aliens4friends merge requestshttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests2023-07-25T16:51:52Zhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/81Draft: Remove EasyRdf workaround fixed in Fossology 4.2.12023-07-25T16:51:52ZMike HallerDraft: Remove EasyRdf workaround fixed in Fossology 4.2.1The EasyRdf 0.9 workaround can be removed when upgrading from Fossology 3.9.0 to Fossology 4.2.1
Also fixes:
- the location of the fossology dockerfile in the Docker Compose configuration
- Readme: added note about building the spdxtool...The EasyRdf 0.9 workaround can be removed when upgrading from Fossology 3.9.0 to Fossology 4.2.1
Also fixes:
- the location of the fossology dockerfile in the Docker Compose configuration
- Readme: added note about building the spdxtools container requires a build-arg called `GITHUB_BOT_AUTH`https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/80snapmatch: add workaround for 404 errors2023-05-27T12:20:02ZAlberto Pianonsnapmatch: add workaround for 404 errorsFor some package versions, snapmatch.debian.org returns
error 404 when trying to get source file information: add
workaround to choose the closest available version that
can be downloaded
fix #100For some package versions, snapmatch.debian.org returns
error 404 when trying to get source file information: add
workaround to choose the closest available version that
can be downloaded
fix #100Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/79Resolve "build jobs should not run in MR, and test jobs shoud run before buil...2022-11-25T14:52:27ZSébastien Heurtemattesebastien.heurtematte@eclipse-foundation.orgResolve "build jobs should not run in MR, and test jobs shoud run before build jobs"Closes #96Closes #96Sébastien Heurtemattesebastien.heurtematte@eclipse-foundation.orgSébastien Heurtemattesebastien.heurtematte@eclipse-foundation.orghttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/78add --remove-variants functionality2022-11-24T19:33:16ZAlberto Pianonadd --remove-variants functionalityadd --remove-variants functionality in order to show the actual status of clearing work on Fossology on the current snapshot/release, without counting variantsadd --remove-variants functionality in order to show the actual status of clearing work on Fossology on the current snapshot/release, without counting variantsAlberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/77Pipeline migration: Migration EF runner2022-11-16T16:48:07ZSébastien Heurtemattesebastien.heurtematte@eclipse-foundation.orgPipeline migration: Migration EF runnerMigration aliens4friends project pipeline to Eclipse foundation Gitlab runner.
Top issue: https://gitlab.eclipse.org/eclipse-wg/oniro-wg/products-services-oniro-wg/it-services-oniro-wg/pipelines-architecture-oniro-wg/-/issues/61
Signe...Migration aliens4friends project pipeline to Eclipse foundation Gitlab runner.
Top issue: https://gitlab.eclipse.org/eclipse-wg/oniro-wg/products-services-oniro-wg/it-services-oniro-wg/pipelines-architecture-oniro-wg/-/issues/61
Signed-off-by: sebastien.heurtematte <sebastien.heurtematte@eclipse-foundation.org>Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/76harvest: add cve stats calculation2022-10-21T15:25:54ZAlberto Pianonharvest: add cve stats calculationAlberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/75add is_main_variant property for when there are multiple variants2022-10-13T17:09:16ZAlberto Pianonadd is_main_variant property for when there are multiple variantsfix #95fix #95Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/74add layer information to harvest.json2022-10-13T14:25:34ZAlberto Pianonadd layer information to harvest.jsonfix #94fix #94Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/73add support for yocto cve-check metadata2022-10-13T09:19:20ZAlberto Pianonadd support for yocto cve-check metadatapairs with tinfoilhat!21
no particular issues to solve here, just adjusting data classes
fix #93pairs with tinfoilhat!21
no particular issues to solve here, just adjusting data classes
fix #93Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/72add a SBoM generation command2022-10-07T10:08:05ZAlberto Pianonadd a SBoM generation commandAlberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/71fix archive2022-10-04T11:10:00ZAlberto Pianonfix archivespdxalien returned an error [here](https://gitlab.com/noi-techpark-premium/solda/mirrors/oniro-goofy/-/jobs/3120897403) because it found an empty .scancode.spdx file for mobile-broadband-provider-info-20220725-r0.
That is due to the fac...spdxalien returned an error [here](https://gitlab.com/noi-techpark-premium/solda/mirrors/oniro-goofy/-/jobs/3120897403) because it found an empty .scancode.spdx file for mobile-broadband-provider-info-20220725-r0.
That is due to the fact that scancode was launched against an empty `__unpacked` dir, which in turn is due to the fact that the internal archive for that package doesn't have a root/main folder inside (like `mobile-broadband-provider-info-20220725/`) but all files are archived in `./`; since the tar command is always invoked with `--strip 1` option (assuming that a root/main folder is always present), in case like this it may generate the above chain of errors.
Fix #91Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/70fix various snapmatch issues2022-10-03T19:39:28ZAlberto Pianonfix various snapmatch issues- [x] when version match score is 0, overall score is still calculated as 50, so snapmatch tries to download info about a non-existent "" version (empty string) from Debian Snapshot API
- [x] libpam is not found, but it corresponds to "p...- [x] when version match score is 0, overall score is still calculated as 50, so snapmatch tries to download info about a non-existent "" version (empty string) from Debian Snapshot API
- [x] libpam is not found, but it corresponds to "pam" package in Debian, need to set an alias
- [x] there is an error when trying to display some log messages, because a dict key is treated as an object property
fix #90Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/69Fix scancode in docker images and add option to import only copyrights from S...2022-10-02T09:35:30ZAlberto PianonFix scancode in docker images and add option to import only copyrights from Scancode findingsAlberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/68fix upload command - do not throw errors but just issue a warning when alien....2022-09-23T16:51:55ZAlberto Pianonfix upload command - do not throw errors but just issue a warning when alien.spdx is not found... otherwise fossology results (and therefore the dashboard) are not updated... otherwise fossology results (and therefore the dashboard) are not updatedAlberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/67add support for crate archives2022-09-13T10:46:59ZAlberto Pianonadd support for crate archivesfix #87fix #87Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/66add support for multiple toolchains2022-08-29T19:20:26ZAlberto Pianonadd support for multiple toolchainssee epic eclipse/oniro-compliancetoolchain/toolchain&7see epic eclipse/oniro-compliancetoolchain/toolchain&7Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/65option to add package variants before harvesting data2022-07-18T20:39:49ZAlberto Pianonoption to add package variants before harvesting dataThe Dashboard show audit progress also based on existing package variants - eg.
if there are multiple package variants, but only the oldest one has been
reviewed in Fossology, the Dashboard regards also the newer one as reviewed in
the t...The Dashboard show audit progress also based on existing package variants - eg.
if there are multiple package variants, but only the oldest one has been
reviewed in Fossology, the Dashboard regards also the newer one as reviewed in
the total file count, because in variants only some single files (patches etc.)
are usually changed/added, so it's just a matter of a reuse agent that needs to
be scheduled in order to have also the new variant fully reviewed.
However, by harvesting only latest project snapshot's data, previous variants
are not included, so the total audited file count provided by the Dashboard is
not reliable.
To fix this, we need to add all available variants to the session before running
"fossy" and "harvest" commands, and properly handle them in the harvest command
option that filters packages based on latest snapshot tag (older variants
generally belong to a previous snapshot and may be filtered out unless a proper
exception is added to the filter)Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/64Documentation for Contributors2022-07-14T12:07:00ZAlberto PianonDocumentation for ContributorsI will describe some aspects for new contributors to get started immediately without a long explanation of a core developer. This should also be useful for senior developers, to not forget why and how things work...
I will just do it in...I will describe some aspects for new contributors to get started immediately without a long explanation of a core developer. This should also be useful for senior developers, to not forget why and how things work...
I will just do it in several little chapters, so we avoid long texts that nobody want to read, and can also send single links to questions of new contributors...
**Please squash this MR, before merging!**Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/63add workaround for e2fsprogs2022-06-24T08:53:53ZAlberto Pianonadd workaround for e2fsprogsfix #78fix #78Alberto PianonAlberto Pianonhttps://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/toolchain/aliens4friends/-/merge_requests/62fix fossology python dep in toolchain dockerization2022-05-27T15:44:32ZAlberto Pianonfix fossology python dep in toolchain dockerizationfix #76fix #76Alberto PianonAlberto Pianon