Neal Gompa wrote:
On Tue, Nov 15, 2022 at 6:24 AM Miro Hrončok
<mhroncok(a)redhat.com> wrote:
> Do we have a command line tool for this? Does licensecheck support SPDX
> identifiers?
>
> (I find the use of browser extension for this very weird. I have the LICENSE
> file unpackaged with the sources on my machine, I am not browsing it on the web.)
licensecheck supports SPDX, you just have to run it with
"--shortname-scheme spdx".
In my recent & limited experience, licensecheck did not
produce valid SPDX output in many cases. As an example,
take a file with the following license header:
/*
* test-run-command.c: test run command API.
*
* (C) 2009 Ilari Liusvaara <ilari.liusvaara(a)elisanet.fi>
*
* This code is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
I expect it to return GPL-2.0-only, but it returns GPL-2:
$ licensecheck --shortname-scheme spdx t/helper/test-run-command.c
t/helper/test-run-command.c: GPL-2
I did not see any files in the git source labeled with the
appropriate SPDX identifier for GPL-2.0*. Similar for LGPL.
For BSD-3-Clause, licensecheck used a lower-case C, which
then fails to match a valid license in rpmlint.
Am I missing something obvious or does licensecheck not work
as expected? This is with licensecheck-3.3.0-2.fc36.noarch.
--
Todd