Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

spdx: allow specifying custom license #1127

Merged
merged 3 commits into from
May 16, 2024
Merged

Conversation

xnox
Copy link
Contributor

@xnox xnox commented May 16, 2024

If licenserefs are passed, include them in the SPDX document.

Related: chainguard-dev/melange#1212

Signed-off-by: Dimitri John Ledkov dimitri.ledkov@chainguard.dev

If licenserefs are passed, include them in the SPDX document.

Related: chainguard-dev/melange#1212

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@chainguard.dev>
xnox added 2 commits May 16, 2024 19:23
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@chainguard.dev>
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@chainguard.dev>
@xnox xnox merged commit 5d04bae into chainguard-dev:main May 16, 2024
20 checks passed
xnox added a commit to xnox/apko that referenced this pull request May 20, 2024
This fixes chainguard-dev#1127

With package SBOMs now containing custom license information
(i.e. font-ubuntu), teach Image SBOM generator to merge those.

Error out if two packages use the same licence-ref but with different
extracted license text, as that would be an invalid SBOM merge. This
feels nicer than force renaming licenseIDs with multiple duplicate
texts.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@chainguard.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants