Could you please check the following two packages which recently started
I suspect that this is related to the RSpec update, but the errors are
quite strange on the first look:
1) WebMock::RequestSignature initialization assigns normalized headers
Failure/Error: @headers =
#<WebMock::Util::Headers (class)> received :normalize_headers
with unexpected arguments
# ./lib/webmock/request_signature.rb:25:in `headers='
# ./lib/webmock/request_signature.rb:49:in `assign_options'
# ./lib/webmock/request_signature.rb:11:in `initialize'
# ./spec/unit/request_signature_spec.rb:23:in `new'
# ./spec/unit/request_signature_spec.rb:23:in `block (3 levels) in
# ./lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
Thx a lot
P.S. Sorry for not being more helpful, I have to spent some time with
CentOS Stream 9 to get Ruby into shape there, especially the problematic
SystemTap support .
As indicated in
The Ruby documentation has components covered under OFL-1.1-RFN,
CC-BY-2.5, BSD-3-Clause and GPL-2.0 licenses
Would these need to be listed in any package containing Rdoc files?
a) should listing these be required of new packages?
b) might it be possible to create a script that can update these for
existing packages? For example during a mass rebuild?
I have been working on the validation of Rubygem licenses with the SPDX
all work done so far lives in my fedorapeople space:
It is WIP, including the scripts. (I got a bit sidetracked with
validating MIT variations.)
Note that you have to be in the directory where
`rpm-specs-latest.tar.xz` was upacked into.
From the total of about 500 rubygems (and with my incomplete script) we
have 232 SPDX licenses:
$ cat current_ok_rb.csv | wc -l
The real count is probably higher, as some gems are simply MIT or have
correct SPDX, however are older so they do not have the license metadata
included that I can compare to.
See this list for complete info:
You can see the `current_ok_rb.csv` in the same repository.
So far, I have validated mostly MIT (as those are the easiest to get
right), I will need to fix the script before my next update to account
for other licenses too.
If your gem has multiple valid SPDX license identifiers, but are in
conjunction using "and" "or" instead of "AND" "OR", the script will be
able to catch that and I'll make a PR to the gem
with the converted form should that be the case.
There are also a few gems excluded from the search as they do not have a
gem in Fedora's sources cache.
These gems are: rubygem-morph-cli rubygem-krb5-auth rubygem-asciidoctor
I have not run the script against them, they are explicitly excluded,
since so far I am only comparing the RPM Spec against gem2rpm output.
== Plan ==
I plan to do this in 2 main phases:
1) Initial pass
This is just a pass through the packages to note all packages that
are already SPDX compatible.
2a) Inspecting and fixing
This probably will be mostly manual work to identify correct
licenses for gems that do not have license in the gemspec metadata.
Also convert Callaway convention to the correct SPDX identifier.
This cannot be reliably automated for example
the BSD license can be converted to 4 different SPDX license
identifiers. However, tooling can give an idea of what the licensing
At that point I will be mainly looking on Fedora spec's license,
whether it has valid SPDX or not.
2b) Validate MIT licenses
MIT license has multiple variants. While it mostly seems that the
gem MIT licenses are under what SPDX also considers MIT, I'd like to
validate that assumption.
== How to help ==
Make sure your rubygem package has a license in Fedora's specfile that
is a valid SPDX license identifier.
You can also take a look at the gems where license does not match
between gem2rpm and fedora (RubyGems should use SPDX, even though it is
older version, that's a good pointer for us)
and fix them.
On closing note, be wary of licenses like "LGPL-2.1+", it is valid,
however deprecated by current SPDX version and the `license-validate`
tool won't accept it.
See https://spdx.org/licenses/ for complete license list including the
list of deprecated identifiers.