'Re: [PATCH cygport] Add check of SPDX expression provided by LICENSE variable'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cygwin-apps
Subject:    Re: [PATCH cygport] Add check of SPDX expression provided by LICENSE variable
From:       Christian Franke via Cygwin-apps <cygwin-apps () cygwin ! com>
Date:       2024-05-01 10:56:27
Message-ID: cf6943ef-5f7a-1871-fa05-94c33ed13d4d () t-online ! de
[Download RAW message or body]

Brian Inglis via Cygwin-apps wrote:
> On 2024-04-30 15:07, Christian Franke via Cygwin-apps wrote:
>> Brian Inglis via Cygwin-apps wrote:
>>> On 2024-04-30 11:45, Christian Franke via Cygwin-apps wrote:
>>>> The new script uses the SPDX webpages to create the license file. I 
>>>> didn't find a usable single license list at https://github.com/spdx
>
> As usual, it is easier if you clearly state the purpose of the file 
> you want, and its desired properties, like data content, format, etc.
>
>>> What about:
>>>     https://spdx.github.io/license-list-data/
>
>> This is apparently a draft version of 
>> https://spdx.org/licenses/index.html which is used by the script to 
>> generate the local license file.
>
> Strip out the table entries and create what you want with a command or 
> script.

The spdx-check script from the patch optionally (-m, -u) downloads 
https://spdx.org/licenses/index.html and creates the local spdx-licenses 
file intended to distribute with cygport. The file is grep'able.and 
reduced to the bare minimum for this use case.


>
>>> and everything under:
>>>     https://github.com/spdx/license-list-data
>
>> I didn't find a single file which lists the licenses there.
>
> GH does not always make access easy, ...

... including that github.com is still unreachable via IPv6 without 
NAT64 (except for downloads from raw.githubusercontent.com) ...


> ... with its limited online displays and fixed display orders, and 
> searches return a lot of junk, without easy access to better searching 
> in context, but try:
>
>     https://github.com/spdx/license-list-data/blob/main/licenses.md
>
> which also has xrefs to the text files; also there are:
>
>     https://github.com/spdx/license-list-data/blob/main/json/licenses.json 
>
>     https://github.com/spdx/license-list-data/blob/main/json/exceptions.json 
>
>
> which can be easily processed using `jq`.
>

Indeed, thanks. I obviously missed these files when I wrote the 
spdx-check script some month ago.

The current file format used by the script could then be created with:

url="https://raw.githubusercontent.com/spdx/license-list-data/main/json"

wget -O - "$url/licenses.json" \
| jq -j '
     .licenses[] | (
       if .isDeprecatedLicenseId then "!" else "" end,
       .licenseId,
       "\n"
     )'

wget -O - "$url/exceptions.json" \
| jq -j '
     .exceptions[] | (
       if .isDeprecatedLicenseId then "!&" else "&" end,
       .licenseExceptionId,
       "\n"
     )'

This adds these license ids not yet mentioned at 
https://spdx.org/licenses/index.html:
AMD-newlib, BSD-2-clause-first-lines, Catharon, HPND-UC-export-US,
MIT-Khronos-old, NCL, OAR, Sun-PPP-2000, pkgconf, threeparttable, xzoom

I could provide a new patch with an updated script if desired.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic