Latest rpminspect reports in Fedora CI complain about the license: license: -------- 1) Unapproved license in annobin-12.22-1.fc39.src: GPL-2.0-or-later WITH GCC-exception-2.0 Result: BAD Waiver Authorization: Not Waivable Suggested Remedy: The specified license abbreviation is not listed as approved in the license database. The license database is specified in the rpminspect configuration file. Check this file and send a pull request to the appropriate upstream project to update the database. If the license is listed in the database but marked unapproved, you may need to work with the legal team regarding options for this software. ... and so on and so forth for every RPM Can be seen in CI: https://artifacts.dev.testing-farm.io/bb75dbf2-816b-473c-84fe-d3715188cd1c/work-rpminspectl3etnk_p/rpminspect/execute/data/guest/default-0/rpminspect-1/data/viewer.html# It's not a blocking issue but would be nice to have it fixed. Reproducible: Always Steps to Reproduce: 1. wget https://raw.githubusercontent.com/rpminspect/rpminspect-data-fedora/main/fedora.yaml 2. rpminspect -c fedora.yaml -T license annobin-12.22-1.fc39
Nick, where does GPL-2.0-or-later WITH GCC-exception-2.0 come from? Is it because you are statically linking against GCC parts? Shouldn't it be GPL-3.0-or-later WITH GCC-exception-3.1 then?
(In reply to Florian Weimer from comment #1) > Nick, where does GPL-2.0-or-later WITH GCC-exception-2.0 come from? The demangling code in libiberty. Specifically: cp-demangle.c, cp-demangle.h, cplus-dem.d, d-demangle.c, demangle.h. Note - as of annobin 12.18, I have removed the dependency of linking annocheck with the libiberty.a library from the binutils-devel package, and instead brought a copy of the necessary sources into the annobin repository. > Is it > because you are statically linking against GCC parts? Shouldn't it be > GPL-3.0-or-later WITH GCC-exception-3.1 then? As far as I can tell these files are all GPL v2 + exception, even on the upstream gcc master branch. >> The license database is specified in the rpminspect configuration file Do you know where I can find this configuration file ? I looked in the rpminspect and rpminspect-data-fedora packages, but could not find it.
(In reply to Nick Clifton from comment #2) > (In reply to Florian Weimer from comment #1) > > Nick, where does GPL-2.0-or-later WITH GCC-exception-2.0 come from? > > The demangling code in libiberty. Specifically: cp-demangle.c, > cp-demangle.h, cplus-dem.d, d-demangle.c, demangle.h. Ohh. > >> The license database is specified in the rpminspect configuration file > > Do you know where I can find this configuration file ? I looked in the > rpminspect and rpminspect-data-fedora packages, but could not find it. Do you mean the license data file? It's in fedora-license-data.
(In reply to Florian Weimer from comment #3) > Do you mean the license data file? It's in fedora-license-data. Ah, thanks. A quick scan of the license database in that package shows that "GPL-2.0-only WITH GCC-exception-2.0" is allowed, but that "GPL-2.0-or-later WITH GCC-exception-2.0" is undocumented. I have submitted a License Review request for the extended version: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/271
The license has been approved, so I am going to close this BZ.