseConcluded = _String(default="NOASSERTION")
+ licenseDeclared = _String(default="NOASSERTION")
+ summary = _String()
+ description = _String()
+ sourceInfo = _String()
+ copyrightText = _String(default="NOASSERTION")
+ licenseInfoFromFiles = _StringList(default=["NOASSERTION"])
+ externalRefs = _ObjectList(SPDXExternalReference)
+ packageVerificationCode = _Object(SPDXPackageVerificationCode)
+ hasFiles = _StringList()
+ packageFileName = _String()
+
+
+class SPDXFile(SPDXObject):
+ SPDXID = _String()
+ fileName = _String()
+ licenseConcluded = _String(default="NOASSERTION")
+ copyrightText = _String(default="NOASSERTION")
+ licenseInfoInFiles = _StringList(default=["NOASSERTION"])
+ checksums = _ObjectList(SPDXChecksum)
+ fileTypes = _StringList()
+
+
+class SPDXCreationInfo(SPDXObject):
+ created = _String()
+ licenseListVersion = _String()
+ comment = _String()
+ creators = _StringList()
+
+
+class SPDXExternalDocumentRef(SPDXObject):
+ externalDocumentId = _String()
+ spdxDocument = _String()
+ checksum = _Object(SPDXChecksum)
+
+
+class SPDXDocument(SPDXObject):
+ spdxVersion = _String(default="SPDX-" + SPDX_VERSION)
+ dataLicense = _String(default="CC0-1.0")
+ SPDXID = _String(default="SPDXRef-DOCUMENT")
+ name = _String()
+ documentNamespace = _String()
+ creationInfo = _Object(SPDXCreationInfo)
+ packages = _ObjectList(SPDXPackage)
+ files = _ObjectList(SPDXFile)
+ relationships = _ObjectList(SPDXRelationship)
+ externalDocumentRefs = _ObjectList(SPDXExternalDocumentRef)
+
+ def __init__(self, **d):
+ super().__init__(**d)
+
+ def to_json(self, f, *, sort_keys=False, indent=None, separators=None):
+ class Encoder(json.JSONEncoder):
+ def default(self, o):
+ if isinstance(o, SPDXObject):
+ return o.serializer()
+
+ return super().default(o)
+
+ sha1 = hashlib.sha1()
+ for chunk in Encoder(
+ sort_keys=sort_keys,
+ indent=indent,
+ separators=separators,
+ ).iterencode(self):
+ chunk = chunk.encode("utf-8")
+ f.write(chunk)
+ sha1.update(chunk)
+
+ return sha1.hexdigest()
+
+ @classmethod
+ def from_json(cls, f):
+ return cls(**json.load(f))
+
+ def add_relationship(self, _from, relationship, _to, *, comment=None):
+ if isinstance(_from, SPDXObject):
+ from_spdxid = _from.SPDXID
+ else:
+ from_spdxid = _from
+
+ if isinstance(_to, SPDXObject):
+ to_spdxid = _to.SPDXID
+ else:
+ to_spdxid = _to
+
+ r = SPDXRelationship(
+ spdxElementId=from_spdxid,
+ relatedSpdxElement=to_spdxid,
+ relationshipType=relationship,
+ )
+
+ if comment is not None:
+ r.comment = comment
+
+ self.relationships.append(r)
+
+ def find_by_spdxid(self, spdxid):
+ for o in itertools.chain(self.packages, self.files):
+ if o.SPDXID == spdxid:
+ return o
+ return None
+
+ def find_external_document_ref(self, namespace):
+ for r in self.externalDocumentRefs:
+ if r.spdxDocument == namespace:
+ return r
+ return None
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 03/31] classes/create-spdx: Change creator
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 01/31] classes/package: Add extended packaged data Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 02/31] classes/create-spdx: Add class Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 04/31] classes/create-spdx: Add SHA1 to index file Joshua Watt
` (27 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Update the creator name since this no longer lives in meta-doubleopen
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 35fb4421d0..e49d4d7e3c 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -335,9 +335,9 @@ python do_create_spdx() {
doc.name = "recipe-" + d.getVar("PN")
doc.documentNamespace = get_doc_namespace(d, doc)
doc.creationInfo.created = creation_time
- doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
- doc.creationInfo.creators.append("Tool: meta-doubleopen")
- doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
+ doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
doc.creationInfo.creators.append("Person: N/A ()")
recipe = oe.spdx.SPDXPackage()
@@ -423,9 +423,9 @@ python do_create_spdx() {
package_doc.name = pkg_name
package_doc.documentNamespace = get_doc_namespace(d, package_doc)
package_doc.creationInfo.created = creation_time
- package_doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
- package_doc.creationInfo.creators.append("Tool: meta-doubleopen")
- package_doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
+ package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
package_doc.creationInfo.creators.append("Person: N/A ()")
recipe_ref = oe.spdx.SPDXExternalDocumentRef()
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 04/31] classes/create-spdx: Add SHA1 to index file
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (2 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 03/31] classes/create-spdx: Change creator Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 05/31] classes/create-spdx: Add index to DEPLOYDIR Joshua Watt
` (26 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 3 ++-
meta/lib/oe/sbom.py | 16 +++++++++++++---
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index e49d4d7e3c..5adad59065 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -627,7 +627,7 @@ python image_combine_spdx() {
visited_docs.add(path)
with path.open("rb") as f:
- doc = oe.spdx.SPDXDocument.from_json(f)
+ doc, sha1 = oe.sbom.read_doc(f)
f.seek(0)
if doc.documentNamespace in visited_docs:
@@ -651,6 +651,7 @@ python image_combine_spdx() {
index["documents"].append({
"filename": info.name,
"documentNamespace": doc.documentNamespace,
+ "sha1": sha1,
})
for ref in doc.externalDocumentRefs:
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
index d40e5b792f..294feee10b 100644
--- a/meta/lib/oe/sbom.py
+++ b/meta/lib/oe/sbom.py
@@ -45,11 +45,21 @@ def write_doc(d, spdx_doc, subdir):
return doc_sha1
-def read_doc(filename):
+def read_doc(fn):
import hashlib
import oe.spdx
-
- with filename.open("rb") as f:
+ import io
+ import contextlib
+
+ @contextlib.contextmanager
+ def get_file():
+ if isinstance(fn, io.IOBase):
+ yield fn
+ else:
+ with fn.open("rb") as f:
+ yield f
+
+ with get_file() as f:
sha1 = hashlib.sha1()
while True:
chunk = f.read(4096)
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 05/31] classes/create-spdx: Add index to DEPLOYDIR
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (3 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 04/31] classes/create-spdx: Add SHA1 to index file Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 06/31] classes/create-spdx: Add runtime dependency mapping Joshua Watt
` (25 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Add the index to DEPLOYDIR in addition to adding it to the SPDX archive
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 5adad59065..14caae8a50 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -674,7 +674,16 @@ python image_combine_spdx() {
tar.addfile(info, fileobj=index_str)
- spdx_tar_link = imgdeploydir / (image_link_name + ".spdx.tar.zst")
- spdx_tar_link.symlink_to(os.path.relpath(spdx_tar_path, spdx_tar_link.parent))
+ def make_image_link(target_path, suffix):
+ link = imgdeploydir / (image_link_name + suffix)
+ link.symlink_to(os.path.relpath(target_path, link.parent))
+
+ make_image_link(spdx_tar_path, ".spdx.tar.zst")
+
+ spdx_index_path = imgdeploydir / (image_name + ".spdx.index.json")
+ with spdx_index_path.open("w") as f:
+ json.dump(index, f, sort_keys=True)
+
+ make_image_link(spdx_index_path, ".spdx.index.json")
}
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 06/31] classes/create-spdx: Add runtime dependency mapping
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (4 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 05/31] classes/create-spdx: Add index to DEPLOYDIR Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 07/31] classes/create-spdx: Add NOASSERTION for unknown debug sources Joshua Watt
` (24 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 179 ++++++++++++++++++++++++++++++-
meta/lib/oe/sbom.py | 5 +-
2 files changed, 181 insertions(+), 3 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 14caae8a50..28a2e64f52 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -13,6 +13,8 @@ SPDXDIR ??= "${WORKDIR}/spdx"
SPDXDEPLOY = "${SPDXDIR}/deploy"
SPDXWORK = "${SPDXDIR}/work"
+SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
+
SPDX_INCLUDE_SOURCES ??= "0"
SPDX_INCLUDE_PACKAGED ??= "0"
SPDX_ARCHIVE_SOURCES ??= "0"
@@ -486,6 +488,163 @@ do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
do_create_spdx[depends] += "${PATCHDEPENDENCY}"
do_create_spdx[deptask] = "do_create_spdx"
+def collect_package_providers(d):
+ from pathlib import Path
+ import oe.sbom
+ import oe.spdx
+ import json
+
+ deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+
+ providers = {}
+
+ taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+ deps = sorted(set(
+ dep[0] for dep in taskdepdata.values() if
+ dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
+ ))
+ deps.append(d.getVar("PN"))
+
+ for dep_pn in deps:
+ recipe_data = oe.packagedata.read_pkgdata(dep_pn, d)
+
+ for pkg in recipe_data.get("PACKAGES", "").split():
+
+ pkg_data = oe.packagedata.read_subpkgdata_dict(pkg, d)
+ rprovides = set(n for n, _ in bb.utils.explode_dep_versions2(pkg_data.get("RPROVIDES", "")).items())
+ rprovides.add(pkg)
+
+ for r in rprovides:
+ providers[r] = pkg
+
+ return providers
+
+collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
+
+python do_create_runtime_spdx() {
+ from datetime import datetime, timezone
+ import oe.sbom
+ import oe.spdx
+ import oe.packagedata
+ from pathlib import Path
+
+ deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+ spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
+
+ creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+ providers = collect_package_providers(d)
+
+ bb.build.exec_func("read_subpackage_metadata", d)
+
+ dep_package_cache = {}
+
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ localdata = bb.data.createCopy(d)
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ localdata.setVar("PKG", pkg_name)
+ localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
+
+ if not oe.packagedata.packaged(package, localdata):
+ continue
+
+ pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
+
+ package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+
+ for p in package_doc.packages:
+ if p.name == pkg_name:
+ spdx_package = p
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
+
+ runtime_doc = oe.spdx.SPDXDocument()
+ runtime_doc.name = "runtime-" + pkg_name
+ runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
+ runtime_doc.creationInfo.created = creation_time
+ runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
+ runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ runtime_doc.creationInfo.creators.append("Person: N/A ()")
+
+ package_ref = oe.spdx.SPDXExternalDocumentRef()
+ package_ref.externalDocumentId = "DocumentRef-package"
+ package_ref.spdxDocument = package_doc.documentNamespace
+ package_ref.checksum.algorithm = "SHA1"
+ package_ref.checksum.checksumValue = package_doc_sha1
+
+ runtime_doc.externalDocumentRefs.append(package_ref)
+
+ runtime_doc.add_relationship(
+ runtime_doc.SPDXID,
+ "AMENDS",
+ "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
+ )
+
+ deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
+ seen_deps = set()
+ for dep, _ in deps.items():
+ if dep in seen_deps:
+ continue
+
+ dep = providers[dep]
+
+ if not oe.packagedata.packaged(dep, localdata):
+ continue
+
+ dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
+ dep_pkg = dep_pkg_data["PKG"]
+
+ if dep in dep_package_cache:
+ (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
+ else:
+ dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
+
+ spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
+
+ for pkg in spdx_dep_doc.packages:
+ if pkg.name == dep_pkg:
+ dep_spdx_package = pkg
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
+
+ dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
+ dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
+ dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
+ dep_package_ref.checksum.algorithm = "SHA1"
+ dep_package_ref.checksum.checksumValue = spdx_dep_sha1
+
+ dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+
+ runtime_doc.externalDocumentRefs.append(dep_package_ref)
+
+ runtime_doc.add_relationship(
+ "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
+ "RUNTIME_DEPENDENCY_OF",
+ "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
+ )
+ seen_deps.add(dep)
+
+ oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+}
+
+addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
+SSTATETASKS += "do_create_runtime_spdx"
+do_create_runtime_spdx[sstate-inputdirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
+
+python do_create_runtime_spdx_setscene () {
+ sstate_setscene(d)
+}
+addtask do_create_runtime_spdx_setscene
+
+do_create_runtime_spdx[dirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[cleandirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[rdeptask] = "do_create_spdx"
+
def spdx_get_src(d):
"""
save patched source of the recipe in SPDX_WORKDIR.
@@ -537,7 +696,7 @@ def spdx_get_src(d):
finally:
d.setVar("WORKDIR", workdir)
-do_rootfs[recrdeptask] += "do_create_spdx"
+do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
python image_combine_spdx() {
@@ -598,6 +757,24 @@ python image_combine_spdx() {
else:
bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path))
+ runtime_spdx_path = deploy_dir_spdx / "runtime" / ("runtime-" + name + ".spdx.json")
+ runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path)
+
+ runtime_ref = oe.spdx.SPDXExternalDocumentRef()
+ runtime_ref.externalDocumentId = "DocumentRef-%s" % runtime_doc.name
+ runtime_ref.spdxDocument = runtime_doc.documentNamespace
+ runtime_ref.checksum.algorithm = "SHA1"
+ runtime_ref.checksum.checksumValue = runtime_doc_sha1
+
+ # "OTHER" isn't ideal here, but I can't find a relationship that makes sense
+ doc.externalDocumentRefs.append(runtime_ref)
+ doc.add_relationship(
+ image,
+ "OTHER",
+ "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID),
+ comment="Runtime dependencies for %s" % name
+ )
+
image_spdx_path = imgdeploydir / (image_name + ".spdx.json")
with image_spdx_path.open("wb") as f:
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
index 294feee10b..848812c0b7 100644
--- a/meta/lib/oe/sbom.py
+++ b/meta/lib/oe/sbom.py
@@ -28,10 +28,11 @@ def get_image_spdxid(img):
return "SPDXRef-Image-%s" % img
-def write_doc(d, spdx_doc, subdir):
+def write_doc(d, spdx_doc, subdir, spdx_deploy=None):
from pathlib import Path
- spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
+ if spdx_deploy is None:
+ spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
dest.parent.mkdir(exist_ok=True, parents=True)
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 07/31] classes/create-spdx: Add NOASSERTION for unknown debug sources
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (5 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 06/31] classes/create-spdx: Add runtime dependency mapping Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 08/31] classes/create-spdx: Fix another creator Joshua Watt
` (23 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
If a debug source cannot be found, mark it as NOASSERTION so that other
tools at least know we were unable to locate it.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 36 ++++++++++++++------------------
1 file changed, 16 insertions(+), 20 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 28a2e64f52..3f635045a6 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -190,6 +190,7 @@ def add_package_sources_from_debug(d, package_doc, spdx_package, package, packag
continue
for debugsrc in file_data["debugsrc"]:
+ ref_id = "NOASSERTION"
for search in debug_search_paths:
debugsrc_path = search / debugsrc.lstrip("/")
if not debugsrc_path.exists():
@@ -205,31 +206,26 @@ def add_package_sources_from_debug(d, package_doc, spdx_package, package, packag
file_sha256 = sha.hexdigest()
- if not file_sha256 in sources:
- bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
- continue
+ if file_sha256 in sources:
+ source_file = sources[file_sha256]
+
+ doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
+ if doc_ref is None:
+ doc_ref = oe.spdx.SPDXExternalDocumentRef()
+ doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
+ doc_ref.spdxDocument = source_file.doc.documentNamespace
+ doc_ref.checksum.algorithm = "SHA1"
+ doc_ref.checksum.checksumValue = source_file.doc_sha1
+ package_doc.externalDocumentRefs.append(doc_ref)
- source_file = sources[file_sha256]
-
- doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
- if doc_ref is None:
- doc_ref = oe.spdx.SPDXExternalDocumentRef()
- doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
- doc_ref.spdxDocument = source_file.doc.documentNamespace
- doc_ref.checksum.algorithm = "SHA1"
- doc_ref.checksum.checksumValue = source_file.doc_sha1
- package_doc.externalDocumentRefs.append(doc_ref)
-
- package_doc.add_relationship(
- pkg_file,
- "GENERATED_FROM",
- "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID),
- comment=debugsrc
- )
+ ref_id = "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID),
+ else:
+ bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
break
else:
bb.debug(1, "Debug source %s not found" % debugsrc)
+ package_doc.add_relationship(pkg_file, "GENERATED_FROM", ref_id, comment=debugsrc)
def collect_dep_recipes(d, doc, spdx_recipe):
from pathlib import Path
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 08/31] classes/create-spdx: Fix another creator
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (6 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 07/31] classes/create-spdx: Add NOASSERTION for unknown debug sources Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 09/31] classes/create-spdx: extend DocumentRef to include name Joshua Watt
` (22 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Fixes another creator that was missed earlier
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 3f635045a6..aa3e977b02 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -720,8 +720,8 @@ python image_combine_spdx() {
doc.documentNamespace = get_doc_namespace(d, doc)
doc.creationInfo.created = creation_time
doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
- doc.creationInfo.creators.append("Tool: meta-doubleopen")
- doc.creationInfo.creators.append("Organization: Double Open Project ()")
+ doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
doc.creationInfo.creators.append("Person: N/A ()")
image = oe.spdx.SPDXPackage()
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 09/31] classes/create-spdx: extend DocumentRef to include name
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (7 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 08/31] classes/create-spdx: Fix another creator Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 10/31] Add SPDX licenses Joshua Watt
` (21 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
From: Saul Wold <saul.wold@windriver.com>
This will create a more uniq DocumentRef, which will allow
the individual spdx files to be merged into a single SBOM
file reflecting the image. Do the same with the runtime dependencies
also
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index aa3e977b02..72c1385feb 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -427,7 +427,7 @@ python do_create_spdx() {
package_doc.creationInfo.creators.append("Person: N/A ()")
recipe_ref = oe.spdx.SPDXExternalDocumentRef()
- recipe_ref.externalDocumentId = "DocumentRef-recipe"
+ recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
recipe_ref.spdxDocument = doc.documentNamespace
recipe_ref.checksum.algorithm = "SHA1"
recipe_ref.checksum.checksumValue = doc_sha1
@@ -566,7 +566,7 @@ python do_create_runtime_spdx() {
runtime_doc.creationInfo.creators.append("Person: N/A ()")
package_ref = oe.spdx.SPDXExternalDocumentRef()
- package_ref.externalDocumentId = "DocumentRef-package"
+ package_ref.externalDocumentId = "DocumentRef-package-" + package
package_ref.spdxDocument = package_doc.documentNamespace
package_ref.checksum.algorithm = "SHA1"
package_ref.checksum.checksumValue = package_doc_sha1
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 10/31] Add SPDX licenses
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (8 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 09/31] classes/create-spdx: extend DocumentRef to include name Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 11/31] classes/create-spdx: Fix up license reporting Joshua Watt
` (20 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Adds the SPDX license database from https://github.com/spdx/license-list-data
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/files/spdx-licenses.json | 5938 +++++++++++++++++++++++++++++++++
1 file changed, 5938 insertions(+)
create mode 100644 meta/files/spdx-licenses.json
diff --git a/meta/files/spdx-licenses.json b/meta/files/spdx-licenses.json
new file mode 100644
index 0000000000..582c73ca64
--- /dev/null
+++ b/meta/files/spdx-licenses.json
@@ -0,0 +1,5938 @@
+{
+ "licenseListVersion": "7bcf79d",
+ "licenses": [
+ {
+ "reference": "https://spdx.org/licenses/GPL-1.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-1.0.json",
+ "referenceNumber": 0,
+ "name": "GNU General Public License v1.0 only",
+ "licenseId": "GPL-1.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Intel-ACPI.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Intel-ACPI.json",
+ "referenceNumber": 1,
+ "name": "Intel ACPI Software License Agreement",
+ "licenseId": "Intel-ACPI",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/XSkat.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/XSkat.json",
+ "referenceNumber": 2,
+ "name": "XSkat License",
+ "licenseId": "XSkat",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/XSkat_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.json",
+ "referenceNumber": 3,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic",
+ "licenseId": "CC-BY-NC-SA-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/bzip2-1.0.6.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.6.json",
+ "referenceNumber": 4,
+ "name": "bzip2 and libbzip2 License v1.0.6",
+ "licenseId": "bzip2-1.0.6",
+ "seeAlso": [
+ "https://sourceware.org/git/?p\u003dbzip2.git;a\u003dblob;f\u003dLICENSE;hb\u003dbzip2-1.0.6",
+ "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Giftware.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Giftware.json",
+ "referenceNumber": 5,
+ "name": "Giftware License",
+ "licenseId": "Giftware",
+ "seeAlso": [
+ "http://liballeg.org/license.html#allegro-4-the-giftware-license"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Plexus.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Plexus.json",
+ "referenceNumber": 6,
+ "name": "Plexus Classworlds License",
+ "licenseId": "Plexus",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BitTorrent-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.0.json",
+ "referenceNumber": 7,
+ "name": "BitTorrent Open Source License v1.0",
+ "licenseId": "BitTorrent-1.0",
+ "seeAlso": [
+ "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1\u003d1.1\u0026r2\u003d1.1.1.1\u0026diff_format\u003ds"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/APSL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APSL-1.1.json",
+ "referenceNumber": 8,
+ "name": "Apple Public Source License 1.1",
+ "licenseId": "APSL-1.1",
+ "seeAlso": [
+ "http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.json",
+ "referenceNumber": 9,
+ "name": "GNU General Public License v2.0 w/GCC Runtime Library exception",
+ "licenseId": "GPL-2.0-with-GCC-exception",
+ "seeAlso": [
+ "https://gcc.gnu.org/git/?p\u003dgcc.git;a\u003dblob;f\u003dgcc/libgcc1.c;h\u003d762f5143fc6eed57b6797c82710f3538aa52b40b;hb\u003dcb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/UPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/UPL-1.0.json",
+ "referenceNumber": 10,
+ "name": "Universal Permissive License v1.0",
+ "licenseId": "UPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/UPL"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/wxWindows.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/wxWindows.json",
+ "referenceNumber": 11,
+ "name": "wxWindows Library License",
+ "licenseId": "wxWindows",
+ "seeAlso": [
+ "https://opensource.org/licenses/WXwindows"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Caldera.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Caldera.json",
+ "referenceNumber": 12,
+ "name": "Caldera License",
+ "licenseId": "Caldera",
+ "seeAlso": [
+ "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Zend-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Zend-2.0.json",
+ "referenceNumber": 13,
+ "name": "Zend License v2.0",
+ "licenseId": "Zend-2.0",
+ "seeAlso": [
+ "https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CUA-OPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CUA-OPL-1.0.json",
+ "referenceNumber": 14,
+ "name": "CUA Office Public License v1.0",
+ "licenseId": "CUA-OPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/CUA-OPL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/W3C.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/W3C.json",
+ "referenceNumber": 15,
+ "name": "W3C Software Notice and License (2002-12-31)",
+ "licenseId": "W3C",
+ "seeAlso": [
+ "http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.html",
+ "https://opensource.org/licenses/W3C"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/JPNIC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/JPNIC.json",
+ "referenceNumber": 16,
+ "name": "Japan Network Information Center License",
+ "licenseId": "JPNIC",
+ "seeAlso": [
+ "https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SAX-PD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SAX-PD.json",
+ "referenceNumber": 17,
+ "name": "Sax Public Domain Notice",
+ "licenseId": "SAX-PD",
+ "seeAlso": [
+ "http://www.saxproject.org/copying.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.5.json",
+ "referenceNumber": 18,
+ "name": "Creative Commons Attribution No Derivatives 2.5 Generic",
+ "licenseId": "CC-BY-ND-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPLLR.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPLLR.json",
+ "referenceNumber": 19,
+ "name": "Lesser General Public License For Linguistic Resources",
+ "licenseId": "LGPLLR",
+ "seeAlso": [
+ "http://www-igm.univ-mlv.fr/~unitex/lgpllr.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/eGenix.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/eGenix.json",
+ "referenceNumber": 20,
+ "name": "eGenix.com Public License 1.1.0",
+ "licenseId": "eGenix",
+ "seeAlso": [
+ "http://www.egenix.com/products/eGenix.com-Public-License-1.1.0.pdf",
+ "https://fedoraproject.org/wiki/Licensing/eGenix.com_Public_License_1.1.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.2.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.2.json",
+ "referenceNumber": 21,
+ "name": "Open LDAP Public License 2.2.2",
+ "licenseId": "OLDAP-2.2.2",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003ddf2cc1e21eb7c160695f5b7cffd6296c151ba188"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/IPA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/IPA.json",
+ "referenceNumber": 22,
+ "name": "IPA Font License",
+ "licenseId": "IPA",
+ "seeAlso": [
+ "https://opensource.org/licenses/IPA"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.json",
+ "referenceNumber": 23,
+ "name": "Creative Commons Attribution No Derivatives 3.0 Germany",
+ "licenseId": "CC-BY-ND-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NCSA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NCSA.json",
+ "referenceNumber": 24,
+ "name": "University of Illinois/NCSA Open Source License",
+ "licenseId": "NCSA",
+ "seeAlso": [
+ "http://otm.illinois.edu/uiuc_openSource",
+ "https://opensource.org/licenses/NCSA"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/PHP-3.01.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PHP-3.01.json",
+ "referenceNumber": 25,
+ "name": "PHP License v3.01",
+ "licenseId": "PHP-3.01",
+ "seeAlso": [
+ "http://www.php.net/license/3_01.txt"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-PDDC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-PDDC.json",
+ "referenceNumber": 26,
+ "name": "Creative Commons Public Domain Dedication and Certification",
+ "licenseId": "CC-PDDC",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/publicdomain/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Net-SNMP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Net-SNMP.json",
+ "referenceNumber": 27,
+ "name": "Net-SNMP License",
+ "licenseId": "Net-SNMP",
+ "seeAlso": [
+ "http://net-snmp.sourceforge.net/about/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/YPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/YPL-1.0.json",
+ "referenceNumber": 28,
+ "name": "Yahoo! Public License v1.0",
+ "licenseId": "YPL-1.0",
+ "seeAlso": [
+ "http://www.zimbra.com/license/yahoo_public_license_1.0.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Adobe-2006.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Adobe-2006.json",
+ "referenceNumber": 29,
+ "name": "Adobe Systems Incorporated Source Code License Agreement",
+ "licenseId": "Adobe-2006",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/AdobeLicense"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Nunit.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/Nunit.json",
+ "referenceNumber": 30,
+ "name": "Nunit License",
+ "licenseId": "Nunit",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Nunit"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MITNFA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MITNFA.json",
+ "referenceNumber": 31,
+ "name": "MIT +no-false-attribs license",
+ "licenseId": "MITNFA",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MITNFA"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-Source-Code.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-Source-Code.json",
+ "referenceNumber": 32,
+ "name": "BSD Source Code Attribution",
+ "licenseId": "BSD-Source-Code",
+ "seeAlso": [
+ "https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.5.json",
+ "referenceNumber": 33,
+ "name": "Creative Commons Attribution Share Alike 2.5 Generic",
+ "licenseId": "CC-BY-SA-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OPUBL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OPUBL-1.0.json",
+ "referenceNumber": 34,
+ "name": "Open Publication License v1.0",
+ "licenseId": "OPUBL-1.0",
+ "seeAlso": [
+ "http://opencontent.org/openpub/",
+ "https://www.debian.org/opl",
+ "https://www.ctan.org/license/opl"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSL-1.1.json",
+ "referenceNumber": 35,
+ "name": "Open Software License 1.1",
+ "licenseId": "OSL-1.1",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/OSL1.1"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-4.0.json",
+ "referenceNumber": 36,
+ "name": "Creative Commons Attribution Share Alike 4.0 International",
+ "licenseId": "CC-BY-SA-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/4.0/legalcode"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Unicode-TOU.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Unicode-TOU.json",
+ "referenceNumber": 37,
+ "name": "Unicode Terms of Use",
+ "licenseId": "Unicode-TOU",
+ "seeAlso": [
+ "http://www.unicode.org/copyright.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NGPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NGPL.json",
+ "referenceNumber": 38,
+ "name": "Nethack General Public License",
+ "licenseId": "NGPL",
+ "seeAlso": [
+ "https://opensource.org/licenses/NGPL"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.json",
+ "referenceNumber": 39,
+ "name": "BSD 3-Clause No Nuclear License",
+ "licenseId": "BSD-3-Clause-No-Nuclear-License",
+ "seeAlso": [
+ "http://download.oracle.com/otn-pub/java/licenses/bsd.txt?AuthParam\u003d1467140197_43d516ce1776bd08a58235a7785be1cc"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Motosoto.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Motosoto.json",
+ "referenceNumber": 40,
+ "name": "Motosoto License",
+ "licenseId": "Motosoto",
+ "seeAlso": [
+ "https://opensource.org/licenses/Motosoto"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.json",
+ "referenceNumber": 41,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales",
+ "licenseId": "CC-BY-NC-SA-2.0-UK",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/gnuplot.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/gnuplot.json",
+ "referenceNumber": 42,
+ "name": "gnuplot License",
+ "licenseId": "gnuplot",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Gnuplot"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Eurosym.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Eurosym.json",
+ "referenceNumber": 43,
+ "name": "Eurosym License",
+ "licenseId": "Eurosym",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Eurosym"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-2.5-AU.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5-AU.json",
+ "referenceNumber": 44,
+ "name": "Creative Commons Attribution 2.5 Australia",
+ "licenseId": "CC-BY-2.5-AU",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/2.5/au/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/EPICS.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EPICS.json",
+ "referenceNumber": 45,
+ "name": "EPICS Open License",
+ "licenseId": "EPICS",
+ "seeAlso": [
+ "https://epics.anl.gov/license/open.php"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Info-ZIP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Info-ZIP.json",
+ "referenceNumber": 46,
+ "name": "Info-ZIP License",
+ "licenseId": "Info-ZIP",
+ "seeAlso": [
+ "http://www.info-zip.org/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.json",
+ "referenceNumber": 47,
+ "name": "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)",
+ "licenseId": "OLDAP-2.0",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcbf50f4e1185a21abd4c0a54d3f4341fe28f36ea"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.json",
+ "referenceNumber": 48,
+ "name": "BSD 3-Clause No Nuclear Warranty",
+ "licenseId": "BSD-3-Clause-No-Nuclear-Warranty",
+ "seeAlso": [
+ "https://jogamp.org/git/?p\u003dgluegen.git;a\u003dblob_plain;f\u003dLICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CERN-OHL-P-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CERN-OHL-P-2.0.json",
+ "referenceNumber": 49,
+ "name": "CERN Open Hardware Licence Version 2 - Permissive",
+ "licenseId": "CERN-OHL-P-2.0",
+ "seeAlso": [
+ "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/AML.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AML.json",
+ "referenceNumber": 50,
+ "name": "Apple MIT License",
+ "licenseId": "AML",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Apple_MIT_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MulanPSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MulanPSL-1.0.json",
+ "referenceNumber": 51,
+ "name": "Mulan Permissive Software License, Version 1",
+ "licenseId": "MulanPSL-1.0",
+ "seeAlso": [
+ "https://license.coscl.org.cn/MulanPSL/",
+ "https://github.com/yuwenlong/longphp/blob/25dfb70cc2a466dc4bb55ba30901cbce08d164b5/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/VSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/VSL-1.0.json",
+ "referenceNumber": 52,
+ "name": "Vovida Software License v1.0",
+ "licenseId": "VSL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/VSL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NLOD-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NLOD-2.0.json",
+ "referenceNumber": 53,
+ "name": "Norwegian Licence for Open Government Data (NLOD) 2.0",
+ "licenseId": "NLOD-2.0",
+ "seeAlso": [
+ "http://data.norge.no/nlod/en/2.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RSA-MD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RSA-MD.json",
+ "referenceNumber": 54,
+ "name": "RSA Message-Digest License",
+ "licenseId": "RSA-MD",
+ "seeAlso": [
+ "http://www.faqs.org/rfcs/rfc1321.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/O-UDA-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/O-UDA-1.0.json",
+ "referenceNumber": 55,
+ "name": "Open Use of Data Agreement v1.0",
+ "licenseId": "O-UDA-1.0",
+ "seeAlso": [
+ "https://github.com/microsoft/Open-Use-of-Data-Agreement/blob/v1.0/O-UDA-1.0.md",
+ "https://cdla.dev/open-use-of-data-agreement-v1-0/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPPL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPPL-1.2.json",
+ "referenceNumber": 56,
+ "name": "LaTeX Project Public License v1.2",
+ "licenseId": "LPPL-1.2",
+ "seeAlso": [
+ "http://www.latex-project.org/lppl/lppl-1-2.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.json",
+ "referenceNumber": 57,
+ "name": "Creative Commons Attribution Share Alike 2.1 Japan",
+ "licenseId": "CC-BY-SA-2.1-JP",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Spencer-94.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Spencer-94.json",
+ "referenceNumber": 58,
+ "name": "Spencer License 94",
+ "licenseId": "Spencer-94",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-1.2.json",
+ "referenceNumber": 59,
+ "name": "Open LDAP Public License v1.2",
+ "licenseId": "OLDAP-1.2",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d42b0383c50c299977b5893ee695cf4e486fb0dc7"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.7.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.7.json",
+ "referenceNumber": 60,
+ "name": "Open LDAP Public License v2.7",
+ "licenseId": "OLDAP-2.7",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d47c2415c1df81556eeb39be6cad458ef87c534a2"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Glulxe.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Glulxe.json",
+ "referenceNumber": 61,
+ "name": "Glulxe License",
+ "licenseId": "Glulxe",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Glulxe"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/iMatix.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/iMatix.json",
+ "referenceNumber": 62,
+ "name": "iMatix Standard Function Library Agreement",
+ "licenseId": "iMatix",
+ "seeAlso": [
+ "http://legacy.imatix.com/html/sfl/sfl4.htm#license"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/TAPR-OHL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TAPR-OHL-1.0.json",
+ "referenceNumber": 63,
+ "name": "TAPR Open Hardware License v1.0",
+ "licenseId": "TAPR-OHL-1.0",
+ "seeAlso": [
+ "https://www.tapr.org/OHL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NBPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NBPL-1.0.json",
+ "referenceNumber": 64,
+ "name": "Net Boolean Public License v1",
+ "licenseId": "NBPL-1.0",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d37b4b3f6cc4bf34e1d3dec61e69914b9819d8894"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-Protection.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-Protection.json",
+ "referenceNumber": 65,
+ "name": "BSD Protection License",
+ "licenseId": "BSD-Protection",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/BSD_Protection_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LiLiQ-R-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LiLiQ-R-1.1.json",
+ "referenceNumber": 66,
+ "name": "Licence Libre du Québec – Réciprocité version 1.1",
+ "licenseId": "LiLiQ-R-1.1",
+ "seeAlso": [
+ "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-liliq-r-v1-1/",
+ "http://opensource.org/licenses/LiLiQ-R-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Noweb.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Noweb.json",
+ "referenceNumber": 67,
+ "name": "Noweb License",
+ "licenseId": "Noweb",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Noweb"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.json",
+ "referenceNumber": 68,
+ "name": "GNU Free Documentation License v1.3 or later - invariants",
+ "licenseId": "GFDL-1.3-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC0-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC0-1.0.json",
+ "referenceNumber": 69,
+ "name": "Creative Commons Zero v1.0 Universal",
+ "licenseId": "CC0-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.5.json",
+ "referenceNumber": 70,
+ "name": "Creative Commons Attribution Non Commercial 2.5 Generic",
+ "licenseId": "CC-BY-NC-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Zlib.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Zlib.json",
+ "referenceNumber": 71,
+ "name": "zlib License",
+ "licenseId": "Zlib",
+ "seeAlso": [
+ "http://www.zlib.net/zlib_license.html",
+ "https://opensource.org/licenses/Zlib"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.json",
+ "referenceNumber": 72,
+ "name": "GNU Free Documentation License v1.1 or later - invariants",
+ "licenseId": "GFDL-1.1-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-3.0-AT.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-AT.json",
+ "referenceNumber": 73,
+ "name": "Creative Commons Attribution 3.0 Austria",
+ "licenseId": "CC-BY-3.0-AT",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/3.0/at/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPPL-1.3c.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPPL-1.3c.json",
+ "referenceNumber": 74,
+ "name": "LaTeX Project Public License v1.3c",
+ "licenseId": "LPPL-1.3c",
+ "seeAlso": [
+ "http://www.latex-project.org/lppl/lppl-1-3c.txt",
+ "https://opensource.org/licenses/LPPL-1.3c"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/EPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EPL-1.0.json",
+ "referenceNumber": 75,
+ "name": "Eclipse Public License 1.0",
+ "licenseId": "EPL-1.0",
+ "seeAlso": [
+ "http://www.eclipse.org/legal/epl-v10.html",
+ "https://opensource.org/licenses/EPL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/ANTLR-PD-fallback.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ANTLR-PD-fallback.json",
+ "referenceNumber": 76,
+ "name": "ANTLR Software Rights Notice with license fallback",
+ "licenseId": "ANTLR-PD-fallback",
+ "seeAlso": [
+ "http://www.antlr2.org/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.4.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.4.json",
+ "referenceNumber": 77,
+ "name": "Open LDAP Public License v2.4",
+ "licenseId": "OLDAP-2.4",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcd1284c4a91a8a380d904eee68d1583f989ed386"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Multics.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Multics.json",
+ "referenceNumber": 78,
+ "name": "Multics License",
+ "licenseId": "Multics",
+ "seeAlso": [
+ "https://opensource.org/licenses/Multics"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.3.json",
+ "referenceNumber": 79,
+ "name": "Open LDAP Public License v2.3",
+ "licenseId": "OLDAP-2.3",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dd32cf54a32d581ab475d23c810b0a7fbaf8d63c3"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/ZPL-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ZPL-2.1.json",
+ "referenceNumber": 80,
+ "name": "Zope Public License 2.1",
+ "licenseId": "ZPL-2.1",
+ "seeAlso": [
+ "http://old.zope.org/Resources/ZPL/"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.json",
+ "referenceNumber": 81,
+ "name": "Creative Commons Attribution Share Alike 3.0 Germany",
+ "licenseId": "CC-BY-SA-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SGI-B-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SGI-B-2.0.json",
+ "referenceNumber": 82,
+ "name": "SGI Free Software License B v2.0",
+ "licenseId": "SGI-B-2.0",
+ "seeAlso": [
+ "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Apache-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Apache-2.0.json",
+ "referenceNumber": 83,
+ "name": "Apache License 2.0",
+ "licenseId": "Apache-2.0",
+ "seeAlso": [
+ "https://www.apache.org/licenses/LICENSE-2.0",
+ "https://opensource.org/licenses/Apache-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Hippocratic-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Hippocratic-2.1.json",
+ "referenceNumber": 84,
+ "name": "Hippocratic License 2.1",
+ "licenseId": "Hippocratic-2.1",
+ "seeAlso": [
+ "https://firstdonoharm.dev/version/2/1/license.html",
+ "https://github.com/EthicalSource/hippocratic-license/blob/58c0e646d64ff6fbee275bfe2b9492f914e3ab2a/LICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.json",
+ "referenceNumber": 85,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic",
+ "licenseId": "CC-BY-NC-SA-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-3.0-US.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-US.json",
+ "referenceNumber": 86,
+ "name": "Creative Commons Attribution 3.0 United States",
+ "licenseId": "CC-BY-3.0-US",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/3.0/us/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/TCP-wrappers.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TCP-wrappers.json",
+ "referenceNumber": 87,
+ "name": "TCP Wrappers License",
+ "licenseId": "TCP-wrappers",
+ "seeAlso": [
+ "http://rc.quest.com/topics/openssh/license.php#tcpwrappers"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.json",
+ "referenceNumber": 88,
+ "name": "GNU Free Documentation License v1.2 or later - invariants",
+ "licenseId": "GFDL-1.2-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.1-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-or-later.json",
+ "referenceNumber": 89,
+ "name": "GNU Lesser General Public License v2.1 or later",
+ "licenseId": "LGPL-2.1-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+ "https://opensource.org/licenses/LGPL-2.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1.json",
+ "referenceNumber": 90,
+ "name": "GNU Free Documentation License v1.1",
+ "licenseId": "GFDL-1.1",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPPL-1.0.json",
+ "referenceNumber": 91,
+ "name": "LaTeX Project Public License v1.0",
+ "licenseId": "LPPL-1.0",
+ "seeAlso": [
+ "http://www.latex-project.org/lppl/lppl-1-0.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.0+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.0+.json",
+ "referenceNumber": 92,
+ "name": "GNU Library General Public License v2 or later",
+ "licenseId": "LGPL-2.0+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SGI-B-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SGI-B-1.0.json",
+ "referenceNumber": 93,
+ "name": "SGI Free Software License B v1.0",
+ "licenseId": "SGI-B-1.0",
+ "seeAlso": [
+ "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/APL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APL-1.0.json",
+ "referenceNumber": 94,
+ "name": "Adaptive Public License 1.0",
+ "licenseId": "APL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/APL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Unicode-DFS-2015.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2015.json",
+ "referenceNumber": 95,
+ "name": "Unicode License Agreement - Data Files and Software (2015)",
+ "licenseId": "Unicode-DFS-2015",
+ "seeAlso": [
+ "https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AFL-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AFL-2.1.json",
+ "referenceNumber": 96,
+ "name": "Academic Free License v2.1",
+ "licenseId": "AFL-2.1",
+ "seeAlso": [
+ "http://opensource.linux-mirror.org/licenses/afl-2.1.txt"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-1.0.json",
+ "referenceNumber": 97,
+ "name": "Creative Commons Attribution Non Commercial 1.0 Generic",
+ "licenseId": "CC-BY-NC-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GD.json",
+ "referenceNumber": 98,
+ "name": "GD License",
+ "licenseId": "GD",
+ "seeAlso": [
+ "https://libgd.github.io/manuals/2.3.0/files/license-txt.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AFL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AFL-1.1.json",
+ "referenceNumber": 99,
+ "name": "Academic Free License v1.1",
+ "licenseId": "AFL-1.1",
+ "seeAlso": [
+ "http://opensource.linux-mirror.org/licenses/afl-1.1.txt",
+ "http://wayback.archive.org/web/20021004124254/http://www.opensource.org/licenses/academic.php"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.json",
+ "referenceNumber": 100,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO",
+ "licenseId": "CC-BY-NC-ND-3.0-IGO",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MPL-1.1.json",
+ "referenceNumber": 101,
+ "name": "Mozilla Public License 1.1",
+ "licenseId": "MPL-1.1",
+ "seeAlso": [
+ "http://www.mozilla.org/MPL/MPL-1.1.html",
+ "https://opensource.org/licenses/MPL-1.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-only.json",
+ "referenceNumber": 102,
+ "name": "GNU Free Documentation License v1.2 only",
+ "licenseId": "GFDL-1.2-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CNRI-Jython.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CNRI-Jython.json",
+ "referenceNumber": 103,
+ "name": "CNRI Jython License",
+ "licenseId": "CNRI-Jython",
+ "seeAlso": [
+ "http://www.jython.org/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ZPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ZPL-1.1.json",
+ "referenceNumber": 104,
+ "name": "Zope Public License 1.1",
+ "licenseId": "ZPL-1.1",
+ "seeAlso": [
+ "http://old.zope.org/Resources/License/ZPL-1.1"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-only.json",
+ "referenceNumber": 105,
+ "name": "GNU General Public License v2.0 only",
+ "licenseId": "GPL-2.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+ "https://opensource.org/licenses/GPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/FreeImage.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FreeImage.json",
+ "referenceNumber": 106,
+ "name": "FreeImage Public License v1.0",
+ "licenseId": "FreeImage",
+ "seeAlso": [
+ "http://freeimage.sourceforge.net/freeimage-license.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SHL-0.51.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SHL-0.51.json",
+ "referenceNumber": 107,
+ "name": "Solderpad Hardware License, Version 0.51",
+ "licenseId": "SHL-0.51",
+ "seeAlso": [
+ "https://solderpad.org/licenses/SHL-0.51/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-4.0.json",
+ "referenceNumber": 108,
+ "name": "Creative Commons Attribution Non Commercial 4.0 International",
+ "licenseId": "CC-BY-NC-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/4.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Rdisc.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Rdisc.json",
+ "referenceNumber": 109,
+ "name": "Rdisc License",
+ "licenseId": "Rdisc",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Rdisc_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.json",
+ "referenceNumber": 110,
+ "name": "Mozilla Public License 2.0 (no copyleft exception)",
+ "licenseId": "MPL-2.0-no-copyleft-exception",
+ "seeAlso": [
+ "http://www.mozilla.org/MPL/2.0/",
+ "https://opensource.org/licenses/MPL-2.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.1.json",
+ "referenceNumber": 111,
+ "name": "Open LDAP Public License v2.1",
+ "licenseId": "OLDAP-2.1",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db0d176738e96a0d3b9f85cb51e140a86f21be715"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/libtiff.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/libtiff.json",
+ "referenceNumber": 112,
+ "name": "libtiff License",
+ "licenseId": "libtiff",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/libtiff"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Imlib2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Imlib2.json",
+ "referenceNumber": 113,
+ "name": "Imlib2 License",
+ "licenseId": "Imlib2",
+ "seeAlso": [
+ "http://trac.enlightenment.org/e/browser/trunk/imlib2/COPYING",
+ "https://git.enlightenment.org/legacy/imlib2.git/tree/COPYING"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-4-Clause-Shortened.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-Shortened.json",
+ "referenceNumber": 114,
+ "name": "BSD 4 Clause Shortened",
+ "licenseId": "BSD-4-Clause-Shortened",
+ "seeAlso": [
+ "https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AAL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AAL.json",
+ "referenceNumber": 115,
+ "name": "Attribution Assurance License",
+ "licenseId": "AAL",
+ "seeAlso": [
+ "https://opensource.org/licenses/attribution"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5.json",
+ "referenceNumber": 116,
+ "name": "Creative Commons Attribution 2.5 Generic",
+ "licenseId": "CC-BY-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/APSL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APSL-1.2.json",
+ "referenceNumber": 117,
+ "name": "Apple Public Source License 1.2",
+ "licenseId": "APSL-1.2",
+ "seeAlso": [
+ "http://www.samurajdata.se/opensource/mirror/licenses/apsl.php"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.0-no-RFN.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.0-no-RFN.json",
+ "referenceNumber": 118,
+ "name": "SIL Open Font License 1.0 with no Reserved Font Name",
+ "licenseId": "OFL-1.0-no-RFN",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Sendmail.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Sendmail.json",
+ "referenceNumber": 119,
+ "name": "Sendmail License",
+ "licenseId": "Sendmail",
+ "seeAlso": [
+ "http://www.sendmail.com/pdfs/open_source/sendmail_license.pdf",
+ "https://web.archive.org/web/20160322142305/https://www.sendmail.com/pdfs/open_source/sendmail_license.pdf"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-3.0-NL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-NL.json",
+ "referenceNumber": 120,
+ "name": "Creative Commons Attribution 3.0 Netherlands",
+ "licenseId": "CC-BY-3.0-NL",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/3.0/nl/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.json",
+ "referenceNumber": 121,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic",
+ "licenseId": "CC-BY-NC-ND-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ECL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ECL-1.0.json",
+ "referenceNumber": 122,
+ "name": "Educational Community License v1.0",
+ "licenseId": "ECL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/ECL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Afmparse.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Afmparse.json",
+ "referenceNumber": 123,
+ "name": "Afmparse License",
+ "licenseId": "Afmparse",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Afmparse"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.json",
+ "referenceNumber": 124,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany",
+ "licenseId": "CC-BY-NC-SA-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0.json",
+ "referenceNumber": 125,
+ "name": "Creative Commons Attribution Share Alike 3.0 Unported",
+ "licenseId": "CC-BY-SA-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NTP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NTP.json",
+ "referenceNumber": 126,
+ "name": "NTP License",
+ "licenseId": "NTP",
+ "seeAlso": [
+ "https://opensource.org/licenses/NTP"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MPL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MPL-2.0.json",
+ "referenceNumber": 127,
+ "name": "Mozilla Public License 2.0",
+ "licenseId": "MPL-2.0",
+ "seeAlso": [
+ "https://www.mozilla.org/MPL/2.0/",
+ "https://opensource.org/licenses/MPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-or-later.json",
+ "referenceNumber": 128,
+ "name": "GNU Free Documentation License v1.3 or later",
+ "licenseId": "GFDL-1.3-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPL-1.02.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPL-1.02.json",
+ "referenceNumber": 129,
+ "name": "Lucent Public License v1.02",
+ "licenseId": "LPL-1.02",
+ "seeAlso": [
+ "http://plan9.bell-labs.com/plan9/license.html",
+ "https://opensource.org/licenses/LPL-1.02"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/AFL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AFL-2.0.json",
+ "referenceNumber": 130,
+ "name": "Academic Free License v2.0",
+ "licenseId": "AFL-2.0",
+ "seeAlso": [
+ "http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0.json",
+ "referenceNumber": 131,
+ "name": "GNU General Public License v2.0 only",
+ "licenseId": "GPL-2.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+ "https://opensource.org/licenses/GPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Artistic-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Artistic-2.0.json",
+ "referenceNumber": 132,
+ "name": "Artistic License 2.0",
+ "licenseId": "Artistic-2.0",
+ "seeAlso": [
+ "http://www.perlfoundation.org/artistic_license_2_0",
+ "https://www.perlfoundation.org/artistic-license-20.html",
+ "https://opensource.org/licenses/artistic-license-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MS-RL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MS-RL.json",
+ "referenceNumber": 133,
+ "name": "Microsoft Reciprocal License",
+ "licenseId": "MS-RL",
+ "seeAlso": [
+ "http://www.microsoft.com/opensource/licenses.mspx",
+ "https://opensource.org/licenses/MS-RL"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/xpp.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/xpp.json",
+ "referenceNumber": 134,
+ "name": "XPP License",
+ "licenseId": "xpp",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/xpp"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.json",
+ "referenceNumber": 135,
+ "name": "GNU Free Documentation License v1.2 only - no invariants",
+ "licenseId": "GFDL-1.2-no-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ClArtistic.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ClArtistic.json",
+ "referenceNumber": 136,
+ "name": "Clarified Artistic License",
+ "licenseId": "ClArtistic",
+ "seeAlso": [
+ "http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/",
+ "http://www.ncftp.com/ncftp/doc/LICENSE.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/HaskellReport.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/HaskellReport.json",
+ "referenceNumber": 137,
+ "name": "Haskell Language Report License",
+ "licenseId": "HaskellReport",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-DE.json",
+ "referenceNumber": 138,
+ "name": "Creative Commons Attribution 3.0 Germany",
+ "licenseId": "CC-BY-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RSCPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RSCPL.json",
+ "referenceNumber": 139,
+ "name": "Ricoh Source Code Public License",
+ "licenseId": "RSCPL",
+ "seeAlso": [
+ "http://wayback.archive.org/web/20060715140826/http://www.risource.org/RPL/RPL-1.0A.shtml",
+ "https://opensource.org/licenses/RSCPL"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Intel.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Intel.json",
+ "referenceNumber": 140,
+ "name": "Intel Open Source License",
+ "licenseId": "Intel",
+ "seeAlso": [
+ "https://opensource.org/licenses/Intel"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.json",
+ "referenceNumber": 141,
+ "name": "GNU Free Documentation License v1.1 or later - no invariants",
+ "licenseId": "GFDL-1.1-no-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/APAFML.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APAFML.json",
+ "referenceNumber": 142,
+ "name": "Adobe Postscript AFM License",
+ "licenseId": "APAFML",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2.json",
+ "referenceNumber": 143,
+ "name": "GNU Free Documentation License v1.2",
+ "licenseId": "GFDL-1.2",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SISSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SISSL.json",
+ "referenceNumber": 144,
+ "name": "Sun Industry Standards Source License v1.1",
+ "licenseId": "SISSL",
+ "seeAlso": [
+ "http://www.openoffice.org/licenses/sissl_license.html",
+ "https://opensource.org/licenses/SISSL"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/HTMLTIDY.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/HTMLTIDY.json",
+ "referenceNumber": 145,
+ "name": "HTML Tidy License",
+ "licenseId": "HTMLTIDY",
+ "seeAlso": [
+ "https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Naumen.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Naumen.json",
+ "referenceNumber": 146,
+ "name": "Naumen Public License",
+ "licenseId": "Naumen",
+ "seeAlso": [
+ "https://opensource.org/licenses/Naumen"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.8.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.8.json",
+ "referenceNumber": 147,
+ "name": "Open LDAP Public License v2.8",
+ "licenseId": "OLDAP-2.8",
+ "seeAlso": [
+ "http://www.openldap.org/software/release/license.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/blessing.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/blessing.json",
+ "referenceNumber": 148,
+ "name": "SQLite Blessing",
+ "licenseId": "blessing",
+ "seeAlso": [
+ "https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln\u003d4-9",
+ "https://sqlite.org/src/artifact/df5091916dbb40e6"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-or-later.json",
+ "referenceNumber": 149,
+ "name": "GNU Library General Public License v2 or later",
+ "licenseId": "LGPL-2.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGTSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGTSL.json",
+ "referenceNumber": 150,
+ "name": "Open Group Test Suite License",
+ "licenseId": "OGTSL",
+ "seeAlso": [
+ "http://www.opengroup.org/testing/downloads/The_Open_Group_TSL.txt",
+ "https://opensource.org/licenses/OGTSL"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.0.json",
+ "referenceNumber": 151,
+ "name": "Creative Commons Attribution No Derivatives 2.0 Generic",
+ "licenseId": "CC-BY-ND-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Parity-7.0.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Parity-7.0.0.json",
+ "referenceNumber": 152,
+ "name": "The Parity Public License 7.0.0",
+ "licenseId": "Parity-7.0.0",
+ "seeAlso": [
+ "https://paritylicense.com/versions/7.0.0.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.json",
+ "referenceNumber": 153,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 4.0 International",
+ "licenseId": "CC-BY-NC-SA-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-1.0.json",
+ "referenceNumber": 154,
+ "name": "Creative Commons Attribution No Derivatives 1.0 Generic",
+ "licenseId": "CC-BY-ND-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CNRI-Python.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CNRI-Python.json",
+ "referenceNumber": 155,
+ "name": "CNRI Python License",
+ "licenseId": "CNRI-Python",
+ "seeAlso": [
+ "https://opensource.org/licenses/CNRI-Python"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/dvipdfm.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/dvipdfm.json",
+ "referenceNumber": 156,
+ "name": "dvipdfm License",
+ "licenseId": "dvipdfm",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/dvipdfm"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-3.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-3.0.json",
+ "referenceNumber": 157,
+ "name": "GNU Lesser General Public License v3.0 only",
+ "licenseId": "LGPL-3.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+ "https://opensource.org/licenses/LGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.5.json",
+ "referenceNumber": 158,
+ "name": "Open LDAP Public License v2.5",
+ "licenseId": "OLDAP-2.5",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d6852b9d90022e8593c98205413380536b1b5a7cf"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NLOD-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NLOD-1.0.json",
+ "referenceNumber": 159,
+ "name": "Norwegian Licence for Open Government Data (NLOD) 1.0",
+ "licenseId": "NLOD-1.0",
+ "seeAlso": [
+ "http://data.norge.no/nlod/en/1.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SMPPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SMPPL.json",
+ "referenceNumber": 160,
+ "name": "Secure Messaging Protocol Public License",
+ "licenseId": "SMPPL",
+ "seeAlso": [
+ "https://github.com/dcblake/SMP/blob/master/Documentation/License.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-1.0.json",
+ "referenceNumber": 161,
+ "name": "Creative Commons Attribution 1.0 Generic",
+ "licenseId": "CC-BY-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/UCL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/UCL-1.0.json",
+ "referenceNumber": 162,
+ "name": "Upstream Compatibility License v1.0",
+ "licenseId": "UCL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/UCL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Mup.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Mup.json",
+ "referenceNumber": 163,
+ "name": "Mup License",
+ "licenseId": "Mup",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Mup"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.1-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-only.json",
+ "referenceNumber": 164,
+ "name": "GNU Lesser General Public License v2.1 only",
+ "licenseId": "LGPL-2.1-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+ "https://opensource.org/licenses/LGPL-2.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GL2PS.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GL2PS.json",
+ "referenceNumber": 165,
+ "name": "GL2PS License",
+ "licenseId": "GL2PS",
+ "seeAlso": [
+ "http://www.geuz.org/gl2ps/COPYING.GL2PS"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/PHP-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PHP-3.0.json",
+ "referenceNumber": 166,
+ "name": "PHP License v3.0",
+ "licenseId": "PHP-3.0",
+ "seeAlso": [
+ "http://www.php.net/license/3_0.txt",
+ "https://opensource.org/licenses/PHP-3.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NIST-PD-fallback.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NIST-PD-fallback.json",
+ "referenceNumber": 167,
+ "name": "NIST Public Domain Notice with license fallback",
+ "licenseId": "NIST-PD-fallback",
+ "seeAlso": [
+ "https://github.com/usnistgov/jsip/blob/59700e6926cbe96c5cdae897d9a7d2656b42abe3/LICENSE",
+ "https://github.com/usnistgov/fipy/blob/86aaa5c2ba2c6f1be19593c5986071cf6568cc34/LICENSE.rst"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/W3C-20150513.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/W3C-20150513.json",
+ "referenceNumber": 168,
+ "name": "W3C Software Notice and Document License (2015-05-13)",
+ "licenseId": "W3C-20150513",
+ "seeAlso": [
+ "https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CPL-1.0.json",
+ "referenceNumber": 169,
+ "name": "Common Public License 1.0",
+ "licenseId": "CPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/CPL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGL-UK-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGL-UK-1.0.json",
+ "referenceNumber": 170,
+ "name": "Open Government Licence v1.0",
+ "licenseId": "OGL-UK-1.0",
+ "seeAlso": [
+ "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CrystalStacker.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CrystalStacker.json",
+ "referenceNumber": 171,
+ "name": "CrystalStacker License",
+ "licenseId": "CrystalStacker",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd\u003dLicensing/CrystalStacker"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/TCL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TCL.json",
+ "referenceNumber": 172,
+ "name": "TCL/TK License",
+ "licenseId": "TCL",
+ "seeAlso": [
+ "http://www.tcl.tk/software/tcltk/license.html",
+ "https://fedoraproject.org/wiki/Licensing/TCL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ZPL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ZPL-2.0.json",
+ "referenceNumber": 173,
+ "name": "Zope Public License 2.0",
+ "licenseId": "ZPL-2.0",
+ "seeAlso": [
+ "http://old.zope.org/Resources/License/ZPL-2.0",
+ "https://opensource.org/licenses/ZPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Frameworx-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Frameworx-1.0.json",
+ "referenceNumber": 174,
+ "name": "Frameworx Open License 1.0",
+ "licenseId": "Frameworx-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/Frameworx-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-3.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-only.json",
+ "referenceNumber": 175,
+ "name": "GNU Affero General Public License v3.0 only",
+ "licenseId": "AGPL-3.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/agpl.txt",
+ "https://opensource.org/licenses/AGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/DRL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/DRL-1.0.json",
+ "referenceNumber": 176,
+ "name": "Detection Rule License 1.0",
+ "licenseId": "DRL-1.0",
+ "seeAlso": [
+ "https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.0.json",
+ "referenceNumber": 177,
+ "name": "GNU Library General Public License v2 only",
+ "licenseId": "LGPL-2.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/EFL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EFL-2.0.json",
+ "referenceNumber": 178,
+ "name": "Eiffel Forum License v2.0",
+ "licenseId": "EFL-2.0",
+ "seeAlso": [
+ "http://www.eiffel-nice.org/license/eiffel-forum-license-2.html",
+ "https://opensource.org/licenses/EFL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.json",
+ "referenceNumber": 179,
+ "name": "Cryptographic Autonomy License 1.0 (Combined Work Exception)",
+ "licenseId": "CAL-1.0-Combined-Work-Exception",
+ "seeAlso": [
+ "http://cryptographicautonomylicense.com/license-text.html",
+ "https://opensource.org/licenses/CAL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-only.json",
+ "referenceNumber": 180,
+ "name": "GNU Free Documentation License v1.1 only - invariants",
+ "licenseId": "GFDL-1.1-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/psutils.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/psutils.json",
+ "referenceNumber": 181,
+ "name": "psutils License",
+ "licenseId": "psutils",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/psutils"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SHL-0.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SHL-0.5.json",
+ "referenceNumber": 182,
+ "name": "Solderpad Hardware License v0.5",
+ "licenseId": "SHL-0.5",
+ "seeAlso": [
+ "https://solderpad.org/licenses/SHL-0.5/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.0-RFN.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.0-RFN.json",
+ "referenceNumber": 183,
+ "name": "SIL Open Font License 1.0 with Reserved Font Name",
+ "licenseId": "OFL-1.0-RFN",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CERN-OHL-W-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CERN-OHL-W-2.0.json",
+ "referenceNumber": 184,
+ "name": "CERN Open Hardware Licence Version 2 - Weakly Reciprocal",
+ "licenseId": "CERN-OHL-W-2.0",
+ "seeAlso": [
+ "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NRL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NRL.json",
+ "referenceNumber": 185,
+ "name": "NRL License",
+ "licenseId": "NRL",
+ "seeAlso": [
+ "http://web.mit.edu/network/isakmp/nrllicense.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-2.1.json",
+ "referenceNumber": 186,
+ "name": "CeCILL Free Software License Agreement v2.1",
+ "licenseId": "CECILL-2.1",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Glide.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Glide.json",
+ "referenceNumber": 187,
+ "name": "3dfx Glide License",
+ "licenseId": "Glide",
+ "seeAlso": [
+ "http://www.users.on.net/~triforce/glidexp/COPYING.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SCEA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SCEA.json",
+ "referenceNumber": 188,
+ "name": "SCEA Shared Source License",
+ "licenseId": "SCEA",
+ "seeAlso": [
+ "http://research.scea.com/scea_shared_source_license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SPL-1.0.json",
+ "referenceNumber": 189,
+ "name": "Sun Public License v1.0",
+ "licenseId": "SPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/SPL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Apache-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Apache-1.1.json",
+ "referenceNumber": 190,
+ "name": "Apache License 1.1",
+ "licenseId": "Apache-1.1",
+ "seeAlso": [
+ "http://apache.org/licenses/LICENSE-1.1",
+ "https://opensource.org/licenses/Apache-1.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-4.0.json",
+ "referenceNumber": 191,
+ "name": "Creative Commons Attribution No Derivatives 4.0 International",
+ "licenseId": "CC-BY-ND-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/4.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SWL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SWL.json",
+ "referenceNumber": 192,
+ "name": "Scheme Widget Library (SWL) Software License Agreement",
+ "licenseId": "SWL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/SWL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/mpich2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/mpich2.json",
+ "referenceNumber": 193,
+ "name": "mpich2 License",
+ "licenseId": "mpich2",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MIT"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CERN-OHL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.1.json",
+ "referenceNumber": 194,
+ "name": "CERN Open Hardware Licence v1.1",
+ "licenseId": "CERN-OHL-1.1",
+ "seeAlso": [
+ "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Latex2e.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Latex2e.json",
+ "referenceNumber": 195,
+ "name": "Latex2e License",
+ "licenseId": "Latex2e",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Latex2e"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SGI-B-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SGI-B-1.1.json",
+ "referenceNumber": 196,
+ "name": "SGI Free Software License B v1.1",
+ "licenseId": "SGI-B-1.1",
+ "seeAlso": [
+ "http://oss.sgi.com/projects/FreeB/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/FreeBSD-DOC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FreeBSD-DOC.json",
+ "referenceNumber": 197,
+ "name": "FreeBSD Documentation License",
+ "licenseId": "FreeBSD-DOC",
+ "seeAlso": [
+ "https://www.freebsd.org/copyright/freebsd-doc-license/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Artistic-1.0-cl8.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-cl8.json",
+ "referenceNumber": 198,
+ "name": "Artistic License 1.0 w/clause 8",
+ "licenseId": "Artistic-1.0-cl8",
+ "seeAlso": [
+ "https://opensource.org/licenses/Artistic-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Zed.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Zed.json",
+ "referenceNumber": 199,
+ "name": "Zed License",
+ "licenseId": "Zed",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Zed"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RHeCos-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RHeCos-1.1.json",
+ "referenceNumber": 200,
+ "name": "Red Hat eCos Public License v1.1",
+ "licenseId": "RHeCos-1.1",
+ "seeAlso": [
+ "http://ecos.sourceware.org/old-license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SSPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SSPL-1.0.json",
+ "referenceNumber": 201,
+ "name": "Server Side Public License, v 1",
+ "licenseId": "SSPL-1.0",
+ "seeAlso": [
+ "https://www.mongodb.com/licensing/server-side-public-license"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/JasPer-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/JasPer-2.0.json",
+ "referenceNumber": 202,
+ "name": "JasPer License",
+ "licenseId": "JasPer-2.0",
+ "seeAlso": [
+ "http://www.ece.uvic.ca/~mdadams/jasper/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0+.json",
+ "referenceNumber": 203,
+ "name": "GNU General Public License v2.0 or later",
+ "licenseId": "GPL-2.0+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+ "https://opensource.org/licenses/GPL-2.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-1.4.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-1.4.json",
+ "referenceNumber": 204,
+ "name": "Open LDAP Public License v1.4",
+ "licenseId": "OLDAP-1.4",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dc9f95c2f3f2ffb5e0ae55fe7388af75547660941"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/libpng-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/libpng-2.0.json",
+ "referenceNumber": 205,
+ "name": "PNG Reference Library version 2",
+ "licenseId": "libpng-2.0",
+ "seeAlso": [
+ "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.json",
+ "referenceNumber": 206,
+ "name": "CNRI Python Open Source GPL Compatible License Agreement",
+ "licenseId": "CNRI-Python-GPL-Compatible",
+ "seeAlso": [
+ "http://www.python.org/download/releases/1.6.1/download_win/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-2.0.json",
+ "referenceNumber": 207,
+ "name": "Creative Commons Attribution 2.0 Generic",
+ "licenseId": "CC-BY-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Aladdin.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Aladdin.json",
+ "referenceNumber": 208,
+ "name": "Aladdin Free Public License",
+ "licenseId": "Aladdin",
+ "seeAlso": [
+ "http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Sleepycat.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Sleepycat.json",
+ "referenceNumber": 209,
+ "name": "Sleepycat License",
+ "licenseId": "Sleepycat",
+ "seeAlso": [
+ "https://opensource.org/licenses/Sleepycat"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Ruby.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Ruby.json",
+ "referenceNumber": 210,
+ "name": "Ruby License",
+ "licenseId": "Ruby",
+ "seeAlso": [
+ "http://www.ruby-lang.org/en/LICENSE.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/ImageMagick.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ImageMagick.json",
+ "referenceNumber": 211,
+ "name": "ImageMagick License",
+ "licenseId": "ImageMagick",
+ "seeAlso": [
+ "http://www.imagemagick.org/script/license.php"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-1.0.json",
+ "referenceNumber": 212,
+ "name": "CeCILL Free Software License Agreement v1.0",
+ "licenseId": "CECILL-1.0",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-only.json",
+ "referenceNumber": 213,
+ "name": "GNU Free Documentation License v1.1 only",
+ "licenseId": "GFDL-1.1-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NPL-1.1.json",
+ "referenceNumber": 214,
+ "name": "Netscape Public License v1.1",
+ "licenseId": "NPL-1.1",
+ "seeAlso": [
+ "http://www.mozilla.org/MPL/NPL/1.1/"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/TU-Berlin-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TU-Berlin-2.0.json",
+ "referenceNumber": 215,
+ "name": "Technische Universitaet Berlin License 2.0",
+ "licenseId": "TU-Berlin-2.0",
+ "seeAlso": [
+ "https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Cube.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Cube.json",
+ "referenceNumber": 216,
+ "name": "Cube License",
+ "licenseId": "Cube",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Cube"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0.json",
+ "referenceNumber": 217,
+ "name": "Creative Commons Attribution Share Alike 2.0 Generic",
+ "licenseId": "CC-BY-SA-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-advertising.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-advertising.json",
+ "referenceNumber": 218,
+ "name": "Enlightenment License (e16)",
+ "licenseId": "MIT-advertising",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-2.0.json",
+ "referenceNumber": 219,
+ "name": "CeCILL Free Software License Agreement v2.0",
+ "licenseId": "CECILL-2.0",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL_V2-en.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.json",
+ "referenceNumber": 220,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic",
+ "licenseId": "CC-BY-NC-SA-2.5",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Artistic-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Artistic-1.0.json",
+ "referenceNumber": 221,
+ "name": "Artistic License 1.0",
+ "licenseId": "Artistic-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/Artistic-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/AFL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AFL-1.2.json",
+ "referenceNumber": 222,
+ "name": "Academic Free License v1.2",
+ "licenseId": "AFL-1.2",
+ "seeAlso": [
+ "http://opensource.linux-mirror.org/licenses/afl-1.2.txt",
+ "http://wayback.archive.org/web/20021204204652/http://www.opensource.org/licenses/academic.php"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/X11.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/X11.json",
+ "referenceNumber": 223,
+ "name": "X11 License",
+ "licenseId": "X11",
+ "seeAlso": [
+ "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Bahyph.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Bahyph.json",
+ "referenceNumber": 224,
+ "name": "Bahyph License",
+ "licenseId": "Bahyph",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Bahyph"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.0.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.1.json",
+ "referenceNumber": 225,
+ "name": "Open LDAP Public License v2.0.1",
+ "licenseId": "OLDAP-2.0.1",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db6d68acd14e51ca3aab4428bf26522aa74873f0e"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSL-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSL-3.0.json",
+ "referenceNumber": 226,
+ "name": "Open Software License 3.0",
+ "licenseId": "OSL-3.0",
+ "seeAlso": [
+ "https://web.archive.org/web/20120101081418/http://rosenlaw.com:80/OSL3.0.htm",
+ "https://opensource.org/licenses/OSL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/EUDatagrid.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EUDatagrid.json",
+ "referenceNumber": 227,
+ "name": "EU DataGrid Software License",
+ "licenseId": "EUDatagrid",
+ "seeAlso": [
+ "http://eu-datagrid.web.cern.ch/eu-datagrid/license.html",
+ "https://opensource.org/licenses/EUDatagrid"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MTLL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MTLL.json",
+ "referenceNumber": 228,
+ "name": "Matrix Template Library License",
+ "licenseId": "MTLL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-only.json",
+ "referenceNumber": 229,
+ "name": "GNU Free Documentation License v1.2 only - invariants",
+ "licenseId": "GFDL-1.2-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/curl.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/curl.json",
+ "referenceNumber": 230,
+ "name": "curl License",
+ "licenseId": "curl",
+ "seeAlso": [
+ "https://github.com/bagder/curl/blob/master/COPYING"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0.json",
+ "referenceNumber": 231,
+ "name": "Creative Commons Attribution 3.0 Unported",
+ "licenseId": "CC-BY-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/DSDP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/DSDP.json",
+ "referenceNumber": 232,
+ "name": "DSDP License",
+ "licenseId": "DSDP",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/DSDP"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LAL-1.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LAL-1.3.json",
+ "referenceNumber": 233,
+ "name": "Licence Art Libre 1.3",
+ "licenseId": "LAL-1.3",
+ "seeAlso": [
+ "https://artlibre.org/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CERN-OHL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.2.json",
+ "referenceNumber": 234,
+ "name": "CERN Open Hardware Licence v1.2",
+ "licenseId": "CERN-OHL-1.2",
+ "seeAlso": [
+ "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.json",
+ "referenceNumber": 235,
+ "name": "GNU General Public License v3.0 w/Autoconf exception",
+ "licenseId": "GPL-3.0-with-autoconf-exception",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/autoconf-exception-3.0.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/TOSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TOSL.json",
+ "referenceNumber": 236,
+ "name": "Trusster Open Source License",
+ "licenseId": "TOSL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/TOSL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.json",
+ "referenceNumber": 237,
+ "name": "GNU Free Documentation License v1.3 only - no invariants",
+ "licenseId": "GFDL-1.3-no-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Qhull.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Qhull.json",
+ "referenceNumber": 238,
+ "name": "Qhull License",
+ "licenseId": "Qhull",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Qhull"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/TORQUE-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TORQUE-1.1.json",
+ "referenceNumber": 239,
+ "name": "TORQUE v2.5+ Software License v1.1",
+ "licenseId": "TORQUE-1.1",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/TORQUEv1.1"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MS-PL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MS-PL.json",
+ "referenceNumber": 240,
+ "name": "Microsoft Public License",
+ "licenseId": "MS-PL",
+ "seeAlso": [
+ "http://www.microsoft.com/opensource/licenses.mspx",
+ "https://opensource.org/licenses/MS-PL"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Apache-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Apache-1.0.json",
+ "referenceNumber": 241,
+ "name": "Apache License 1.0",
+ "licenseId": "Apache-1.0",
+ "seeAlso": [
+ "http://www.apache.org/licenses/LICENSE-1.0"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/copyleft-next-0.3.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.1.json",
+ "referenceNumber": 242,
+ "name": "copyleft-next 0.3.1",
+ "licenseId": "copyleft-next-0.3.1",
+ "seeAlso": [
+ "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-or-later.json",
+ "referenceNumber": 243,
+ "name": "GNU Free Documentation License v1.2 or later",
+ "licenseId": "GFDL-1.2-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0+.json",
+ "referenceNumber": 244,
+ "name": "GNU General Public License v3.0 or later",
+ "licenseId": "GPL-3.0+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+ "https://opensource.org/licenses/GPL-3.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MulanPSL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MulanPSL-2.0.json",
+ "referenceNumber": 245,
+ "name": "Mulan Permissive Software License, Version 2",
+ "licenseId": "MulanPSL-2.0",
+ "seeAlso": [
+ "https://license.coscl.org.cn/MulanPSL2/"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/FSFAP.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FSFAP.json",
+ "referenceNumber": 246,
+ "name": "FSF All Permissive License",
+ "licenseId": "FSFAP",
+ "seeAlso": [
+ "https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDLA-Sharing-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDLA-Sharing-1.0.json",
+ "referenceNumber": 247,
+ "name": "Community Data License Agreement Sharing 1.0",
+ "licenseId": "CDLA-Sharing-1.0",
+ "seeAlso": [
+ "https://cdla.io/sharing-1-0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-1.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-only.json",
+ "referenceNumber": 248,
+ "name": "Affero General Public License v1.0 only",
+ "licenseId": "AGPL-1.0-only",
+ "seeAlso": [
+ "http://www.affero.org/oagpl.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-only.json",
+ "referenceNumber": 249,
+ "name": "GNU Free Documentation License v1.3 only - invariants",
+ "licenseId": "GFDL-1.3-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-4-Clause-UC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-UC.json",
+ "referenceNumber": 250,
+ "name": "BSD-4-Clause (University of California-Specific)",
+ "licenseId": "BSD-4-Clause-UC",
+ "seeAlso": [
+ "http://www.freebsd.org/copyright/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/XFree86-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/XFree86-1.1.json",
+ "referenceNumber": 251,
+ "name": "XFree86 License 1.1",
+ "licenseId": "XFree86-1.1",
+ "seeAlso": [
+ "http://www.xfree86.org/current/LICENSE4.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SNIA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SNIA.json",
+ "referenceNumber": 252,
+ "name": "SNIA Public License 1.1",
+ "licenseId": "SNIA",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/SNIA_Public_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Spencer-99.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Spencer-99.json",
+ "referenceNumber": 253,
+ "name": "Spencer License 99",
+ "licenseId": "Spencer-99",
+ "seeAlso": [
+ "http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CATOSL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CATOSL-1.1.json",
+ "referenceNumber": 254,
+ "name": "Computer Associates Trusted Open Source License 1.1",
+ "licenseId": "CATOSL-1.1",
+ "seeAlso": [
+ "https://opensource.org/licenses/CATOSL-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.json",
+ "referenceNumber": 255,
+ "name": "GNU Free Documentation License v1.3 or later - no invariants",
+ "licenseId": "GFDL-1.3-no-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPPL-1.1.json",
+ "referenceNumber": 256,
+ "name": "LaTeX Project Public License v1.1",
+ "licenseId": "LPPL-1.1",
+ "seeAlso": [
+ "http://www.latex-project.org/lppl/lppl-1-1.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDDL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDDL-1.0.json",
+ "referenceNumber": 257,
+ "name": "Common Development and Distribution License 1.0",
+ "licenseId": "CDDL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/cddl1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/FTL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FTL.json",
+ "referenceNumber": 258,
+ "name": "Freetype Project License",
+ "licenseId": "FTL",
+ "seeAlso": [
+ "http://freetype.fis.uniroma2.it/FTL.TXT",
+ "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT",
+ "http://gitlab.freedesktop.org/freetype/freetype/-/raw/master/docs/FTL.TXT"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LAL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LAL-1.2.json",
+ "referenceNumber": 259,
+ "name": "Licence Art Libre 1.2",
+ "licenseId": "LAL-1.2",
+ "seeAlso": [
+ "http://artlibre.org/licence/lal/licence-art-libre-12/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ICU.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ICU.json",
+ "referenceNumber": 260,
+ "name": "ICU License",
+ "licenseId": "ICU",
+ "seeAlso": [
+ "http://source.icu-project.org/repos/icu/icu/trunk/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MirOS.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MirOS.json",
+ "referenceNumber": 261,
+ "name": "The MirOS Licence",
+ "licenseId": "MirOS",
+ "seeAlso": [
+ "https://opensource.org/licenses/MirOS"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.json",
+ "referenceNumber": 262,
+ "name": "BSD 2-Clause NetBSD License",
+ "licenseId": "BSD-2-Clause-NetBSD",
+ "seeAlso": [
+ "http://www.netbsd.org/about/redistribution.html#default"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.json",
+ "referenceNumber": 263,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported",
+ "licenseId": "CC-BY-NC-ND-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Xerox.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Xerox.json",
+ "referenceNumber": 264,
+ "name": "Xerox License",
+ "licenseId": "Xerox",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Xerox"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.json",
+ "referenceNumber": 265,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic",
+ "licenseId": "CC-BY-NC-ND-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSET-PL-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSET-PL-2.1.json",
+ "referenceNumber": 266,
+ "name": "OSET Public License version 2.1",
+ "licenseId": "OSET-PL-2.1",
+ "seeAlso": [
+ "http://www.osetfoundation.org/public-license",
+ "https://opensource.org/licenses/OPL-2.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SISSL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SISSL-1.2.json",
+ "referenceNumber": 267,
+ "name": "Sun Industry Standards Source License v1.2",
+ "licenseId": "SISSL-1.2",
+ "seeAlso": [
+ "http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Adobe-Glyph.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Adobe-Glyph.json",
+ "referenceNumber": 268,
+ "name": "Adobe Glyph List License",
+ "licenseId": "Adobe-Glyph",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Linux-OpenIB.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Linux-OpenIB.json",
+ "referenceNumber": 269,
+ "name": "Linux Kernel Variant of OpenIB.org license",
+ "licenseId": "Linux-OpenIB",
+ "seeAlso": [
+ "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/etalab-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/etalab-2.0.json",
+ "referenceNumber": 270,
+ "name": "Etalab Open License 2.0",
+ "licenseId": "etalab-2.0",
+ "seeAlso": [
+ "https://github.com/DISIC/politique-de-contribution-open-source/blob/master/LICENSE.pdf",
+ "https://raw.githubusercontent.com/DISIC/politique-de-contribution-open-source/master/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Wsuipa.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Wsuipa.json",
+ "referenceNumber": 271,
+ "name": "Wsuipa License",
+ "licenseId": "Wsuipa",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Wsuipa"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AMPAS.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AMPAS.json",
+ "referenceNumber": 272,
+ "name": "Academy of Motion Picture Arts and Sciences BSD",
+ "licenseId": "AMPAS",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-1.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-1.0-or-later.json",
+ "referenceNumber": 273,
+ "name": "GNU General Public License v1.0 or later",
+ "licenseId": "GPL-1.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BUSL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BUSL-1.1.json",
+ "referenceNumber": 274,
+ "name": "Business Source License 1.1",
+ "licenseId": "BUSL-1.1",
+ "seeAlso": [
+ "https://mariadb.com/bsl11/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/0BSD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/0BSD.json",
+ "referenceNumber": 275,
+ "name": "BSD Zero Clause License",
+ "licenseId": "0BSD",
+ "seeAlso": [
+ "http://landley.net/toybox/license.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/W3C-19980720.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/W3C-19980720.json",
+ "referenceNumber": 276,
+ "name": "W3C Software Notice and License (1998-07-20)",
+ "licenseId": "W3C-19980720",
+ "seeAlso": [
+ "http://www.w3.org/Consortium/Legal/copyright-software-19980720.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.json",
+ "referenceNumber": 277,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported",
+ "licenseId": "CC-BY-NC-SA-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/FSFUL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FSFUL.json",
+ "referenceNumber": 278,
+ "name": "FSF Unlimited License",
+ "licenseId": "FSFUL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.json",
+ "referenceNumber": 279,
+ "name": "PolyForm Noncommercial License 1.0.0",
+ "licenseId": "PolyForm-Noncommercial-1.0.0",
+ "seeAlso": [
+ "https://polyformproject.org/licenses/noncommercial/1.0.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Zimbra-1.4.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Zimbra-1.4.json",
+ "referenceNumber": 280,
+ "name": "Zimbra Public License v1.4",
+ "licenseId": "Zimbra-1.4",
+ "seeAlso": [
+ "http://www.zimbra.com/legal/zimbra-public-license-1-4"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/DOC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/DOC.json",
+ "referenceNumber": 281,
+ "name": "DOC License",
+ "licenseId": "DOC",
+ "seeAlso": [
+ "http://www.cs.wustl.edu/~schmidt/ACE-copying.html",
+ "https://www.dre.vanderbilt.edu/~schmidt/ACE-copying.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/TMate.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TMate.json",
+ "referenceNumber": 282,
+ "name": "TMate Open Source License",
+ "licenseId": "TMate",
+ "seeAlso": [
+ "http://svnkit.com/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AMDPLPA.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AMDPLPA.json",
+ "referenceNumber": 283,
+ "name": "AMD\u0027s plpa_map.c License",
+ "licenseId": "AMDPLPA",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-open-group.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-open-group.json",
+ "referenceNumber": 284,
+ "name": "MIT Open Group variant",
+ "licenseId": "MIT-open-group",
+ "seeAlso": [
+ "https://gitlab.freedesktop.org/xorg/app/iceauth/-/blob/master/COPYING",
+ "https://gitlab.freedesktop.org/xorg/app/xvinfo/-/blob/master/COPYING",
+ "https://gitlab.freedesktop.org/xorg/app/xsetroot/-/blob/master/COPYING",
+ "https://gitlab.freedesktop.org/xorg/app/xauth/-/blob/master/COPYING"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-4.0.json",
+ "referenceNumber": 285,
+ "name": "Creative Commons Attribution 4.0 International",
+ "licenseId": "CC-BY-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by/4.0/legalcode"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.json",
+ "referenceNumber": 286,
+ "name": "BSD 3-Clause No Military License",
+ "licenseId": "BSD-3-Clause-No-Military-License",
+ "seeAlso": [
+ "https://gitlab.syncad.com/hive/dhive/-/blob/master/LICENSE",
+ "https://github.com/greymass/swift-eosio/blob/master/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Condor-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Condor-1.1.json",
+ "referenceNumber": 287,
+ "name": "Condor Public License v1.1",
+ "licenseId": "Condor-1.1",
+ "seeAlso": [
+ "http://research.cs.wisc.edu/condor/license.html#condor",
+ "http://web.archive.org/web/20111123062036/http://research.cs.wisc.edu/condor/license.html#condor"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGL-Canada-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGL-Canada-2.0.json",
+ "referenceNumber": 288,
+ "name": "Open Government Licence - Canada",
+ "licenseId": "OGL-Canada-2.0",
+ "seeAlso": [
+ "https://open.canada.ca/en/open-government-licence-canada"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.json",
+ "referenceNumber": 289,
+ "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO",
+ "licenseId": "CC-BY-NC-SA-3.0-IGO",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/EFL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EFL-1.0.json",
+ "referenceNumber": 290,
+ "name": "Eiffel Forum License v1.0",
+ "licenseId": "EFL-1.0",
+ "seeAlso": [
+ "http://www.eiffel-nice.org/license/forum.txt",
+ "https://opensource.org/licenses/EFL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Newsletr.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Newsletr.json",
+ "referenceNumber": 291,
+ "name": "Newsletr License",
+ "licenseId": "Newsletr",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Newsletr"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/copyleft-next-0.3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.0.json",
+ "referenceNumber": 292,
+ "name": "copyleft-next 0.3.0",
+ "licenseId": "copyleft-next-0.3.0",
+ "seeAlso": [
+ "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3.json",
+ "referenceNumber": 293,
+ "name": "GNU Free Documentation License v1.3",
+ "licenseId": "GFDL-1.3",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0-or-later.json",
+ "referenceNumber": 294,
+ "name": "GNU General Public License v3.0 or later",
+ "licenseId": "GPL-3.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+ "https://opensource.org/licenses/GPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDLA-Permissive-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-2.0.json",
+ "referenceNumber": 295,
+ "name": "Community Data License Agreement Permissive 2.0",
+ "licenseId": "CDLA-Permissive-2.0",
+ "seeAlso": [
+ "https://cdla.dev/permissive-2-0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-ND-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0.json",
+ "referenceNumber": 296,
+ "name": "Creative Commons Attribution No Derivatives 3.0 Unported",
+ "licenseId": "CC-BY-ND-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/C-UDA-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/C-UDA-1.0.json",
+ "referenceNumber": 297,
+ "name": "Computational Use of Data Agreement v1.0",
+ "licenseId": "C-UDA-1.0",
+ "seeAlso": [
+ "https://github.com/microsoft/Computational-Use-of-Data-Agreement/blob/master/C-UDA-1.0.md",
+ "https://cdla.dev/computational-use-of-data-agreement-v1-0/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Vim.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Vim.json",
+ "referenceNumber": 298,
+ "name": "Vim License",
+ "licenseId": "Vim",
+ "seeAlso": [
+ "http://vimdoc.sourceforge.net/htmldoc/uganda.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.json",
+ "referenceNumber": 299,
+ "name": "GNU General Public License v2.0 w/Classpath exception",
+ "licenseId": "GPL-2.0-with-classpath-exception",
+ "seeAlso": [
+ "https://www.gnu.org/software/classpath/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Barr.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Barr.json",
+ "referenceNumber": 300,
+ "name": "Barr License",
+ "licenseId": "Barr",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Barr"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ADSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ADSL.json",
+ "referenceNumber": 301,
+ "name": "Amazon Digital Services License",
+ "licenseId": "ADSL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDL-1.0.json",
+ "referenceNumber": 302,
+ "name": "Common Documentation License 1.0",
+ "licenseId": "CDL-1.0",
+ "seeAlso": [
+ "http://www.opensource.apple.com/cdl/",
+ "https://fedoraproject.org/wiki/Licensing/Common_Documentation_License",
+ "https://www.gnu.org/licenses/license-list.html#ACDL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-1.0.json",
+ "referenceNumber": 303,
+ "name": "Creative Commons Attribution Share Alike 1.0 Generic",
+ "licenseId": "CC-BY-SA-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.1.json",
+ "referenceNumber": 304,
+ "name": "SIL Open Font License 1.1",
+ "licenseId": "OFL-1.1",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+ "https://opensource.org/licenses/OFL-1.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GLWTPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GLWTPL.json",
+ "referenceNumber": 305,
+ "name": "Good Luck With That Public License",
+ "licenseId": "GLWTPL",
+ "seeAlso": [
+ "https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NPL-1.0.json",
+ "referenceNumber": 306,
+ "name": "Netscape Public License v1.0",
+ "licenseId": "NPL-1.0",
+ "seeAlso": [
+ "http://www.mozilla.org/MPL/NPL/1.0/"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/xinetd.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/xinetd.json",
+ "referenceNumber": 307,
+ "name": "xinetd License",
+ "licenseId": "xinetd",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Xinetd_License"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-only.json",
+ "referenceNumber": 308,
+ "name": "GNU Library General Public License v2 only",
+ "licenseId": "LGPL-2.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/zlib-acknowledgement.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/zlib-acknowledgement.json",
+ "referenceNumber": 309,
+ "name": "zlib/libpng License with Acknowledgement",
+ "licenseId": "zlib-acknowledgement",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.1.json",
+ "referenceNumber": 310,
+ "name": "Open LDAP Public License v2.2.1",
+ "licenseId": "OLDAP-2.2.1",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d4bc786f34b50aa301be6f5600f58a980070f481e"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/APSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APSL-1.0.json",
+ "referenceNumber": 311,
+ "name": "Apple Public Source License 1.0",
+ "licenseId": "APSL-1.0",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-LBNL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-LBNL.json",
+ "referenceNumber": 312,
+ "name": "Lawrence Berkeley National Labs BSD variant license",
+ "licenseId": "BSD-3-Clause-LBNL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/LBNLBSD"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/PostgreSQL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PostgreSQL.json",
+ "referenceNumber": 313,
+ "name": "PostgreSQL License",
+ "licenseId": "PostgreSQL",
+ "seeAlso": [
+ "http://www.postgresql.org/about/licence",
+ "https://opensource.org/licenses/PostgreSQL"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-3.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-only.json",
+ "referenceNumber": 314,
+ "name": "GNU Lesser General Public License v3.0 only",
+ "licenseId": "LGPL-3.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+ "https://opensource.org/licenses/LGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGC-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGC-1.0.json",
+ "referenceNumber": 315,
+ "name": "OGC Software License, Version 1.0",
+ "licenseId": "OGC-1.0",
+ "seeAlso": [
+ "https://www.ogc.org/ogc/software/1.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Dotseqn.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Dotseqn.json",
+ "referenceNumber": 316,
+ "name": "Dotseqn License",
+ "licenseId": "Dotseqn",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Dotseqn"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MakeIndex.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MakeIndex.json",
+ "referenceNumber": 317,
+ "name": "MakeIndex License",
+ "licenseId": "MakeIndex",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MakeIndex"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0-only.json",
+ "referenceNumber": 318,
+ "name": "GNU General Public License v3.0 only",
+ "licenseId": "GPL-3.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+ "https://opensource.org/licenses/GPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.json",
+ "referenceNumber": 319,
+ "name": "BSD 3-Clause No Nuclear License 2014",
+ "licenseId": "BSD-3-Clause-No-Nuclear-License-2014",
+ "seeAlso": [
+ "https://java.net/projects/javaeetutorial/pages/BerkeleyLicense"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-1.0-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-1.0-only.json",
+ "referenceNumber": 320,
+ "name": "GNU General Public License v1.0 only",
+ "licenseId": "GPL-1.0-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-1.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-or-later.json",
+ "referenceNumber": 321,
+ "name": "Affero General Public License v1.0 or later",
+ "licenseId": "AGPL-1.0-or-later",
+ "seeAlso": [
+ "http://www.affero.org/oagpl.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSL-1.0.json",
+ "referenceNumber": 322,
+ "name": "Boost Software License 1.0",
+ "licenseId": "BSL-1.0",
+ "seeAlso": [
+ "http://www.boost.org/LICENSE_1_0.txt",
+ "https://opensource.org/licenses/BSL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/IJG.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/IJG.json",
+ "referenceNumber": 323,
+ "name": "Independent JPEG Group License",
+ "licenseId": "IJG",
+ "seeAlso": [
+ "http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev\u003d1.2"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.1-no-RFN.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.1-no-RFN.json",
+ "referenceNumber": 324,
+ "name": "SIL Open Font License 1.1 with no Reserved Font Name",
+ "licenseId": "OFL-1.1-no-RFN",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+ "https://opensource.org/licenses/OFL-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Libpng.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Libpng.json",
+ "referenceNumber": 325,
+ "name": "libpng License",
+ "licenseId": "Libpng",
+ "seeAlso": [
+ "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0.json",
+ "referenceNumber": 326,
+ "name": "Creative Commons Attribution Non Commercial 3.0 Unported",
+ "licenseId": "CC-BY-NC-3.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/3.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.0.json",
+ "referenceNumber": 327,
+ "name": "Creative Commons Attribution Non Commercial 2.0 Generic",
+ "licenseId": "CC-BY-NC-2.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/2.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Unlicense.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Unlicense.json",
+ "referenceNumber": 328,
+ "name": "The Unlicense",
+ "licenseId": "Unlicense",
+ "seeAlso": [
+ "https://unlicense.org/"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPL-1.0.json",
+ "referenceNumber": 329,
+ "name": "Lucent Public License Version 1.0",
+ "licenseId": "LPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/LPL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/bzip2-1.0.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.5.json",
+ "referenceNumber": 330,
+ "name": "bzip2 and libbzip2 License v1.0.5",
+ "licenseId": "bzip2-1.0.5",
+ "seeAlso": [
+ "https://sourceware.org/bzip2/1.0.5/bzip2-manual-1.0.5.html",
+ "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Entessa.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Entessa.json",
+ "referenceNumber": 331,
+ "name": "Entessa Public License v1.0",
+ "licenseId": "Entessa",
+ "seeAlso": [
+ "https://opensource.org/licenses/Entessa"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-2-Clause-Patent.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Patent.json",
+ "referenceNumber": 332,
+ "name": "BSD-2-Clause Plus Patent License",
+ "licenseId": "BSD-2-Clause-Patent",
+ "seeAlso": [
+ "https://opensource.org/licenses/BSDplusPatent"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/ECL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ECL-2.0.json",
+ "referenceNumber": 333,
+ "name": "Educational Community License v2.0",
+ "licenseId": "ECL-2.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/ECL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Crossword.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Crossword.json",
+ "referenceNumber": 334,
+ "name": "Crossword License",
+ "licenseId": "Crossword",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Crossword"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.json",
+ "referenceNumber": 335,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic",
+ "licenseId": "CC-BY-NC-ND-1.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OCLC-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OCLC-2.0.json",
+ "referenceNumber": 336,
+ "name": "OCLC Research Public License 2.0",
+ "licenseId": "OCLC-2.0",
+ "seeAlso": [
+ "http://www.oclc.org/research/activities/software/license/v2final.htm",
+ "https://opensource.org/licenses/OCLC-2.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/libselinux-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/libselinux-1.0.json",
+ "referenceNumber": 337,
+ "name": "libselinux public domain notice",
+ "licenseId": "libselinux-1.0",
+ "seeAlso": [
+ "https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-1.1.json",
+ "referenceNumber": 338,
+ "name": "CeCILL Free Software License Agreement v1.1",
+ "licenseId": "CECILL-1.1",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGDL-Taiwan-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGDL-Taiwan-1.0.json",
+ "referenceNumber": 339,
+ "name": "Taiwan Open Government Data License, version 1.0",
+ "licenseId": "OGDL-Taiwan-1.0",
+ "seeAlso": [
+ "https://data.gov.tw/license"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-1-Clause.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-1-Clause.json",
+ "referenceNumber": 340,
+ "name": "BSD 1-Clause License",
+ "licenseId": "BSD-1-Clause",
+ "seeAlso": [
+ "https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision\u003d326823"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BitTorrent-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.1.json",
+ "referenceNumber": 341,
+ "name": "BitTorrent Open Source License v1.1",
+ "licenseId": "BitTorrent-1.1",
+ "seeAlso": [
+ "http://directory.fsf.org/wiki/License:BitTorrentOSL1.1"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-enna.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-enna.json",
+ "referenceNumber": 342,
+ "name": "enna License",
+ "licenseId": "MIT-enna",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MIT#enna"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ANTLR-PD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ANTLR-PD.json",
+ "referenceNumber": 343,
+ "name": "ANTLR Software Rights Notice",
+ "licenseId": "ANTLR-PD",
+ "seeAlso": [
+ "http://www.antlr2.org/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-or-later.json",
+ "referenceNumber": 344,
+ "name": "GNU General Public License v2.0 or later",
+ "licenseId": "GPL-2.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+ "https://opensource.org/licenses/GPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.json",
+ "referenceNumber": 345,
+ "name": "Creative Commons Attribution Share Alike 3.0 Austria",
+ "licenseId": "CC-BY-SA-3.0-AT",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/3.0/at/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CPOL-1.02.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CPOL-1.02.json",
+ "referenceNumber": 346,
+ "name": "Code Project Open License 1.02",
+ "licenseId": "CPOL-1.02",
+ "seeAlso": [
+ "http://www.codeproject.com/info/cpol10.aspx"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.1-RFN.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.1-RFN.json",
+ "referenceNumber": 347,
+ "name": "SIL Open Font License 1.1 with Reserved Font Name",
+ "licenseId": "OFL-1.1-RFN",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+ "https://opensource.org/licenses/OFL-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.json",
+ "referenceNumber": 348,
+ "name": "GNU General Public License v3.0 w/GCC Runtime Library exception",
+ "licenseId": "GPL-3.0-with-GCC-exception",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gcc-exception-3.1.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/IPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/IPL-1.0.json",
+ "referenceNumber": 349,
+ "name": "IBM Public License v1.0",
+ "licenseId": "IPL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/IPL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NTP-0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NTP-0.json",
+ "referenceNumber": 350,
+ "name": "NTP No Attribution",
+ "licenseId": "NTP-0",
+ "seeAlso": [
+ "https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SugarCRM-1.1.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SugarCRM-1.1.3.json",
+ "referenceNumber": 351,
+ "name": "SugarCRM Public License v1.1.3",
+ "licenseId": "SugarCRM-1.1.3",
+ "seeAlso": [
+ "http://www.sugarcrm.com/crm/SPL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT.json",
+ "referenceNumber": 352,
+ "name": "MIT License",
+ "licenseId": "MIT",
+ "seeAlso": [
+ "https://opensource.org/licenses/MIT"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Watcom-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Watcom-1.0.json",
+ "referenceNumber": 353,
+ "name": "Sybase Open Watcom Public License 1.0",
+ "licenseId": "Watcom-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/Watcom-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/FSFULLR.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/FSFULLR.json",
+ "referenceNumber": 354,
+ "name": "FSF Unlimited License (with License Retention)",
+ "licenseId": "FSFULLR",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.json",
+ "referenceNumber": 355,
+ "name": "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France",
+ "licenseId": "CC-BY-NC-SA-2.0-FR",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-2-Clause.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause.json",
+ "referenceNumber": 356,
+ "name": "BSD 2-Clause \"Simplified\" License",
+ "licenseId": "BSD-2-Clause",
+ "seeAlso": [
+ "https://opensource.org/licenses/BSD-2-Clause"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SSH-OpenSSH.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SSH-OpenSSH.json",
+ "referenceNumber": 357,
+ "name": "SSH OpenSSH license",
+ "licenseId": "SSH-OpenSSH",
+ "seeAlso": [
+ "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-1.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-1.3.json",
+ "referenceNumber": 358,
+ "name": "Open LDAP Public License v1.3",
+ "licenseId": "OLDAP-1.3",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003de5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ODbL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ODbL-1.0.json",
+ "referenceNumber": 359,
+ "name": "Open Data Commons Open Database License v1.0",
+ "licenseId": "ODbL-1.0",
+ "seeAlso": [
+ "http://www.opendatacommons.org/licenses/odbl/1.0/",
+ "https://opendatacommons.org/licenses/odbl/1-0/"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.3-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-only.json",
+ "referenceNumber": 360,
+ "name": "GNU Free Documentation License v1.3 only",
+ "licenseId": "GFDL-1.3-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/fdl-1.3.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/HPND.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/HPND.json",
+ "referenceNumber": 361,
+ "name": "Historical Permission Notice and Disclaimer",
+ "licenseId": "HPND",
+ "seeAlso": [
+ "https://opensource.org/licenses/HPND"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NASA-1.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NASA-1.3.json",
+ "referenceNumber": 362,
+ "name": "NASA Open Source Agreement 1.3",
+ "licenseId": "NASA-1.3",
+ "seeAlso": [
+ "http://ti.arc.nasa.gov/opensource/nosa/",
+ "https://opensource.org/licenses/NASA-1.3"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Borceux.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Borceux.json",
+ "referenceNumber": 363,
+ "name": "Borceux license",
+ "licenseId": "Borceux",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Borceux"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-1.1.json",
+ "referenceNumber": 364,
+ "name": "Open LDAP Public License v1.1",
+ "licenseId": "OLDAP-1.1",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d806557a5ad59804ef3a44d5abfbe91d706b0791f"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OFL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OFL-1.0.json",
+ "referenceNumber": 365,
+ "name": "SIL Open Font License 1.0",
+ "licenseId": "OFL-1.0",
+ "seeAlso": [
+ "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CPAL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CPAL-1.0.json",
+ "referenceNumber": 366,
+ "name": "Common Public Attribution License 1.0",
+ "licenseId": "CPAL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/CPAL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/VOSTROM.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/VOSTROM.json",
+ "referenceNumber": 367,
+ "name": "VOSTROM Public License for Open Source",
+ "licenseId": "VOSTROM",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/VOSTROM"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Abstyles.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Abstyles.json",
+ "referenceNumber": 368,
+ "name": "Abstyles License",
+ "licenseId": "Abstyles",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Abstyles"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ISC.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ISC.json",
+ "referenceNumber": 369,
+ "name": "ISC License",
+ "licenseId": "ISC",
+ "seeAlso": [
+ "https://www.isc.org/licenses/",
+ "https://www.isc.org/downloads/software-support-policy/isc-license/",
+ "https://opensource.org/licenses/ISC"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Unicode-DFS-2016.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2016.json",
+ "referenceNumber": 370,
+ "name": "Unicode License Agreement - Data Files and Software (2016)",
+ "licenseId": "Unicode-DFS-2016",
+ "seeAlso": [
+ "http://www.unicode.org/copyright.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BlueOak-1.0.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BlueOak-1.0.0.json",
+ "referenceNumber": 371,
+ "name": "Blue Oak Model License 1.0.0",
+ "licenseId": "BlueOak-1.0.0",
+ "seeAlso": [
+ "https://blueoakcouncil.org/license/1.0.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.json",
+ "referenceNumber": 372,
+ "name": "Licence Libre du Québec – Réciprocité forte version 1.1",
+ "licenseId": "LiLiQ-Rplus-1.1",
+ "seeAlso": [
+ "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-forte-liliq-r-v1-1/",
+ "http://opensource.org/licenses/LiLiQ-Rplus-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-0.json",
+ "referenceNumber": 373,
+ "name": "MIT No Attribution",
+ "licenseId": "MIT-0",
+ "seeAlso": [
+ "https://github.com/aws/mit-0",
+ "https://romanrm.net/mit-zero",
+ "https://github.com/awsdocs/aws-cloud9-user-guide/blob/master/LICENSE-SAMPLECODE"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SMLNJ.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SMLNJ.json",
+ "referenceNumber": 374,
+ "name": "Standard ML of New Jersey License",
+ "licenseId": "SMLNJ",
+ "seeAlso": [
+ "https://www.smlnj.org/license.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-3.0+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-3.0+.json",
+ "referenceNumber": 375,
+ "name": "GNU Lesser General Public License v3.0 or later",
+ "licenseId": "LGPL-3.0+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+ "https://opensource.org/licenses/LGPL-3.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NOSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NOSL.json",
+ "referenceNumber": 376,
+ "name": "Netizen Open Source License",
+ "licenseId": "NOSL",
+ "seeAlso": [
+ "http://bits.netizen.com.au/licenses/NOSL/nosl.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/PSF-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PSF-2.0.json",
+ "referenceNumber": 377,
+ "name": "Python Software Foundation License 2.0",
+ "licenseId": "PSF-2.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/Python-2.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RPL-1.5.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RPL-1.5.json",
+ "referenceNumber": 378,
+ "name": "Reciprocal Public License 1.5",
+ "licenseId": "RPL-1.5",
+ "seeAlso": [
+ "https://opensource.org/licenses/RPL-1.5"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.json",
+ "referenceNumber": 379,
+ "name": "BSD 2-Clause FreeBSD License",
+ "licenseId": "BSD-2-Clause-FreeBSD",
+ "seeAlso": [
+ "http://www.freebsd.org/copyright/freebsd-license.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-Modern-Variant.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-Modern-Variant.json",
+ "referenceNumber": 380,
+ "name": "MIT License Modern Variant",
+ "licenseId": "MIT-Modern-Variant",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing:MIT#Modern_Variants",
+ "https://ptolemy.berkeley.edu/copyright.htm",
+ "https://pirlwww.lpl.arizona.edu/resources/guide/software/PerlTk/Tixlic.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Nokia.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Nokia.json",
+ "referenceNumber": 381,
+ "name": "Nokia Open Source License",
+ "licenseId": "Nokia",
+ "seeAlso": [
+ "https://opensource.org/licenses/nokia"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.json",
+ "referenceNumber": 382,
+ "name": "GNU Free Documentation License v1.1 only - no invariants",
+ "licenseId": "GFDL-1.1-no-invariants-only",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/PDDL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PDDL-1.0.json",
+ "referenceNumber": 383,
+ "name": "Open Data Commons Public Domain Dedication \u0026 License 1.0",
+ "licenseId": "PDDL-1.0",
+ "seeAlso": [
+ "http://opendatacommons.org/licenses/pddl/1.0/",
+ "https://opendatacommons.org/licenses/pddl/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDDL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDDL-1.1.json",
+ "referenceNumber": 384,
+ "name": "Common Development and Distribution License 1.1",
+ "licenseId": "CDDL-1.1",
+ "seeAlso": [
+ "http://glassfish.java.net/public/CDDL+GPL_1_1.html",
+ "https://javaee.github.io/glassfish/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Zimbra-1.3.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Zimbra-1.3.json",
+ "referenceNumber": 385,
+ "name": "Zimbra Public License v1.3",
+ "licenseId": "Zimbra-1.3",
+ "seeAlso": [
+ "http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/EUPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EUPL-1.0.json",
+ "referenceNumber": 386,
+ "name": "European Union Public License 1.0",
+ "licenseId": "EUPL-1.0",
+ "seeAlso": [
+ "http://ec.europa.eu/idabc/en/document/7330.html",
+ "http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id\u003d31096"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Fair.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Fair.json",
+ "referenceNumber": 387,
+ "name": "Fair License",
+ "licenseId": "Fair",
+ "seeAlso": [
+ "http://fairlicense.org/",
+ "https://opensource.org/licenses/Fair"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/JSON.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/JSON.json",
+ "referenceNumber": 388,
+ "name": "JSON License",
+ "licenseId": "JSON",
+ "seeAlso": [
+ "http://www.json.org/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-3.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-or-later.json",
+ "referenceNumber": 389,
+ "name": "GNU Lesser General Public License v3.0 or later",
+ "licenseId": "LGPL-3.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+ "https://opensource.org/licenses/LGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-3.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-3.0.json",
+ "referenceNumber": 390,
+ "name": "GNU General Public License v3.0 only",
+ "licenseId": "GPL-3.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+ "https://opensource.org/licenses/GPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OPL-1.0.json",
+ "referenceNumber": 391,
+ "name": "Open Public License v1.0",
+ "licenseId": "OPL-1.0",
+ "seeAlso": [
+ "http://old.koalateam.com/jackaroo/OPL_1_0.TXT",
+ "https://fedoraproject.org/wiki/Licensing/Open_Public_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-with-font-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-font-exception.json",
+ "referenceNumber": 392,
+ "name": "GNU General Public License v2.0 w/Font exception",
+ "licenseId": "GPL-2.0-with-font-exception",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/gpl-faq.html#FontException"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSL-2.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSL-2.1.json",
+ "referenceNumber": 393,
+ "name": "Open Software License 2.1",
+ "licenseId": "OSL-2.1",
+ "seeAlso": [
+ "http://web.archive.org/web/20050212003940/http://www.rosenlaw.com/osl21.htm",
+ "https://opensource.org/licenses/OSL-2.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LPPL-1.3a.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LPPL-1.3a.json",
+ "referenceNumber": 394,
+ "name": "LaTeX Project Public License v1.3a",
+ "licenseId": "LPPL-1.3a",
+ "seeAlso": [
+ "http://www.latex-project.org/lppl/lppl-1-3a.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NAIST-2003.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NAIST-2003.json",
+ "referenceNumber": 395,
+ "name": "Nara Institute of Science and Technology License (2003)",
+ "licenseId": "NAIST-2003",
+ "seeAlso": [
+ "https://enterprise.dejacode.com/licenses/public/naist-2003/#license-text",
+ "https://github.com/nodejs/node/blob/4a19cc8947b1bba2b2d27816ec3d0edf9b28e503/LICENSE#L343"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.json",
+ "referenceNumber": 396,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 4.0 International",
+ "licenseId": "CC-BY-NC-ND-4.0",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.json",
+ "referenceNumber": 397,
+ "name": "Creative Commons Attribution Non Commercial 3.0 Germany",
+ "licenseId": "CC-BY-NC-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.1+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.1+.json",
+ "referenceNumber": 398,
+ "name": "GNU Library General Public License v2.1 or later",
+ "licenseId": "LGPL-2.1+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+ "https://opensource.org/licenses/LGPL-2.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.6.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.6.json",
+ "referenceNumber": 399,
+ "name": "Open LDAP Public License v2.6",
+ "licenseId": "OLDAP-2.6",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d1cae062821881f41b73012ba816434897abf4205"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/HPND-sell-variant.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant.json",
+ "referenceNumber": 400,
+ "name": "Historical Permission Notice and Disclaimer - sell variant",
+ "licenseId": "HPND-sell-variant",
+ "seeAlso": [
+ "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h\u003dv4.19"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NCGL-UK-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NCGL-UK-2.0.json",
+ "referenceNumber": 401,
+ "name": "Non-Commercial Government Licence",
+ "licenseId": "NCGL-UK-2.0",
+ "seeAlso": [
+ "http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/QPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/QPL-1.0.json",
+ "referenceNumber": 402,
+ "name": "Q Public License 1.0",
+ "licenseId": "QPL-1.0",
+ "seeAlso": [
+ "http://doc.qt.nokia.com/3.3/license.html",
+ "https://opensource.org/licenses/QPL-1.0",
+ "https://doc.qt.io/archives/3.3/license.html"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.json",
+ "referenceNumber": 403,
+ "name": "GNU Free Documentation License v1.2 or later - no invariants",
+ "licenseId": "GFDL-1.2-no-invariants-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/EUPL-1.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EUPL-1.2.json",
+ "referenceNumber": 404,
+ "name": "European Union Public License 1.2",
+ "licenseId": "EUPL-1.2",
+ "seeAlso": [
+ "https://joinup.ec.europa.eu/page/eupl-text-11-12",
+ "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl_v1.2_en.pdf",
+ "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%20EN.txt",
+ "https://joinup.ec.europa.eu/sites/default/files/inline-files/EUPL%20v1_2%20EN(1).txt",
+ "http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri\u003dCELEX:32017D0863",
+ "https://opensource.org/licenses/EUPL-1.2"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Beerware.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Beerware.json",
+ "referenceNumber": 405,
+ "name": "Beerware License",
+ "licenseId": "Beerware",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Beerware",
+ "https://people.freebsd.org/~phk/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/eCos-2.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/eCos-2.0.json",
+ "referenceNumber": 406,
+ "name": "eCos license version 2.0",
+ "licenseId": "eCos-2.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/ecos-license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CAL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CAL-1.0.json",
+ "referenceNumber": 407,
+ "name": "Cryptographic Autonomy License 1.0",
+ "licenseId": "CAL-1.0",
+ "seeAlso": [
+ "http://cryptographicautonomylicense.com/license-text.html",
+ "https://opensource.org/licenses/CAL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.json",
+ "referenceNumber": 408,
+ "name": "GNU General Public License v2.0 w/Bison exception",
+ "licenseId": "GPL-2.0-with-bison-exception",
+ "seeAlso": [
+ "http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id\u003d193d7c7054ba7197b0789e14965b739162319b5e#n141"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.json",
+ "referenceNumber": 409,
+ "name": "BSD 3-Clause Open MPI variant",
+ "licenseId": "BSD-3-Clause-Open-MPI",
+ "seeAlso": [
+ "https://www.open-mpi.org/community/license.php",
+ "http://www.netlib.org/lapack/LICENSE.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.json",
+ "referenceNumber": 410,
+ "name": "GNU General Public License v2.0 w/Autoconf exception",
+ "licenseId": "GPL-2.0-with-autoconf-exception",
+ "seeAlso": [
+ "http://ac-archive.sourceforge.net/doc/copyright.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-B.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-B.json",
+ "referenceNumber": 411,
+ "name": "CeCILL-B Free Software License Agreement",
+ "licenseId": "CECILL-B",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/EPL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EPL-2.0.json",
+ "referenceNumber": 412,
+ "name": "Eclipse Public License 2.0",
+ "licenseId": "EPL-2.0",
+ "seeAlso": [
+ "https://www.eclipse.org/legal/epl-2.0",
+ "https://www.opensource.org/licenses/EPL-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-feh.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-feh.json",
+ "referenceNumber": 413,
+ "name": "feh License",
+ "licenseId": "MIT-feh",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/MIT#feh"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RPL-1.1.json",
+ "referenceNumber": 414,
+ "name": "Reciprocal Public License 1.1",
+ "licenseId": "RPL-1.1",
+ "seeAlso": [
+ "https://opensource.org/licenses/RPL-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Python-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Python-2.0.json",
+ "referenceNumber": 415,
+ "name": "Python License 2.0",
+ "licenseId": "Python-2.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/Python-2.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CDLA-Permissive-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-1.0.json",
+ "referenceNumber": 416,
+ "name": "Community Data License Agreement Permissive 1.0",
+ "licenseId": "CDLA-Permissive-1.0",
+ "seeAlso": [
+ "https://cdla.io/permissive-1-0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MPL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MPL-1.0.json",
+ "referenceNumber": 417,
+ "name": "Mozilla Public License 1.0",
+ "licenseId": "MPL-1.0",
+ "seeAlso": [
+ "http://www.mozilla.org/MPL/MPL-1.0.html",
+ "https://opensource.org/licenses/MPL-1.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/diffmark.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/diffmark.json",
+ "referenceNumber": 418,
+ "name": "diffmark license",
+ "licenseId": "diffmark",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/diffmark"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GPL-1.0+.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/GPL-1.0+.json",
+ "referenceNumber": 419,
+ "name": "GNU General Public License v1.0 or later",
+ "licenseId": "GPL-1.0+",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/GFDL-1.1-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-or-later.json",
+ "referenceNumber": 420,
+ "name": "GNU Free Documentation License v1.1 or later",
+ "licenseId": "GFDL-1.1-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSL-1.0.json",
+ "referenceNumber": 421,
+ "name": "Open Software License 1.0",
+ "licenseId": "OSL-1.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/OSL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Parity-6.0.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Parity-6.0.0.json",
+ "referenceNumber": 422,
+ "name": "The Parity Public License 6.0.0",
+ "licenseId": "Parity-6.0.0",
+ "seeAlso": [
+ "https://paritylicense.com/versions/6.0.0.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OpenSSL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OpenSSL.json",
+ "referenceNumber": 423,
+ "name": "OpenSSL License",
+ "licenseId": "OpenSSL",
+ "seeAlso": [
+ "http://www.openssl.org/source/license.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/YPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/YPL-1.1.json",
+ "referenceNumber": 424,
+ "name": "Yahoo! Public License v1.1",
+ "licenseId": "YPL-1.1",
+ "seeAlso": [
+ "http://www.zimbra.com/license/yahoo_public_license_1.1.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/SSH-short.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SSH-short.json",
+ "referenceNumber": 425,
+ "name": "SSH short notice",
+ "licenseId": "SSH-short",
+ "seeAlso": [
+ "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/pathnames.h",
+ "http://web.mit.edu/kolya/.f/root/athena.mit.edu/sipb.mit.edu/project/openssh/OldFiles/src/openssh-2.9.9p2/ssh-add.1",
+ "https://joinup.ec.europa.eu/svn/lesoll/trunk/italc/lib/src/dsa_key.cpp"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/IBM-pibs.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/IBM-pibs.json",
+ "referenceNumber": 426,
+ "name": "IBM PowerPC Initialization and Boot Software",
+ "licenseId": "IBM-pibs",
+ "seeAlso": [
+ "http://git.denx.de/?p\u003du-boot.git;a\u003dblob;f\u003darch/powerpc/cpu/ppc4xx/miiphy.c;h\u003d297155fdafa064b955e53e9832de93bfb0cfb85b;hb\u003d9fab4bf4cc077c21e43941866f3f2c196f28670d"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-1.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-1.0.json",
+ "referenceNumber": 427,
+ "name": "Affero General Public License v1.0",
+ "licenseId": "AGPL-1.0",
+ "seeAlso": [
+ "http://www.affero.org/oagpl.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Xnet.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Xnet.json",
+ "referenceNumber": 428,
+ "name": "X.Net License",
+ "licenseId": "Xnet",
+ "seeAlso": [
+ "https://opensource.org/licenses/Xnet"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-3.0.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-3.0.json",
+ "referenceNumber": 429,
+ "name": "GNU Affero General Public License v3.0",
+ "licenseId": "AGPL-3.0",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/agpl.txt",
+ "https://opensource.org/licenses/AGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/TU-Berlin-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/TU-Berlin-1.0.json",
+ "referenceNumber": 430,
+ "name": "Technische Universitaet Berlin License 1.0",
+ "licenseId": "TU-Berlin-1.0",
+ "seeAlso": [
+ "https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AFL-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AFL-3.0.json",
+ "referenceNumber": 431,
+ "name": "Academic Free License v3.0",
+ "licenseId": "AFL-3.0",
+ "seeAlso": [
+ "http://www.rosenlaw.com/AFL3.0.htm",
+ "https://opensource.org/licenses/afl-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/APSL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/APSL-2.0.json",
+ "referenceNumber": 432,
+ "name": "Apple Public Source License 2.0",
+ "licenseId": "APSL-2.0",
+ "seeAlso": [
+ "http://www.opensource.apple.com/license/apsl/"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGL-UK-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGL-UK-3.0.json",
+ "referenceNumber": 433,
+ "name": "Open Government Licence v3.0",
+ "licenseId": "OGL-UK-3.0",
+ "seeAlso": [
+ "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CECILL-C.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CECILL-C.json",
+ "referenceNumber": 434,
+ "name": "CeCILL-C Free Software License Agreement",
+ "licenseId": "CECILL-C",
+ "seeAlso": [
+ "http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-Clear.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Clear.json",
+ "referenceNumber": 435,
+ "name": "BSD 3-Clause Clear License",
+ "licenseId": "BSD-3-Clause-Clear",
+ "seeAlso": [
+ "http://labs.metacarta.com/license-explanation.html#license"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.json",
+ "referenceNumber": 436,
+ "name": "Creative Commons Attribution Share Alike 2.0 England and Wales",
+ "licenseId": "CC-BY-SA-2.0-UK",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Saxpath.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Saxpath.json",
+ "referenceNumber": 437,
+ "name": "Saxpath License",
+ "licenseId": "Saxpath",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Saxpath_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/NLPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NLPL.json",
+ "referenceNumber": 438,
+ "name": "No Limit Public License",
+ "licenseId": "NLPL",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/NLPL"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/SimPL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/SimPL-2.0.json",
+ "referenceNumber": 439,
+ "name": "Simple Public License 2.0",
+ "licenseId": "SimPL-2.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/SimPL-2.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/psfrag.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/psfrag.json",
+ "referenceNumber": 440,
+ "name": "psfrag License",
+ "licenseId": "psfrag",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/psfrag"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-Modification.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Modification.json",
+ "referenceNumber": 441,
+ "name": "BSD 3-Clause Modification",
+ "licenseId": "BSD-3-Clause-Modification",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Spencer-86.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Spencer-86.json",
+ "referenceNumber": 442,
+ "name": "Spencer License 86",
+ "licenseId": "Spencer-86",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/CERN-OHL-S-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CERN-OHL-S-2.0.json",
+ "referenceNumber": 443,
+ "name": "CERN Open Hardware Licence Version 2 - Strongly Reciprocal",
+ "licenseId": "CERN-OHL-S-2.0",
+ "seeAlso": [
+ "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/ErlPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ErlPL-1.1.json",
+ "referenceNumber": 444,
+ "name": "Erlang Public License v1.1",
+ "licenseId": "ErlPL-1.1",
+ "seeAlso": [
+ "http://www.erlang.org/EPLICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/MIT-CMU.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/MIT-CMU.json",
+ "referenceNumber": 445,
+ "name": "CMU License",
+ "licenseId": "MIT-CMU",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing:MIT?rd\u003dLicensing/MIT#CMU_Style",
+ "https://github.com/python-pillow/Pillow/blob/fffb426092c8db24a5f4b6df243a8a3c01fb63cd/LICENSE"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OCCT-PL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OCCT-PL.json",
+ "referenceNumber": 446,
+ "name": "Open CASCADE Technology Public License",
+ "licenseId": "OCCT-PL",
+ "seeAlso": [
+ "http://www.opencascade.com/content/occt-public-license"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OSL-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OSL-2.0.json",
+ "referenceNumber": 447,
+ "name": "Open Software License 2.0",
+ "licenseId": "OSL-2.0",
+ "seeAlso": [
+ "http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NIST-PD.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NIST-PD.json",
+ "referenceNumber": 448,
+ "name": "NIST Public Domain Notice",
+ "licenseId": "NIST-PD",
+ "seeAlso": [
+ "https://github.com/tcheneau/simpleRPL/blob/e645e69e38dd4e3ccfeceb2db8cba05b7c2e0cd3/LICENSE.txt",
+ "https://github.com/tcheneau/Routing/blob/f09f46fcfe636107f22f2c98348188a65a135d98/README.md"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Leptonica.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Leptonica.json",
+ "referenceNumber": 449,
+ "name": "Leptonica License",
+ "licenseId": "Leptonica",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Leptonica"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.json",
+ "referenceNumber": 450,
+ "name": "PolyForm Small Business License 1.0.0",
+ "licenseId": "PolyForm-Small-Business-1.0.0",
+ "seeAlso": [
+ "https://polyformproject.org/licenses/small-business/1.0.0"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/LiLiQ-P-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/LiLiQ-P-1.1.json",
+ "referenceNumber": 451,
+ "name": "Licence Libre du Québec – Permissive version 1.1",
+ "licenseId": "LiLiQ-P-1.1",
+ "seeAlso": [
+ "https://forge.gouv.qc.ca/licence/fr/liliq-v1-1/",
+ "http://opensource.org/licenses/LiLiQ-P-1.1"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NetCDF.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NetCDF.json",
+ "referenceNumber": 452,
+ "name": "NetCDF license",
+ "licenseId": "NetCDF",
+ "seeAlso": [
+ "http://www.unidata.ucar.edu/software/netcdf/copyright.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/OML.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OML.json",
+ "referenceNumber": 453,
+ "name": "Open Market License",
+ "licenseId": "OML",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/Open_Market_License"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/AGPL-3.0-or-later.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-or-later.json",
+ "referenceNumber": 454,
+ "name": "GNU Affero General Public License v3.0 or later",
+ "licenseId": "AGPL-3.0-or-later",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/agpl.txt",
+ "https://opensource.org/licenses/AGPL-3.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OLDAP-2.2.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.json",
+ "referenceNumber": 455,
+ "name": "Open LDAP Public License v2.2",
+ "licenseId": "OLDAP-2.2",
+ "seeAlso": [
+ "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d470b0c18ec67621c85881b2733057fecf4a1acc3"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause.json",
+ "referenceNumber": 456,
+ "name": "BSD 3-Clause \"New\" or \"Revised\" License",
+ "licenseId": "BSD-3-Clause",
+ "seeAlso": [
+ "https://opensource.org/licenses/BSD-3-Clause"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/WTFPL.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/WTFPL.json",
+ "referenceNumber": 457,
+ "name": "Do What The F*ck You Want To Public License",
+ "licenseId": "WTFPL",
+ "seeAlso": [
+ "http://www.wtfpl.net/about/",
+ "http://sam.zoy.org/wtfpl/COPYING"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/OGL-UK-2.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/OGL-UK-2.0.json",
+ "referenceNumber": 458,
+ "name": "Open Government Licence v2.0",
+ "licenseId": "OGL-UK-2.0",
+ "seeAlso": [
+ "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-3-Clause-Attribution.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Attribution.json",
+ "referenceNumber": 459,
+ "name": "BSD with attribution",
+ "licenseId": "BSD-3-Clause-Attribution",
+ "seeAlso": [
+ "https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/RPSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/RPSL-1.0.json",
+ "referenceNumber": 460,
+ "name": "RealNetworks Public Source License v1.0",
+ "licenseId": "RPSL-1.0",
+ "seeAlso": [
+ "https://helixcommunity.org/content/rpsl",
+ "https://opensource.org/licenses/RPSL-1.0"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.json",
+ "referenceNumber": 461,
+ "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany",
+ "licenseId": "CC-BY-NC-ND-3.0-DE",
+ "seeAlso": [
+ "https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/EUPL-1.1.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/EUPL-1.1.json",
+ "referenceNumber": 462,
+ "name": "European Union Public License 1.1",
+ "licenseId": "EUPL-1.1",
+ "seeAlso": [
+ "https://joinup.ec.europa.eu/software/page/eupl/licence-eupl",
+ "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl1.1.-licence-en_0.pdf",
+ "https://opensource.org/licenses/EUPL-1.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/Sendmail-8.23.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Sendmail-8.23.json",
+ "referenceNumber": 463,
+ "name": "Sendmail License 8.23",
+ "licenseId": "Sendmail-8.23",
+ "seeAlso": [
+ "https://www.proofpoint.com/sites/default/files/sendmail-license.pdf",
+ "https://web.archive.org/web/20181003101040/https://www.proofpoint.com/sites/default/files/sendmail-license.pdf"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/ODC-By-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/ODC-By-1.0.json",
+ "referenceNumber": 464,
+ "name": "Open Data Commons Attribution License v1.0",
+ "licenseId": "ODC-By-1.0",
+ "seeAlso": [
+ "https://opendatacommons.org/licenses/by/1.0/"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/D-FSL-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/D-FSL-1.0.json",
+ "referenceNumber": 465,
+ "name": "Deutsche Freie Software Lizenz",
+ "licenseId": "D-FSL-1.0",
+ "seeAlso": [
+ "http://www.dipp.nrw.de/d-fsl/lizenzen/",
+ "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/de/D-FSL-1_0_de.txt",
+ "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/en/D-FSL-1_0_en.txt",
+ "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl",
+ "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/deutsche-freie-software-lizenz",
+ "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/german-free-software-license",
+ "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_de.txt/at_download/file",
+ "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_en.txt/at_download/file"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-4-Clause.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause.json",
+ "referenceNumber": 466,
+ "name": "BSD 4-Clause \"Original\" or \"Old\" License",
+ "licenseId": "BSD-4-Clause",
+ "seeAlso": [
+ "http://directory.fsf.org/wiki/License:BSD_4Clause"
+ ],
+ "isOsiApproved": false,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/LGPL-2.1.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/LGPL-2.1.json",
+ "referenceNumber": 467,
+ "name": "GNU Lesser General Public License v2.1 only",
+ "licenseId": "LGPL-2.1",
+ "seeAlso": [
+ "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+ "https://opensource.org/licenses/LGPL-2.1"
+ ],
+ "isOsiApproved": true,
+ "isFsfLibre": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/BSD-2-Clause-Views.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Views.json",
+ "referenceNumber": 468,
+ "name": "BSD 2-Clause with views sentence",
+ "licenseId": "BSD-2-Clause-Views",
+ "seeAlso": [
+ "http://www.freebsd.org/copyright/freebsd-license.html",
+ "https://people.freebsd.org/~ivoras/wine/patch-wine-nvidia.sh",
+ "https://github.com/protegeproject/protege/blob/master/license.txt"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Artistic-1.0-Perl.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-Perl.json",
+ "referenceNumber": 469,
+ "name": "Artistic License 1.0 (Perl)",
+ "licenseId": "Artistic-1.0-Perl",
+ "seeAlso": [
+ "http://dev.perl.org/licenses/artistic.html"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/NPOSL-3.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/NPOSL-3.0.json",
+ "referenceNumber": 470,
+ "name": "Non-Profit Open Software License 3.0",
+ "licenseId": "NPOSL-3.0",
+ "seeAlso": [
+ "https://opensource.org/licenses/NOSL3.0"
+ ],
+ "isOsiApproved": true
+ },
+ {
+ "reference": "https://spdx.org/licenses/gSOAP-1.3b.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/gSOAP-1.3b.json",
+ "referenceNumber": 471,
+ "name": "gSOAP Public License v1.3b",
+ "licenseId": "gSOAP-1.3b",
+ "seeAlso": [
+ "http://www.cs.fsu.edu/~engelen/license.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/Interbase-1.0.html",
+ "isDeprecatedLicenseId": false,
+ "detailsUrl": "https://spdx.org/licenses/Interbase-1.0.json",
+ "referenceNumber": 472,
+ "name": "Interbase Public License v1.0",
+ "licenseId": "Interbase-1.0",
+ "seeAlso": [
+ "https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html"
+ ],
+ "isOsiApproved": false
+ },
+ {
+ "reference": "https://spdx.org/licenses/StandardML-NJ.html",
+ "isDeprecatedLicenseId": true,
+ "detailsUrl": "https://spdx.org/licenses/StandardML-NJ.json",
+ "referenceNumber": 473,
+ "name": "Standard ML of New Jersey License",
+ "licenseId": "StandardML-NJ",
+ "seeAlso": [
+ "http://www.smlnj.org//license.html"
+ ],
+ "isOsiApproved": false
+ }
+ ],
+ "releaseDate": "2021-08-19"
+}
\ No newline at end of file
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 11/31] classes/create-spdx: Fix up license reporting
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (9 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 10/31] Add SPDX licenses Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 12/31] classes/create-spdx: Speed up hash calculations Joshua Watt
` (19 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Licenses reported in the SPDX documents should be either:
A) A valid SPDX identifier cross referenced from the SPDX license
database
B) A "LicenseRef" to a license described in the SPDX document
The licensing code will now add a placeholder extracted license with
corresponding "LicenseRef" for any licenses that are not matched to the
SPDX database
Parenthesis in the license expression are now handled correctly
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 55 +++++++++++++++++++++++++++-----
meta/lib/oe/spdx.py | 8 +++++
2 files changed, 55 insertions(+), 8 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 72c1385feb..2e13b19b5b 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -23,6 +23,8 @@ SPDX_ARCHIVE_PACKAGED ??= "0"
SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
+
do_image_complete[depends] = "virtual/kernel:do_create_spdx"
def get_doc_namespace(d, doc):
@@ -36,21 +38,54 @@ def is_work_shared(d):
return bb.data.inherits_class('kernel', d) or pn.startswith('gcc-source')
-def convert_license_to_spdx(lic, d):
+python() {
+ import json
+ if d.getVar("SPDX_LICENSE_DATA"):
+ return
+
+ with open(d.getVar("SPDX_LICENSES"), "r") as f:
+ d.setVar("SPDX_LICENSE_DATA", json.load(f))
+}
+
+def convert_license_to_spdx(lic, document, d):
+ import oe.spdx
+
+ license_data = d.getVar("SPDX_LICENSE_DATA")
def convert(l):
+ if l == "(" or l == ")":
+ return l
+
if l == "&":
return "AND"
if l == "|":
return "OR"
- spdx = d.getVarFlag('SPDXLICENSEMAP', l)
- if spdx is not None:
- return spdx
+ spdx_license = d.getVarFlag("SPDXLICENSEMAP", l) or l
+ for lic_data in license_data["licenses"]:
+ if lic_data["licenseId"] == spdx_license:
+ return spdx_license
+
+ spdx_license = "LicenseRef-" + l
+ for spdx_lic in document.hasExtractedLicensingInfos:
+ if spdx_lic.licenseId == spdx_license:
+ return spdx_license
+
+ bb.warn("No SPDX License found for %s. Creating a place holder" % l)
+
+ spdx_lic = oe.spdx.SPDXExtractedLicensingInfo()
+ spdx_lic.name = l
+ spdx_lic.licenseId = spdx_license
+ # TODO: Extract the actual license text from the common license files
+ spdx_lic.extractedText = "This software is licensed under the %s license" % l
+
+ document.hasExtractedLicensingInfos.append(spdx_lic)
+
+ return spdx_license
- return l
+ lic_split = lic.replace("(", " ( ").replace(")", " ) ").split()
- return ' '.join(convert(l) for l in lic.split())
+ return ' '.join(convert(l) for l in lic_split)
def process_sources(d):
@@ -334,6 +369,7 @@ python do_create_spdx() {
doc.documentNamespace = get_doc_namespace(d, doc)
doc.creationInfo.created = creation_time
doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
+ doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
doc.creationInfo.creators.append("Person: N/A ()")
@@ -353,7 +389,7 @@ python do_create_spdx() {
license = d.getVar("LICENSE")
if license:
- recipe.licenseDeclared = convert_license_to_spdx(license, d)
+ recipe.licenseDeclared = convert_license_to_spdx(license, doc, d)
summary = d.getVar("SUMMARY")
if summary:
@@ -422,6 +458,7 @@ python do_create_spdx() {
package_doc.documentNamespace = get_doc_namespace(d, package_doc)
package_doc.creationInfo.created = creation_time
package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
+ package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
package_doc.creationInfo.creators.append("Person: N/A ()")
@@ -441,7 +478,7 @@ python do_create_spdx() {
spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
spdx_package.name = pkg_name
spdx_package.versionInfo = d.getVar("PV")
- spdx_package.licenseDeclared = convert_license_to_spdx(package_license, d)
+ spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d)
package_doc.packages.append(spdx_package)
@@ -561,6 +598,7 @@ python do_create_runtime_spdx() {
runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
runtime_doc.creationInfo.created = creation_time
runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
+ runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
runtime_doc.creationInfo.creators.append("Person: N/A ()")
@@ -720,6 +758,7 @@ python image_combine_spdx() {
doc.documentNamespace = get_doc_namespace(d, doc)
doc.creationInfo.created = creation_time
doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
+ doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
doc.creationInfo.creators.append("Person: N/A ()")
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
index 3f569c6862..9814fbfd66 100644
--- a/meta/lib/oe/spdx.py
+++ b/meta/lib/oe/spdx.py
@@ -189,6 +189,13 @@ class SPDXExternalDocumentRef(SPDXObject):
checksum = _Object(SPDXChecksum)
+class SPDXExtractedLicensingInfo(SPDXObject):
+ name = _String()
+ comment = _String()
+ licenseId = _String()
+ extractedText = _String()
+
+
class SPDXDocument(SPDXObject):
spdxVersion = _String(default="SPDX-" + SPDX_VERSION)
dataLicense = _String(default="CC0-1.0")
@@ -200,6 +207,7 @@ class SPDXDocument(SPDXObject):
files = _ObjectList(SPDXFile)
relationships = _ObjectList(SPDXRelationship)
externalDocumentRefs = _ObjectList(SPDXExternalDocumentRef)
+ hasExtractedLicensingInfos = _ObjectList(SPDXExtractedLicensingInfo)
def __init__(self, **d):
super().__init__(**d)
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 12/31] classes/create-spdx: Speed up hash calculations
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (10 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 11/31] classes/create-spdx: Fix up license reporting Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 13/31] classes/create-spdx: Fix file:// in downloadLocation Joshua Watt
` (18 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Use the bb.utils.sha* utilities to hash files since they are much faster
than the loops we were rolling ourselves
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 49 +++++++++++---------------------
1 file changed, 16 insertions(+), 33 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 2e13b19b5b..2638b3dc97 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -122,6 +122,8 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
import hashlib
source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
+ if source_date_epoch:
+ source_date_epoch = int(source_date_epoch)
sha1s = []
spdx_files = []
@@ -143,22 +145,8 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
spdx_file.fileTypes.append(t)
spdx_file.fileName = filename
- hashes = {
- "SHA1": hashlib.sha1(),
- "SHA256": hashlib.sha256(),
- }
-
- with filepath.open("rb") as f:
- while True:
- chunk = f.read(4096)
- if not chunk:
- break
-
- for h in hashes.values():
- h.update(chunk)
-
- if archive is not None:
- f.seek(0)
+ if archive is not None:
+ with filepath.open("rb") as f:
info = archive.gettarinfo(fileobj=f)
info.name = filename
info.uid = 0
@@ -166,18 +154,21 @@ def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archiv
info.uname = "root"
info.gname = "root"
- if source_date_epoch is not None and info.mtime > int(source_date_epoch):
- info.mtime = int(source_date_epoch)
+ if source_date_epoch is not None and info.mtime > source_date_epoch:
+ info.mtime = source_date_epoch
archive.addfile(info, f)
- for k, v in hashes.items():
- spdx_file.checksums.append(oe.spdx.SPDXChecksum(
- algorithm=k,
- checksumValue=v.hexdigest(),
+ sha1 = bb.utils.sha1_file(filepath)
+ sha1s.append(sha1)
+ spdx_file.checksums.append(oe.spdx.SPDXChecksum(
+ algorithm="SHA1",
+ checksumValue=sha1,
+ ))
+ spdx_file.checksums.append(oe.spdx.SPDXChecksum(
+ algorithm="SHA256",
+ checksumValue=bb.utils.sha256_file(filepath),
))
-
- sha1s.append(hashes["SHA1"].hexdigest())
doc.files.append(spdx_file)
doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
@@ -231,15 +222,7 @@ def add_package_sources_from_debug(d, package_doc, spdx_package, package, packag
if not debugsrc_path.exists():
continue
- with debugsrc_path.open("rb") as f:
- sha = hashlib.sha256()
- while True:
- chunk = f.read(4096)
- if not chunk:
- break
- sha.update(chunk)
-
- file_sha256 = sha.hexdigest()
+ file_sha256 = bb.utils.sha256_file(debugsrc_path)
if file_sha256 in sources:
source_file = sources[file_sha256]
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 13/31] classes/create-spdx: Fix file:// in downloadLocation
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (11 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 12/31] classes/create-spdx: Speed up hash calculations Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 14/31] classes/create-spdx: Add special exception for Public Domain license Joshua Watt
` (17 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
file:// URIs should not be included as the downloadLocation. Instead,
loop until a non-file:// URI is found, or set the location to
NOASSERTION if none is found
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 2638b3dc97..aa640977f9 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -362,9 +362,12 @@ python do_create_spdx() {
recipe.versionInfo = d.getVar("PV")
recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
- src_uri = d.getVar('SRC_URI')
- if src_uri:
- recipe.downloadLocation = src_uri.split()[0]
+ for s in d.getVar('SRC_URI').split():
+ if not s.startswith("file://"):
+ recipe.downloadLocation = s
+ break
+ else:
+ recipe.downloadLocation = "NOASSERTION"
homepage = d.getVar("HOMEPAGE")
if homepage:
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 14/31] classes/create-spdx: Add special exception for Public Domain license
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (12 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 13/31] classes/create-spdx: Fix file:// in downloadLocation Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 15/31] classes/create-spdx: Collect all task dependencies Joshua Watt
` (16 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
The Public Domain license (PD) needs a special exception in the license
processing since there is no common license text to be extracted for
these licenses.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 33 ++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index aa640977f9..f72b7b762e 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -51,6 +51,23 @@ def convert_license_to_spdx(lic, document, d):
import oe.spdx
license_data = d.getVar("SPDX_LICENSE_DATA")
+
+ def add_extracted_license(ident, name, text):
+ nonlocal document
+
+ for lic_data in license_data["licenses"]:
+ if lic_data["licenseId"] == ident:
+ return False
+
+ spdx_lic = oe.spdx.SPDXExtractedLicensingInfo()
+ spdx_lic.name = name
+ spdx_lic.licenseId = ident
+ spdx_lic.extractedText = text
+
+ document.hasExtractedLicensingInfos.append(spdx_lic)
+
+ return True
+
def convert(l):
if l == "(" or l == ")":
return l
@@ -67,19 +84,11 @@ def convert_license_to_spdx(lic, document, d):
return spdx_license
spdx_license = "LicenseRef-" + l
- for spdx_lic in document.hasExtractedLicensingInfos:
- if spdx_lic.licenseId == spdx_license:
- return spdx_license
-
- bb.warn("No SPDX License found for %s. Creating a place holder" % l)
- spdx_lic = oe.spdx.SPDXExtractedLicensingInfo()
- spdx_lic.name = l
- spdx_lic.licenseId = spdx_license
- # TODO: Extract the actual license text from the common license files
- spdx_lic.extractedText = "This software is licensed under the %s license" % l
-
- document.hasExtractedLicensingInfos.append(spdx_lic)
+ if l == "PD":
+ add_extracted_license(spdx_license, l, "Software released to the public domain")
+ elif add_extracted_license(spdx_license, l, "This software is licensed under the %s license" % l):
+ bb.warn("No SPDX License found for %s. Creating a place holder" % l)
return spdx_license
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 15/31] classes/create-spdx: Collect all task dependencies
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (13 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 14/31] classes/create-spdx: Add special exception for Public Domain license Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 16/31] classes/create-spdx: Skip package processing for native recipes Joshua Watt
` (15 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Stop filtering the runtime dependencies based on do_create_sdpx (makes
it only pick up things in DEPENDS) and instead include all task
dependencies that are not the current PN. This allows other dependency
methods to be picked up correctly, for example the dependency on the
kernel used by kernel modules.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index f72b7b762e..db1d1756c9 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -528,8 +528,7 @@ def collect_package_providers(d):
taskdepdata = d.getVar("BB_TASKDEPDATA", False)
deps = sorted(set(
- dep[0] for dep in taskdepdata.values() if
- dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
+ dep[0] for dep in taskdepdata.values() if dep[0] != d.getVar("PN")
))
deps.append(d.getVar("PN"))
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 16/31] classes/create-spdx: Skip package processing for native recipes
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (14 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 15/31] classes/create-spdx: Collect all task dependencies Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 17/31] classes/create-spdx: Comment out placeholder license warning Joshua Watt
` (14 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Native recipes do not produce packages and should not process them,
otherwise it can trigger an error in read_subpackage_metadata
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 263 ++++++++++++++++---------------
1 file changed, 134 insertions(+), 129 deletions(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index db1d1756c9..6af4181087 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -344,7 +344,6 @@ python do_create_spdx() {
else:
yield None
- bb.build.exec_func("read_subpackage_metadata", d)
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_workdir = Path(d.getVar("SPDXWORK"))
@@ -352,6 +351,7 @@ python do_create_spdx() {
include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
+ is_native = bb.data.inherits_class("native", d)
creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
@@ -442,62 +442,65 @@ python do_create_spdx() {
sources = collect_dep_sources(d, dep_recipes)
- pkgdest = Path(d.getVar("PKGDEST"))
- for package in d.getVar("PACKAGES").split():
- if not oe.packagedata.packaged(package, d):
- continue
-
- package_doc = oe.spdx.SPDXDocument()
- pkg_name = d.getVar("PKG:%s" % package) or package
- package_doc.name = pkg_name
- package_doc.documentNamespace = get_doc_namespace(d, package_doc)
- package_doc.creationInfo.created = creation_time
- package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
- package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
- package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
- package_doc.creationInfo.creators.append("Person: N/A ()")
-
- recipe_ref = oe.spdx.SPDXExternalDocumentRef()
- recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
- recipe_ref.spdxDocument = doc.documentNamespace
- recipe_ref.checksum.algorithm = "SHA1"
- recipe_ref.checksum.checksumValue = doc_sha1
-
- package_doc.externalDocumentRefs.append(recipe_ref)
-
- package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+ if not is_native:
+ bb.build.exec_func("read_subpackage_metadata", d)
- spdx_package = oe.spdx.SPDXPackage()
-
- spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
- spdx_package.name = pkg_name
- spdx_package.versionInfo = d.getVar("PV")
- spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d)
-
- package_doc.packages.append(spdx_package)
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ if not oe.packagedata.packaged(package, d):
+ continue
- package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
- package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+ package_doc = oe.spdx.SPDXDocument()
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ package_doc.name = pkg_name
+ package_doc.documentNamespace = get_doc_namespace(d, package_doc)
+ package_doc.creationInfo.created = creation_time
+ package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
+ package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+ package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ package_doc.creationInfo.creators.append("Person: N/A ()")
+
+ recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+ recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
+ recipe_ref.spdxDocument = doc.documentNamespace
+ recipe_ref.checksum.algorithm = "SHA1"
+ recipe_ref.checksum.checksumValue = doc_sha1
+
+ package_doc.externalDocumentRefs.append(recipe_ref)
+
+ package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+
+ spdx_package = oe.spdx.SPDXPackage()
+
+ spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
+ spdx_package.name = pkg_name
+ spdx_package.versionInfo = d.getVar("PV")
+ spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d)
+
+ package_doc.packages.append(spdx_package)
+
+ package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
+ package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+
+ package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
+ with optional_tarfile(package_archive, archive_packaged) as archive:
+ package_files = add_package_files(
+ d,
+ package_doc,
+ spdx_package,
+ pkgdest / package,
+ lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
+ lambda filepath: ["BINARY"],
+ archive=archive,
+ )
- package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
- with optional_tarfile(package_archive, archive_packaged) as archive:
- package_files = add_package_files(
- d,
- package_doc,
- spdx_package,
- pkgdest / package,
- lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
- lambda filepath: ["BINARY"],
- archive=archive,
- )
-
- if archive is not None:
- spdx_package.packageFileName = str(package_archive.name)
+ if archive is not None:
+ spdx_package.packageFileName = str(package_archive.name)
- add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
+ add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
- oe.sbom.write_doc(d, package_doc, "packages")
+ oe.sbom.write_doc(d, package_doc, "packages")
}
# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
addtask do_create_spdx after do_package do_packagedata do_unpack before do_build do_rm_work
@@ -557,106 +560,108 @@ python do_create_runtime_spdx() {
deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
+ is_native = bb.data.inherits_class("native", d)
creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
providers = collect_package_providers(d)
- bb.build.exec_func("read_subpackage_metadata", d)
+ if not is_native:
+ bb.build.exec_func("read_subpackage_metadata", d)
- dep_package_cache = {}
+ dep_package_cache = {}
- pkgdest = Path(d.getVar("PKGDEST"))
- for package in d.getVar("PACKAGES").split():
- localdata = bb.data.createCopy(d)
- pkg_name = d.getVar("PKG:%s" % package) or package
- localdata.setVar("PKG", pkg_name)
- localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
+ pkgdest = Path(d.getVar("PKGDEST"))
+ for package in d.getVar("PACKAGES").split():
+ localdata = bb.data.createCopy(d)
+ pkg_name = d.getVar("PKG:%s" % package) or package
+ localdata.setVar("PKG", pkg_name)
+ localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
- if not oe.packagedata.packaged(package, localdata):
- continue
+ if not oe.packagedata.packaged(package, localdata):
+ continue
- pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
+ pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
- package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+ package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
- for p in package_doc.packages:
- if p.name == pkg_name:
- spdx_package = p
- break
- else:
- bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
-
- runtime_doc = oe.spdx.SPDXDocument()
- runtime_doc.name = "runtime-" + pkg_name
- runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
- runtime_doc.creationInfo.created = creation_time
- runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
- runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
- runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
- runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
- runtime_doc.creationInfo.creators.append("Person: N/A ()")
-
- package_ref = oe.spdx.SPDXExternalDocumentRef()
- package_ref.externalDocumentId = "DocumentRef-package-" + package
- package_ref.spdxDocument = package_doc.documentNamespace
- package_ref.checksum.algorithm = "SHA1"
- package_ref.checksum.checksumValue = package_doc_sha1
-
- runtime_doc.externalDocumentRefs.append(package_ref)
-
- runtime_doc.add_relationship(
- runtime_doc.SPDXID,
- "AMENDS",
- "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
- )
-
- deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
- seen_deps = set()
- for dep, _ in deps.items():
- if dep in seen_deps:
- continue
+ for p in package_doc.packages:
+ if p.name == pkg_name:
+ spdx_package = p
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
+
+ runtime_doc = oe.spdx.SPDXDocument()
+ runtime_doc.name = "runtime-" + pkg_name
+ runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
+ runtime_doc.creationInfo.created = creation_time
+ runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
+ runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+ runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+ runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
+ runtime_doc.creationInfo.creators.append("Person: N/A ()")
+
+ package_ref = oe.spdx.SPDXExternalDocumentRef()
+ package_ref.externalDocumentId = "DocumentRef-package-" + package
+ package_ref.spdxDocument = package_doc.documentNamespace
+ package_ref.checksum.algorithm = "SHA1"
+ package_ref.checksum.checksumValue = package_doc_sha1
+
+ runtime_doc.externalDocumentRefs.append(package_ref)
- dep = providers[dep]
+ runtime_doc.add_relationship(
+ runtime_doc.SPDXID,
+ "AMENDS",
+ "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
+ )
- if not oe.packagedata.packaged(dep, localdata):
- continue
+ deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
+ seen_deps = set()
+ for dep, _ in deps.items():
+ if dep in seen_deps:
+ continue
- dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
- dep_pkg = dep_pkg_data["PKG"]
+ dep = providers[dep]
- if dep in dep_package_cache:
- (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
- else:
- dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
+ if not oe.packagedata.packaged(dep, localdata):
+ continue
- spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
+ dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
+ dep_pkg = dep_pkg_data["PKG"]
- for pkg in spdx_dep_doc.packages:
- if pkg.name == dep_pkg:
- dep_spdx_package = pkg
- break
+ if dep in dep_package_cache:
+ (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
else:
- bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
+ dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
- dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
- dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
- dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
- dep_package_ref.checksum.algorithm = "SHA1"
- dep_package_ref.checksum.checksumValue = spdx_dep_sha1
+ spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
- dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+ for pkg in spdx_dep_doc.packages:
+ if pkg.name == dep_pkg:
+ dep_spdx_package = pkg
+ break
+ else:
+ bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
- runtime_doc.externalDocumentRefs.append(dep_package_ref)
+ dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
+ dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
+ dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
+ dep_package_ref.checksum.algorithm = "SHA1"
+ dep_package_ref.checksum.checksumValue = spdx_dep_sha1
- runtime_doc.add_relationship(
- "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
- "RUNTIME_DEPENDENCY_OF",
- "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
- )
- seen_deps.add(dep)
+ dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+
+ runtime_doc.externalDocumentRefs.append(dep_package_ref)
+
+ runtime_doc.add_relationship(
+ "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
+ "RUNTIME_DEPENDENCY_OF",
+ "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
+ )
+ seen_deps.add(dep)
- oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
+ oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy)
}
addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 17/31] classes/create-spdx: Comment out placeholder license warning
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (15 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 16/31] classes/create-spdx: Skip package processing for native recipes Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 18/31] conf/licenses: Add FreeType SPDX mapping Joshua Watt
` (13 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
We don't want this warning causing problems on the AB, so leave it
comment out for now
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/classes/create-spdx.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index 6af4181087..a590ab596a 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -88,7 +88,8 @@ def convert_license_to_spdx(lic, document, d):
if l == "PD":
add_extracted_license(spdx_license, l, "Software released to the public domain")
elif add_extracted_license(spdx_license, l, "This software is licensed under the %s license" % l):
- bb.warn("No SPDX License found for %s. Creating a place holder" % l)
+ pass
+ #bb.warn("No SPDX License found for %s. Creating a place holder" % l)
return spdx_license
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 18/31] conf/licenses: Add FreeType SPDX mapping
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (16 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 17/31] classes/create-spdx: Comment out placeholder license warning Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier Joshua Watt
` (12 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
The FreeType license maps to the FTL SPDX identifier
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/conf/licenses.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/licenses.conf b/meta/conf/licenses.conf
index 1fe5fc6ec1..e2bd58f84a 100644
--- a/meta/conf/licenses.conf
+++ b/meta/conf/licenses.conf
@@ -103,6 +103,7 @@ SPDXLICENSEMAP[CDDL-1] = "CDDL-1.0"
#Other variations
SPDXLICENSEMAP[EPLv1.0] = "EPL-1.0"
+SPDXLICENSEMAP[FreeType] = "FTL"
#Silicon Graphics variations
SPDXLICENSEMAP[SGIv1] = "SGI-1"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (17 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 18/31] conf/licenses: Add FreeType SPDX mapping Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 23:00 ` Denys Dmytriyenko
2021-09-01 13:44 ` [OE-core][PATCH 20/31] glib-2.0: Use specific BSD license variant Joshua Watt
` (11 subsequent siblings)
30 siblings, 1 reply; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
The code in question is licensed under the BSD-3-Clause license, so
including the generic "BSD" license is unnecessary.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-extended/timezone/timezone.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
index a89560b424..c7d4965cb8 100644
--- a/meta/recipes-extended/timezone/timezone.inc
+++ b/meta/recipes-extended/timezone/timezone.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "The Time Zone Database contains code and data that represent \
the history of local time for many representative locations around the globe."
HOMEPAGE = "http://www.iana.org/time-zones"
SECTION = "base"
-LICENSE = "PD & BSD & BSD-3-Clause"
+LICENSE = "PD & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
PV = "2021a"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 20/31] glib-2.0: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (18 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier Joshua Watt
@ 2021-09-01 13:44 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 21/31] e2fsprogs: " Joshua Watt
` (10 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:44 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-core/glib-2.0/glib.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc
index 7528337456..a34776b083 100644
--- a/meta/recipes-core/glib-2.0/glib.inc
+++ b/meta/recipes-core/glib-2.0/glib.inc
@@ -4,7 +4,7 @@ HOMEPAGE = "https://developer.gnome.org/glib/"
# pcre is under BSD;
# docs/reference/COPYING is with a 'public domain'-like license!
-LICENSE = "LGPLv2.1+ & BSD & PD"
+LICENSE = "LGPLv2.1+ & BSD-3-Clause & PD"
LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \
file://glib/glib.h;beginline=4;endline=17;md5=b88abb7f3ad09607e71cb9d530155906 \
file://gmodule/COPYING;md5=4fbd65380cdd255951079008b364516c \
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 21/31] e2fsprogs: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (19 preceding siblings ...)
2021-09-01 13:44 ` [OE-core][PATCH 20/31] glib-2.0: Use specific BSD license variant Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 22/31] shadow: " Joshua Watt
` (9 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
index c80b93c802..bcffa77db9 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "The Ext2 Filesystem Utilities (e2fsprogs) contain all of the stan
fixing, configuring , and debugging ext2 filesystems."
HOMEPAGE = "http://e2fsprogs.sourceforge.net/"
-LICENSE = "GPLv2 & LGPLv2 & BSD & MIT"
+LICENSE = "GPLv2 & LGPLv2 & BSD-3-Clause & MIT"
LICENSE:e2fsprogs-dumpe2fs = "GPLv2"
LICENSE:e2fsprogs-e2fsck = "GPLv2"
LICENSE:e2fsprogs-mke2fs = "GPLv2"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 22/31] shadow: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (20 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 21/31] e2fsprogs: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 23/31] sudo: " Joshua Watt
` (8 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-extended/shadow/shadow.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index c35cc8396d..c91f2739cf 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow"
DESCRIPTION = "${SUMMARY}"
BUGTRACKER = "http://github.com/shadow-maint/shadow/issues"
SECTION = "base/utils"
-LICENSE = "BSD | Artistic-1.0"
+LICENSE = "BSD-3-Clause | Artistic-1.0"
LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 23/31] sudo: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (21 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 22/31] shadow: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 24/31] libcap: " Joshua Watt
` (7 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-extended/sudo/sudo.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/sudo/sudo.inc b/meta/recipes-extended/sudo/sudo.inc
index f109672b7e..6a18609adc 100644
--- a/meta/recipes-extended/sudo/sudo.inc
+++ b/meta/recipes-extended/sudo/sudo.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "Sudo (superuser do) allows a system administrator to give certain
HOMEPAGE = "http://www.sudo.ws"
BUGTRACKER = "http://www.sudo.ws/bugs/"
SECTION = "admin"
-LICENSE = "ISC & BSD & Zlib"
+LICENSE = "ISC & BSD-3-Clause & BSD-2-Clause & Zlib"
LIC_FILES_CHKSUM = "file://doc/LICENSE;md5=fdff64d4fd19126330aa81b94d167173 \
file://plugins/sudoers/redblack.c;beginline=1;endline=46;md5=03e35317699ba00b496251e0dfe9f109 \
file://lib/util/reallocarray.c;beginline=3;endline=15;md5=397dd45c7683e90b9f8bf24638cf03bf \
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 24/31] libcap: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (22 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 23/31] sudo: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 25/31] libpam: " Joshua Watt
` (6 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-support/libcap/libcap_2.51.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/libcap/libcap_2.51.bb b/meta/recipes-support/libcap/libcap_2.51.bb
index 3e653e371e..c9c30fb05f 100644
--- a/meta/recipes-support/libcap/libcap_2.51.bb
+++ b/meta/recipes-support/libcap/libcap_2.51.bb
@@ -4,7 +4,7 @@ These allow giving various kinds of specific privileges to individual \
users, without giving them full root permissions."
HOMEPAGE = "http://sites.google.com/site/fullycapable/"
# no specific GPL version required
-LICENSE = "BSD | GPLv2"
+LICENSE = "BSD-3-Clause | GPLv2"
LIC_FILES_CHKSUM = "file://License;md5=e2370ba375efe9e1a095c26d37e483b8"
DEPENDS = "hostperl-runtime-native gperf-native"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 25/31] libpam: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (23 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 24/31] libcap: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 26/31] libxfont2: " Joshua Watt
` (5 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-extended/pam/libpam_1.5.1.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/pam/libpam_1.5.1.bb b/meta/recipes-extended/pam/libpam_1.5.1.bb
index a349d8ac96..efcd27137f 100644
--- a/meta/recipes-extended/pam/libpam_1.5.1.bb
+++ b/meta/recipes-extended/pam/libpam_1.5.1.bb
@@ -7,7 +7,7 @@ SECTION = "base"
# PAM is dual licensed under GPL and BSD.
# /etc/pam.d comes from Debian libpam-runtime in 2009-11 (at that time
# libpam-runtime-1.0.1 is GPLv2+), by openembedded
-LICENSE = "GPLv2+ | BSD"
+LICENSE = "GPLv2+ | BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=7eb5c1bf854e8881005d673599ee74d3 \
file://libpamc/License;md5=a4da476a14c093fdc73be3c3c9ba8fb3 \
"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 26/31] libxfont2: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (24 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 25/31] libpam: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 27/31] libjitterentropy: " Joshua Watt
` (4 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-graphics/xorg-lib/libxfont2_2.0.5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.5.bb b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.5.bb
index 24e0b054d7..9ad19dc826 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.5.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.5.bb
@@ -6,7 +6,7 @@ such as freetype)."
require xorg-lib-common.inc
-LICENSE = "MIT & MIT-style & BSD"
+LICENSE = "MIT & MIT-style & BSD-4-Clause & BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=a46c8040f2f737bcd0c435feb2ab1c2c"
DEPENDS += "freetype xtrans xorgproto libfontenc zlib"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 27/31] libjitterentropy: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (25 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 26/31] libxfont2: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 28/31] libx11: " Joshua Watt
` (3 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
index f703c089a0..d9fbb5e9d6 100644
--- a/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
+++ b/meta/recipes-support/libjitterentropy/libjitterentropy_3.1.0.bb
@@ -4,7 +4,7 @@ It does not depend on any system resource other than a high-resolution time \
stamp. It is a small-scale, yet fast entropy source that is viable in almost \
all environments and on a lot of CPU architectures."
HOMEPAGE = "http://www.chronox.de/jent.html"
-LICENSE = "GPLv2+ | BSD"
+LICENSE = "GPLv2+ | BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=1c94a9d191202a5552f381a023551396 \
file://LICENSE.gplv2;md5=eb723b61539feef013de476e68b5c50a \
file://LICENSE.bsd;md5=66a5cedaf62c4b2637025f049f9b826f \
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 28/31] libx11: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (26 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 27/31] libjitterentropy: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 29/31] font-util: " Joshua Watt
` (2 subsequent siblings)
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb b/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
index c84f33e92c..7ee2a9c16a 100644
--- a/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libx11_1.7.2.bb
@@ -20,7 +20,7 @@ SRC_URI[sha256sum] = "1cfa35e37aaabbe4792e9bb690468efefbfbf6b147d9c69d6f90d13c30
PROVIDES = "virtual/libx11"
XORG_PN = "libX11"
-LICENSE = "MIT & MIT-style & BSD"
+LICENSE = "MIT & MIT-style & BSD-4-Clause & BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=172255dee66bb0151435b2d5d709fcf7"
DEPENDS += "xorgproto xtrans libxcb"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 29/31] font-util: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (27 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 28/31] libx11: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 30/31] flac: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 31/31] swig: " Joshua Watt
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-graphics/xorg-font/font-util_1.3.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb b/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb
index 8f2d10e25b..f940c5f534 100644
--- a/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb
+++ b/meta/recipes-graphics/xorg-font/font-util_1.3.2.bb
@@ -3,7 +3,7 @@ SUMMARY = "X.Org font package creation/installation utilities"
require xorg-font-common.inc
#Unicode is MIT
-LICENSE = "BSD & MIT"
+LICENSE = "MIT & MIT-style & BSD-4-Clause & BSD-2-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=5df208ec65eb84ce5bb8d82d8f3b9675 \
file://ucs2any.c;endline=28;md5=8357dc567fc628bd12696f15b2a33bcb \
file://bdftruncate.c;endline=26;md5=4f82ffc101a1b165eae9c6998abff937 \
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 30/31] flac: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (28 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 29/31] font-util: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 31/31] swig: " Joshua Watt
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-multimedia/flac/flac_1.3.3.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/flac/flac_1.3.3.bb b/meta/recipes-multimedia/flac/flac_1.3.3.bb
index 57e6bcb244..c796cacd2c 100644
--- a/meta/recipes-multimedia/flac/flac_1.3.3.bb
+++ b/meta/recipes-multimedia/flac/flac_1.3.3.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "FLAC stands for Free Lossless Audio Codec, a lossless audio compr
HOMEPAGE = "https://xiph.org/flac/"
BUGTRACKER = "http://sourceforge.net/p/flac/bugs/"
SECTION = "libs"
-LICENSE = "GFDL-1.2 & GPLv2+ & LGPLv2.1+ & BSD"
+LICENSE = "GFDL-1.2 & GPLv2+ & LGPLv2.1+ & BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING.FDL;md5=ad1419ecc56e060eccf8184a87c4285f \
file://src/Makefile.am;beginline=1;endline=17;md5=09501c864f89dfc7ead65553129817ca \
file://COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [OE-core][PATCH 31/31] swig: Use specific BSD license variant
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
` (29 preceding siblings ...)
2021-09-01 13:45 ` [OE-core][PATCH 30/31] flac: " Joshua Watt
@ 2021-09-01 13:45 ` Joshua Watt
30 siblings, 0 replies; 34+ messages in thread
From: Joshua Watt @ 2021-09-01 13:45 UTC (permalink / raw)
To: openembedded-core; +Cc: ross.burton, saul.wold, Joshua Watt
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
meta/recipes-devtools/swig/swig.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/swig/swig.inc b/meta/recipes-devtools/swig/swig.inc
index eb8d723158..e8562a91bb 100644
--- a/meta/recipes-devtools/swig/swig.inc
+++ b/meta/recipes-devtools/swig/swig.inc
@@ -3,7 +3,7 @@ DESCRIPTION = "SWIG is a compiler that makes it easy to integrate C and C++ \
code with other languages including Perl, Tcl, Ruby, Python, Java, Guile, \
Mzscheme, Chicken, OCaml, Pike, and C#."
HOMEPAGE = "http://swig.sourceforge.net/"
-LICENSE = "BSD & GPLv3"
+LICENSE = "BSD-3-Clause & GPLv3"
LIC_FILES_CHKSUM = "file://LICENSE;md5=e7807a6282784a7dde4c846626b08fc6 \
file://LICENSE-GPL;md5=d32239bcb673463ab874e80d47fae504 \
file://LICENSE-UNIVERSITIES;md5=8ce9dcc8f7c994de4a408b205c72ba08"
--
2.32.0
^ permalink raw reply related [flat|nested] 34+ messages in thread
* Re: [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier
2021-09-01 13:44 ` [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier Joshua Watt
@ 2021-09-01 23:00 ` Denys Dmytriyenko
2021-09-02 6:52 ` Richard Purdie
0 siblings, 1 reply; 34+ messages in thread
From: Denys Dmytriyenko @ 2021-09-01 23:00 UTC (permalink / raw)
To: Joshua Watt; +Cc: openembedded-core, ross.burton, saul.wold
Can license cleanups in patches 19-31 be submitted as a separate patchset,
independent from SBoM changes?
On Wed, Sep 01, 2021 at 08:44:58AM -0500, Joshua Watt wrote:
> The code in question is licensed under the BSD-3-Clause license, so
> including the generic "BSD" license is unnecessary.
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> ---
> meta/recipes-extended/timezone/timezone.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc
> index a89560b424..c7d4965cb8 100644
> --- a/meta/recipes-extended/timezone/timezone.inc
> +++ b/meta/recipes-extended/timezone/timezone.inc
> @@ -3,7 +3,7 @@ DESCRIPTION = "The Time Zone Database contains code and data that represent \
> the history of local time for many representative locations around the globe."
> HOMEPAGE = "http://www.iana.org/time-zones"
> SECTION = "base"
> -LICENSE = "PD & BSD & BSD-3-Clause"
> +LICENSE = "PD & BSD-3-Clause"
> LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba"
>
> PV = "2021a"
> --
> 2.32.0
>
--
Regards,
Denys Dmytriyenko <denis@denix.org>
PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964
Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964
^ permalink raw reply [flat|nested] 34+ messages in thread
* Re: [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier
2021-09-01 23:00 ` Denys Dmytriyenko
@ 2021-09-02 6:52 ` Richard Purdie
0 siblings, 0 replies; 34+ messages in thread
From: Richard Purdie @ 2021-09-02 6:52 UTC (permalink / raw)
To: Denys Dmytriyenko, Joshua Watt; +Cc: openembedded-core, ross.burton, saul.wold
On Wed, 2021-09-01 at 19:00 -0400, Denys Dmytriyenko wrote:
> Can license cleanups in patches 19-31 be submitted as a separate patchset,
> independent from SBoM changes?
I already queued them the other way around in master-next and will be
considering them as two different patchsets.
Cheers,
Richard
^ permalink raw reply [flat|nested] 34+ messages in thread
end of thread, other threads:[~2021-09-02 6:52 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-01 13:44 [OE-core][PATCH 00/31] Add initial SBoM support Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 01/31] classes/package: Add extended packaged data Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 02/31] classes/create-spdx: Add class Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 03/31] classes/create-spdx: Change creator Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 04/31] classes/create-spdx: Add SHA1 to index file Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 05/31] classes/create-spdx: Add index to DEPLOYDIR Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 06/31] classes/create-spdx: Add runtime dependency mapping Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 07/31] classes/create-spdx: Add NOASSERTION for unknown debug sources Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 08/31] classes/create-spdx: Fix another creator Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 09/31] classes/create-spdx: extend DocumentRef to include name Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 10/31] Add SPDX licenses Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 11/31] classes/create-spdx: Fix up license reporting Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 12/31] classes/create-spdx: Speed up hash calculations Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 13/31] classes/create-spdx: Fix file:// in downloadLocation Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 14/31] classes/create-spdx: Add special exception for Public Domain license Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 15/31] classes/create-spdx: Collect all task dependencies Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 16/31] classes/create-spdx: Skip package processing for native recipes Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 17/31] classes/create-spdx: Comment out placeholder license warning Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 18/31] conf/licenses: Add FreeType SPDX mapping Joshua Watt
2021-09-01 13:44 ` [OE-core][PATCH 19/31] tzdata: Remove BSD License specifier Joshua Watt
2021-09-01 23:00 ` Denys Dmytriyenko
2021-09-02 6:52 ` Richard Purdie
2021-09-01 13:44 ` [OE-core][PATCH 20/31] glib-2.0: Use specific BSD license variant Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 21/31] e2fsprogs: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 22/31] shadow: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 23/31] sudo: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 24/31] libcap: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 25/31] libpam: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 26/31] libxfont2: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 27/31] libjitterentropy: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 28/31] libx11: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 29/31] font-util: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 30/31] flac: " Joshua Watt
2021-09-01 13:45 ` [OE-core][PATCH 31/31] swig: " Joshua Watt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.