Successfully reported this slideshow.
Your SlideShare is downloading. ×

Improvements in meta spdxscanner through FOSSology - Ueba San

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Downloads
Downloads
Loading in …3
×

Check these out next

1 of 7 Ad

Improvements in meta spdxscanner through FOSSology - Ueba San

Download to read offline

'Improvements in meta spdxscanner through FOSSology' contains a presentation from Ueba San of Fujitsu at the OpenChain Workshop, Open Source Summit Europe - 23rd of October.

'Improvements in meta spdxscanner through FOSSology' contains a presentation from Ueba San of Fujitsu at the OpenChain Workshop, Open Source Summit Europe - 23rd of October.

Advertisement
Advertisement

More Related Content

Similar to Improvements in meta spdxscanner through FOSSology - Ueba San (20)

More from Shane Coughlan (20)

Advertisement

Recently uploaded (20)

Improvements in meta spdxscanner through FOSSology - Ueba San

  1. 1. Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED Improvements in meta-spdxscanner through FOSSology Takuma Ueba Fujitsu Computer Technologies Limited 0 1518ka1
  2. 2. whoami  I have contributed to the following communities • Linux Kernel • U-Boot • Yocto Project  Developer of In-house Embedded Linux Distribution for Fujitsu Limited  Our Distribution is built with Yocto Project  My team-member is maintainer of meta-spdxscanner (Ms. Lei Maohui)  Our Distribution is used for 80+ products. • IVI • Server System Controller • Storage System • Network equipment etc Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED Mainly platform community 1
  3. 3. Simple Introduction of meta-spdxscanner  Yocto Layer of source code License scanner  Default output: SPDX format (is best format) (considering OpenChain Project)  Default scanner: DoSOCSv2 Fossology 3.x doesn’t support CUI (at this point), so it could not be used with Yocto Project Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED  Patches come from 3rd party Yocto Project meta-spdxscanner SPDX files openembedded-core meta-oe meta-…… do_fetch do_unpack …… do_spdx ……  OSS source code 2
  4. 4. Comparing Outputs by DoSOCSv2, FOSSology Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES Ideal SPDX file DoSOCSv2(0.16.1) FOSSology(3.3.0) SPDXVersion: SPDX-2.0 DataLicense: CC0-1.0 FileName: ./LICENSE SPDXID: SPDXRef-file-LICENSE-4919- 7310aaf0 FileType: OTHER FileChecksum: SHA256: 4919cfb14a73cd64fcef67b107613970cf165 9a09aa675dba31314f373bc7204 LicenseConcluded: NOASSERTION LicenseInfoInFile: LicenseRef-BSD-style LicenseComments: <text></text> FileCopyrightText: NOASSERTION FileComment: <text></text> FileNotice: <text></text> :(snip) SPDXVersion: SPDX-2.1 DataLicense: CC0-1.0 FileName: bzip2-1.0.6/LICENSE SPDXID: SPDXRef-item1699540 FileChecksum: SHA1: 1c0c6888759a63c32bca7eb63353af2cd9b d5d9e FileChecksum: MD5: ddeb76cd34e791893c0f539fdab879bb LicenseConcluded: LicenseRef-bzip2-1.0.6 LicenseInfoInFile: LicenseRef-bzip2-1.0.6 FileCopyrightText: <text> copyright (C) 1996-2010 Julian R Seward. All rights reserved. copyright notice, this list of conditions and the following disclaimer. </text> :(snip) LicenseID: LicenseRef-bzip2-1.0.6 LicenseName: bzip2 and libbzip2 License v1.0.6 ExtractedText: <text> This program, "bzip2", the associated library "libbzip2", and all documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: :(snip) SPDXVersion: SPDX-2.1 DataLicense: CC0-1.0 FileName: bzip2-1.0.6/LICENSE SPDXID: SPDXRef-item1699540 FileChecksum: SHA1: 1c0c6888759a63c32bca7eb63353af 2cd9bd5d9e FileChecksum: MD5: ddeb76cd34e791893c0f539fdab879 bb LicenseConcluded: LicenseRef-bzip2- 1.0.6 LicenseInfoInFile: LicenseRef-bzip2- 1.0.6 FileCopyrightText: <text> copyright (C) 1996-2010 Julian R Seward. All rights reserved. copyright notice, this list of conditions and the following disclaimer. </text> :(snip) LicenseID: LicenseRef-bzip2-1.0.6 LicenseName: bzip2 and libbzip2 License v1.0.6 ExtractedText: <text> This program, "bzip2", the associated library "libbzip2", and all documentation, are copyright (C) 1996-2010 Julian R Seward. All rights reserved. :(snip) insufficient SPDX output By DoSOCSv2 ≒ SPDX 2.0 2.1: Mandatory item ・LicenseConcluded: no output ・LicenseInfoInFile: mistake ・FileCopyrightText: no output Ideal SPDX output By FOSSology 3
  5. 5. FOSSology available for YP soon! Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED  We are making available to use fossdriver in meta-spdxscanner  So you can soon use FOSSology from Yocto Project fossdriver is intended to enable control of a FOSSology server from Python programs. ※ Quoted from fossdriver’s readme  Let’s use improved meta-spdxscanner and SPDX file  Please give me feedback on meta-spdxscanner and SPDX topics. You are available to use high precision SPDX file! 4
  6. 6. Future Work Copyright 2018 FUJITSU COMPUTER TECHNOLOGIES LIMITED The names of products are the product names, trademarks or registered trademarks of the respective companies. Trademark notices ((R),TM) are not necessarily displayed on system names and product names in this material. Let’s improve SPDX file precision together For maintenaince reason, we want send REST API calls FOSSology server to generate SPDX files 5

Editor's Notes

  • 0

×