From 291f6783ed8d15706e2ee633de9cadb6a7736c1c Mon Sep 17 00:00:00 2001 From: Jan Kurik Date: Tue, 18 Jul 2023 14:42:21 +0200 Subject: [PATCH] Implemented license check --- .fmf/version | 1 + tests/Sanity/licence-check/epel.repo | 30 ++++++++++++ tests/Sanity/licence-check/main.fmf | 16 +++++++ tests/Sanity/licence-check/test.sh | 69 ++++++++++++++++++++++++++++ 4 files changed, 116 insertions(+) create mode 100644 .fmf/version create mode 100644 tests/Sanity/licence-check/epel.repo create mode 100644 tests/Sanity/licence-check/main.fmf create mode 100755 tests/Sanity/licence-check/test.sh diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/tests/Sanity/licence-check/epel.repo b/tests/Sanity/licence-check/epel.repo new file mode 100644 index 0000000..d52a962 --- /dev/null +++ b/tests/Sanity/licence-check/epel.repo @@ -0,0 +1,30 @@ +[epel] +name=Extra Packages for Enterprise Linux $releasever - $basearch +# It is much more secure to use the metalink, but if you wish to use a local mirror +# place its address here. +#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir +enabled = 0 +gpgcheck=1 +countme=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever + +[epel-debuginfo] +name=Extra Packages for Enterprise Linux $releasever - $basearch - Debug +# It is much more secure to use the metalink, but if you wish to use a local mirror +# place its address here. +#baseurl=https://download.example/pub/epel/$releasever/Everything/$basearch/debug/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-$releasever&arch=$basearch&infra=$infra&content=$contentdir +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever +gpgcheck=1 + +[epel-source] +name=Extra Packages for Enterprise Linux $releasever - $basearch - Source +# It is much more secure to use the metalink, but if you wish to use a local mirror +# place its address here. +#baseurl=https://download.example/pub/epel/$releasever/Everything/source/tree/ +metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-source-$releasever&arch=$basearch&infra=$infra&content=$contentdir +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-$releasever +gpgcheck=1 diff --git a/tests/Sanity/licence-check/main.fmf b/tests/Sanity/licence-check/main.fmf new file mode 100644 index 0000000..e80eb6d --- /dev/null +++ b/tests/Sanity/licence-check/main.fmf @@ -0,0 +1,16 @@ +summary: Chek for used licenses in packages +test: ./test.sh +link: + - relates: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 + - relates: https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2 +framework: beakerlib +component: +- python-jsonpointer +contact: Jan Kuřík +recommend: +- python-jsonpointer +- rpm-build +- license-validate +duration: 15m +tag: + - gating diff --git a/tests/Sanity/licence-check/test.sh b/tests/Sanity/licence-check/test.sh new file mode 100755 index 0000000..cc788ac --- /dev/null +++ b/tests/Sanity/licence-check/test.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE=python-jsonpointer +RPM=python3-jsonpointer +TCWD="$(pwd)" + +rlJournalStart + rlPhaseStartSetup + rlRun "tmp=\$(mktemp -d)" 0 "Create tmp directory" + rlRun "pushd $tmp" + rlRun "set -o pipefail" + + # Ensure we have license tools available + EPELREPO= + if ! which license-fedora2spdx &>/dev/null; then + YUMPARAM= + if rlIsRHEL || rlIsCentOS; then + EPELREPO="/etc/yum.repos.d/$(basename ${tmp})" + rlRun "cp ${TCWD}/epel.repo ${EPELREPO}" + YUMPARAM="--enablerepo=epel" + else + rlDie "Can not find license-validate tool" + fi + rlRun "yum install -y ${YUMPARAM} license-validate" \ + || rlDie "Failed to install license-validate tool" + fi + + # Get list of rpms + rlRun "yum download --source ${PACKAGE}" + #rlFetchSrcForInstalled --quiet "${RPM}" || \ + # rlDie 'Can not get source package of ${PACKAGE} .... giving up...' + SOURCEPKG=$(rpm -q --qf ${PACKAGE}'-%{version}-%{release}.src.rpm' ${RPM}) + rlAssertExists "${tmp}/${SOURCEPKG}" + rlRun "rpm -D '_topdir ${tmp}' -i ${tmp}/${SOURCEPKG}" + rlRun "LICENSES=\"\$(rpm -q --qf '%{license}\n' --specfile ${tmp}/SPECS/${PACKAGE}.spec\ + | sed -e 's/ and /\\n/g' -e 's/^ *//' -e 's/ *$//')\"" + rlRun "TUPLE=\"\$(rpm -q --qf '%{name} %{license}\n' \ + --specfile ${tmp}/SPECS/${PACKAGE}.spec )\"" + rlPhaseEnd + +while read l; do + rlPhaseStart FAIL "License check of ${l}" + retcode= + rlRun -s "license-validate '${l}'" || retcode=Fail + #rlAssertNotGrep 'Warning: ' "${rlRun_LOG}" \ + # || { rlLogInfo "$(cat ${rlRun_LOG})"; retcode="warn"; } + #rlAssertEquals "Check if the package license is SPDX identifier" \ + # "${l}" "$(cat ${rlRun_LOG})" || retcode="fail" + + # Report affected packages + if [[ -n "${retcode}" ]]; then + rlLogInfo "The following packages needs to fix the ${l} license:" + #for p in $(awk "\$0~/${l}/{print \$1;}" <<< "${TUPLE}"); do + for p in $(grep "${l}" <<< "${TUPLE}" | cut -d ' ' -f 1); do + rlLogInfo " - ${p}" + done + fi + rlPhaseEnd +done < <(sort -u <<< "${LICENSES}") + + rlPhaseStartCleanup + rlRun "popd" + # rlRun "rm -r $tmp" 0 "Remove tmp directory" + rlRun "yum clean metadata" + [[ -n "${EPELREPO}" ]] && rlRun "rm -f ${EPELREPO}" + rlPhaseEnd +rlJournalEnd