Improve or expression handling

conf/licenses/licenses.yml

@@ -205,6 +205,12 @@ initramfs-tools-core:
   licenses: [
     GPL-2
   ]
+libisl23:
+  licenses: [
+    BSD-2-clause,
+    LGPL-2.1-or-later,
+    MIT,
+  ]
 klibc-utils:
   licenses: [
     GPL-2
@@ -929,6 +935,11 @@ lrzsz:
   licenses: [
     GPL-2
   ]
+ruby-narray:
+  licenses: [
+    GPL-2.0-or-later,
+    Ruby OR GPL-2.0-only,
+  ]
 shared-mime-info:
   licenses: [
     GPL-2.0-or-later

scripts/lib/python/sbom/licensing.py

@@ -52,6 +52,15 @@ def split_licesense_and_normalize(lic, license_mapping):
     elif " and-or " in lic:
         tmp = normalize_licenses(split_licenses(lic, " and-or "), license_mapping)
         lics.append("-and-or-".join(tmp))
+    elif " OR " in lic:
+        tmp = normalize_licenses(split_licenses(lic, " OR "), license_mapping)
+        l = f"({' OR '.join(tmp)})"
+        lics.append(l)
+    elif " or " in lic:
+        tmp = normalize_licenses(split_licenses(lic, " or "), license_mapping)
+        l = f"({' OR '.join(tmp)})"
+        lics.append(l)
+
     else:
         lics += normalize_licenses([lic], license_mapping)
 
@@ -68,12 +77,6 @@ def split_licenses_simple(licenses):
         elif " and " in lic:
             ret += lic.split(" and ")
             splited = True
-        elif " or " in lic:
-            ret += lic.split(" or ")
-            splited = True
-        elif " OR " in lic:
-            ret += lic.split(" OR ")
-            splited = True
         else:
             ret.append(lic)
 
@@ -82,7 +85,7 @@ def split_licenses_simple(licenses):
 
     return ret
 
-def normalize_for_spdx(licenses, license_mapping):
+def normalize_for_sbom(licenses, license_mapping):
     tmp = []
     normalized = []
 
@@ -91,13 +94,9 @@ def normalize_for_spdx(licenses, license_mapping):
         tmp += split_licesense_and_normalize(lic, license_mapping)
 
     for lic in tmp:
-        if " " in lic:
+        if not lic.startswith("(") and " " in lic:
             normalized.append(lic.replace(" ", "-"))
         else:
             normalized.append(lic)
 
     return list(set(normalized))
-
-def normalize_for_cyclonedx(licenses):
-    return split_licenses_simple(licenses)
-

scripts/lib/python/sbom/sbom_cyclonedx.py

@@ -43,12 +43,15 @@ def debian_section_to_component_type(section):
     return ComponentType.APPLICATION 
 
 def make_license_info(factory, licenses, license_mapping):
-    ret = []
+    ret = None
 
-    uniq_licenses = licensing.normalize_for_cyclonedx(licenses)
+    uniq_licenses = licensing.normalize_for_sbom(licenses, license_mapping)
     for lic in uniq_licenses:
         tmp = factory["lc_factory"].make_with_name(lic)
-        ret.append(tmp)
+        if ret is None:
+            ret = tmp.name
+        else:
+            ret = f"{ret} AND {tmp.name}"
 
     return ret
 
@@ -78,12 +81,13 @@ def create_component(factory, distro, pkg, license_mapping):
     purl_info = create_package_url(distro, pkg)
     pkgname_hash = sbom_common.package_name_hash(pkg['package'], pkg['source'])
 
+    licenses_string = make_license_info(factory, pkg["licenses"], license_mapping)
     return Component(
         type = debian_section_to_component_type(pkg["section"]),
         name = pkg["package"],
         group = pkg["source"],
         version = pkg["version"],
-        licenses = make_license_info(factory, pkg["licenses"], license_mapping),
+        licenses = [LicenseExpression(value=licenses_string)],
         supplier = create_organization_entity(pkg),
         bom_ref = BomRef(f"{pkg['package']}@{pkg['version']}-{pkgname_hash}"),
         purl = purl_info,

scripts/lib/python/sbom/sbom_spdx.py

@@ -83,7 +83,7 @@ def create_license_string(pkg, license_mapping):
     licenses = []
     s = ""
 
-    licenses_tmp = licensing.normalize_for_spdx(create_uniq_list(pkg["licenses"]), license_mapping)
+    licenses_tmp = licensing.normalize_for_sbom(create_uniq_list(pkg["licenses"]), license_mapping)
 
     try:
         for lic in licenses_tmp: