Bug 2175241

Summary: False-positive warning about SPDX license
Product: [Fedora] Fedora Reporter: Jan Grulich <jgrulich>
Component: rpmlintAssignee: Todd Zullinger <tmz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: j, mattias.ellert, spotrh, tmz, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rpmlint-2.4.0-8.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-25 22:46:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Grulich 2023-03-03 16:20:05 UTC
I use following license in a package:
> (GPL-2.0-only OR LGPL-3.0-only OR GPL-3.0-only WITH Qt-GPL-exception-1.0) AND BSD-3-Clause

This is correct according to documentation and also correct according to license-validate, but rpmlint reports following warning:
> W: invalid-license-exception Qt-GPL-exception-1.0)

Version-Release number of selected component (if applicable):
rpmlint-2.4.0-4.fc38.noarch

Comment 1 Todd Zullinger 2023-03-03 18:13:29 UTC
Thanks for the report.  I filed https://github.com/rpm-software-management/rpmlint/pull/1014 to fix this.  Once that's reviewed, we can decide whether to apply to Fedora or wait for the next upstream release.

Comment 2 Mattias Ellert 2023-03-19 19:19:52 UTC
The upstream PR only fixes the case when the exception is last.
If the exception is first, as in e.g.:

License: (Apache-2.0 WITH LLVM-exception OR NCSA) AND BSD-3-Clause

will still reult in

W: invalid-license (Apache-2.0

Comment 3 Todd Zullinger 2023-03-20 01:55:04 UTC
Thanks for reporting that.  I don't know why I thought the beginning of the license_exception_regex didn't need changed as well.  It needs the same sort of adjustement.  On top of the patch I sent, it should need:

-license_exception_regex = re.compile(r'(\S+)\s(?:WITH|with)\s([^)]+)')
+license_exception_regex = re.compile(r'([^(]+)\s(?:WITH|with)\s([^)]+)')

I just need to work out some issues with the test suite and I'll submit this upstream.

Comment 4 Todd Zullinger 2023-03-20 03:46:08 UTC
FWIW, I filed https://github.com/rpm-software-management/rpmlint/pull/1028 for this.  Hopefully I haven't overlooked too much this time.  I'm reasonably sure that the start and end are the only places a parenthesis can come into play, at least. ;)

Comment 5 Todd Zullinger 2023-03-20 21:06:07 UTC
I have scratch builds for rawhide and f38, if anyone can test and confirm that they fix the various cases:

https://koji.fedoraproject.org/koji/taskinfo?taskID=98933942 (rawhide)
https://koji.fedoraproject.org/koji/taskinfo?taskID=98946327 (f38)

Thanks!

Comment 6 Fedora Update System 2023-05-25 22:45:28 UTC
FEDORA-2023-d32d1441dc has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d32d1441dc

Comment 7 Fedora Update System 2023-05-25 22:46:25 UTC
FEDORA-2023-d32d1441dc has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.