Date   
Re: Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Michael C. Jaeger
 

Hello,

 

looks like we have an unfortunate time with the scheduler the past days.

 

Regarding the apache message: I am not sure if this indicates a serious problem. As far as I know the server name should be set by admin of the machine (in this case your vagrant machine) and if it is not set, then this message arrives.

 

FOSSology is a server application therefore some admin tasks may be necessary to fully set this up.

 

It seems like the scheduler crashes and then is not starting again. However the start can be triggered at restart of the machine, so that it is why it returns when you issue vagrant to reprovision

 

You could do

·         “vagrant ssh” (being in the directory from where you executed the other vagrant commands) to log into the machine directly

·         once logged in, either try to “sudo service fossology graceful-stop” and “sudo service fossology stop” (or “sudo service fossology restart”)

·         see htop or top what it is doing

 

Any other than that, the scheduler might require an investigation why it is stopping, maybe it is a general error.

 

Kind regards, Michael

 

 

 

From: main@... [mailto:main@...] On Behalf Of Stephanie Mehltretter
Sent: Montag, 18. Juni 2018 12:07
To: main@...
Subject: [FOSSology] Flossology bugs: upload and unified report tasks are not executed in vagrant vm

 

Hello,

I am new to Flossology and have installed the software using vagrant and Virtualbox. The installation worked fine and I can use a Fossology instance on http://localhost:8081/repo/. In the terminal I got the warning that "    default: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.2.15. Set the 'ServerName' directive globally to suppress this message". 

BUG 1:

The problem is that the unified report only can be downloaded after executing a vagrant reload in the Terminal!

My steps are the following:

1) upload via version control system the project "https://github.com/laravel/framework" (works - see attachement)

2) under the tab "browse" click on the project and select "export unified report"

--> in the job list 29 new jobs show up doing a unified report. ALL of those jobs stay yellow until you type "vagrant reload" in the terminal.

Then you can go to the job list and see blue yellow and gree jobs and you can download the generated report!

By the way, pausing or canceling a job results in the error added in the attachement.

 

BUG 2:

- if you follow the steps mentioned before and then upload a new project to be analysed, the upload jobs will stay yellow even if you do vagrant reload. I have been waiting for the upload for over 2 hours even if the project is not very big (react js of facebook).

How to handle this bug?

 

I hope all the screenshow are helpful.

Could you please help me, how to avoid the problem or fix it in the vagrant container?

Thank you so much!

Sincerely,

Stephanie Mehltretter

 

Re: help a noob

Greene (US), Geoffrey N <geoffrey.n.greene@...>
 

Yeah, that worked. Thanks!

-----Original Message-----
From: main@... [mailto:main@...] On Behalf Of Gaurav Mishra
Sent: Monday, June 18, 2018 7:14 AM
To: main@...
Subject: Re: [FOSSology] help a noob

Hello Geoffrey,

Please restart the scheduler. You can do it by using the running container name and calling exec on it.

To get current container name or id, run: docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c97ae36577e fossology/fossology "/fossology/docker..." 20 minutes ago Up 5 minutes 8081/tcp, 0.0.0.0:8081->80/tcp hopeful_varahamihira

Then call exec on it with the STDIN attached: docker exec -i -t hopeful_varahamihira /bin/bash And restart the scheduler with the new terminal: /etc/init.d/fossology restart

There is a problem with the latest tag of docker and scheduler keeps crashing. Please consider using latest release tag 3.3.0 for time being (docker run -p 8081:80 fossology/fossology:3.3.0)?

With best regards,
Gaurav Mishra

Siemens Technology and Services Private Limited CT RDA DS AA DTS CNP CT 84, Hosur Road Bengaluru 560100, India
Mobile: +91 9840702660
mailto:@gmishx
www.siemens.co.in/STS

www.siemens.com/ingenuityforlife

Registered Office: Plot No. 2, Sector No. 2, Kharghar Node, Navi Mumbai – 410210. Telephone +91 22 39672000. Fax +91 22 27740169. Other Offices: Bangalore, Chennai, Gurgaon, Noida, Pune. Corporate Identity number: U99999MH1986PTC093854 -----Original Message-----
From: main@... [mailto:main@...] On Behalf Of Greene (US), Geoffrey N
Sent: 15 June 2018 21:26
To: main@...
Subject: Re: [FOSSology] help a noob

Just uploaded 74 k .zip file. Nothing happened.
My show jobs page now shows 6 jobs waiting.
The scheduler status still shows
Connection to the scheduler failed. Is the scheduler running?
socket_connect() failed.
Reason: () Connection refused

-----Original Message-----
From: main@... [mailto:main@...] On Behalf Of Nicolas Toussaint
Sent: Friday, June 15, 2018 10:14 AM
To: main@...
Subject: Re: [FOSSology] help a noob

Hi Geoffrey,

Did you try to scan a smaller file ?
I have just tested the basic Docker command you mentionned, and uploaded 326KB tgz archive, and the scan went fine.
I have exactly the same header as you have.

--
Nicolas Toussaint
OAB - Orange Applications for Business - Lyon
Tel: +33 608 763 559

-----Original Message-----
From: "Greene (US), Geoffrey N" <geoffrey.n.greene@...>
Reply-To: main@...
To: main@... <main@...>
Subject: Re: [FOSSology] help a noob
Date: Fri, 15 Jun 2018 13:59:17 +0000

OK, so CentOS won't work for me (all I'm trying to do is evaluate fossology to see if it will work for my needs, and I don't feel like compiling php from source)

So I installed the docker image. That should just...work...

It doesn't work either. When I upload my source (300GB zipped) nothing happens. It appears that it unzips it,
(maybe?) but then it never scans it.

I think the scheduler is busted. When I go to the Scheduler Administration and click on "Status" for the "Scheduler" and hit "Submit it says

Status of the scheduler failed.Connection to the scheduler failed. Is the scheduler running?
socket_connect() failed.
Reason: () Connection refused

This is the docker image...shouldn't it just...work?

FWIW, the banner says:

Version: [unknown], Branch: [master], Commit: [#142313] 2018/06/07 09:45 UTC built @ 2018/06/07 10:07 UTC

Is there a known stable version I should use rather than just docker run -p 8081:80 fossology/fossology ?

Thanks

-----Original Message-----
From: main@... [mailto:main@...] On Behalf Of Michael C. Jaeger
Sent: Friday, June 15, 2018 4:15 AM
To: main@...
Subject: Re: [FOSSology] help a noob

Hi Geoffrey,

I am sorry for this experience, I think we do not have enough (any?) persons caring for the CentOS / yum based distros.
any help here is much appreciated.

I filed an issue for this:

https://github.com/fossology/fossology/issues/1119

Kind regards, Michael


On 15.06.2018, at 01:31, Greene (US), Geoffrey N <geoffrey.n.greene@...> wrote:

Yup it was php-mbstring. I just had to do a yum install on it. That
was the only package missing. Maybe just that one is missing from the
installdeps script ( I was using centOS)

Then I realized my php is too old. I thought I'll try the docker image instead... upgrading my php will be a pain...

Prepare for more questions from me tho... my first attempt at the
docker image revealed a crashing scheduler... I'll work that tomorrow.



Sent via the Samsung Galaxy S8, an AT&T 4G LTE smartphone


-------- Original message --------
From: Maximilian Huber <maximilian.huber@...>
Date: 6/14/18 5:48 PM (GMT-05:00)
To: main@...
Subject: Re: [FOSSology] help a noob

On Thu, 14. Jun 18:00, Greene (US), Geoffrey N wrote:
- easyrdf/easyrdf 0.9.1 requires ext-mbstring * -> the requested
PHP extension mbstring is missing from your system.
You are missing the ext-mbstring package which can maybe be installed
via
- `$ apt-get install php7.0-mbstring` or
- `$ yum php-mbstring`

Since you followed the instructions, you should already have all
dependencies installed after running `./utils/fo-installdeps`.
Which OS do you use? Maybe it is not fully supported by the script.

Best regards
Maximilian

--
Maximilian Huber * maximilian.huber@... * +49-174-3410223 TNG
Technology Consulting GmbH, Betastr. 13a, 85774 Unterföhring
Geschäftsführer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Müller
Sitz: Unterföhring * Amtsgericht München * HRB 135082












_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Stephanie Mehltretter <s.mehltretter@...>
 

Hey,
thanks for the answer. Restarting the scheduler as you mentioned help me for the first time. Unfortunately I have to do a more complex license scan until next Thuesday and have to review toe licenses my self and generate a reviewed report out of them. At the moment this is not possible because of the bugs in the scheduler. Would it be possible to produce a bug fix soon?

Thank you so much!
Yours sincerely,
Stephanie

Am 18.06.18 um 14:03 schrieb Michael C. Jaeger:

Hello,

 

looks like we have an unfortunate time with the scheduler the past days.

 

Regarding the apache message: I am not sure if this indicates a serious problem. As far as I know the server name should be set by admin of the machine (in this case your vagrant machine) and if it is not set, then this message arrives.

 

FOSSology is a server application therefore some admin tasks may be necessary to fully set this up.

 

It seems like the scheduler crashes and then is not starting again. However the start can be triggered at restart of the machine, so that it is why it returns when you issue vagrant to reprovision

 

You could do

·         “vagrant ssh” (being in the directory from where you executed the other vagrant commands) to log into the machine directly

·         once logged in, either try to “sudo service fossology graceful-stop” and “sudo service fossology stop” (or “sudo service fossology restart”)

·         see htop or top what it is doing

 

Any other than that, the scheduler might require an investigation why it is stopping, maybe it is a general error.

 

Kind regards, Michael

 

 

 

From: main@... [mailto:main@...] On Behalf Of Stephanie Mehltretter
Sent: Montag, 18. Juni 2018 12:07
To: main@...
Subject: [FOSSology] Flossology bugs: upload and unified report tasks are not executed in vagrant vm

 

Hello,

I am new to Flossology and have installed the software using vagrant and Virtualbox. The installation worked fine and I can use a Fossology instance on http://localhost:8081/repo/. In the terminal I got the warning that "    default: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.2.15. Set the 'ServerName' directive globally to suppress this message". 

BUG 1:

The problem is that the unified report only can be downloaded after executing a vagrant reload in the Terminal!

My steps are the following:

1) upload via version control system the project "https://github.com/laravel/framework" (works - see attachement)

2) under the tab "browse" click on the project and select "export unified report"

--> in the job list 29 new jobs show up doing a unified report. ALL of those jobs stay yellow until you type "vagrant reload" in the terminal.

Then you can go to the job list and see blue yellow and gree jobs and you can download the generated report!

By the way, pausing or canceling a job results in the error added in the attachement.

 

BUG 2:

- if you follow the steps mentioned before and then upload a new project to be analysed, the upload jobs will stay yellow even if you do vagrant reload. I have been waiting for the upload for over 2 hours even if the project is not very big (react js of facebook).

How to handle this bug?

 

I hope all the screenshow are helpful.

Could you please help me, how to avoid the problem or fix it in the vagrant container?

Thank you so much!

Sincerely,

Stephanie Mehltretter

 


Re: Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Michael C. Jaeger
 

Hello,

maybe soon ready by Anupam:

https://github.com/fossology/fossology/pull/1122

Or, you could try the last release, 3.3.0 where we did not see the errors.

Kind regards, Michael

On 19.06.2018, at 17:02, Stephanie Mehltretter <s.mehltretter@...> wrote:

Hey,
thanks for the answer. Restarting the scheduler as you mentioned help me for the first time. Unfortunately I have to do a more complex license scan until next Thuesday and have to review toe licenses my self and generate a reviewed report out of them. At the moment this is not possible because of the bugs in the scheduler. Would it be possible to produce a bug fix soon?

Thank you so much!
Yours sincerely,
Stephanie

Am 18.06.18 um 14:03 schrieb Michael C. Jaeger:
Hello,

looks like we have an unfortunate time with the scheduler the past days.

Regarding the apache message: I am not sure if this indicates a serious problem. As far as I know the server name should be set by admin of the machine (in this case your vagrant machine) and if it is not set, then this message arrives.

FOSSology is a server application therefore some admin tasks may be necessary to fully set this up.

It seems like the scheduler crashes and then is not starting again. However the start can be triggered at restart of the machine, so that it is why it returns when you issue vagrant to reprovision

You could do
· “vagrant ssh” (being in the directory from where you executed the other vagrant commands) to log into the machine directly
· once logged in, either try to “sudo service fossology graceful-stop” and “sudo service fossology stop” (or “sudo service fossology restart”)
· see htop or top what it is doing

Any other than that, the scheduler might require an investigation why it is stopping, maybe it is a general error.

Kind regards, Michael



From: main@... [mailto:main@...] On Behalf Of Stephanie Mehltretter
Sent: Montag, 18. Juni 2018 12:07
To: main@...
Subject: [FOSSology] Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Hello,
I am new to Flossology and have installed the software using vagrant and Virtualbox. The installation worked fine and I can use a Fossology instance onhttp://localhost:8081/repo/. In the terminal I got the warning that " default: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.2.15. Set the 'ServerName' directive globally to suppress this message".

BUG 1:

The problem is that the unified report only can be downloaded after executing a vagrant reload in the Terminal!

My steps are the following:

1) upload via version control system the project "https://github.com/laravel/framework" (works - see attachement)

2) under the tab "browse" click on the project and select "export unified report"

--> in the job list 29 new jobs show up doing a unified report. ALL of those jobs stay yellow until you type "vagrant reload" in the terminal.

Then you can go to the job list and see blue yellow and gree jobs and you can download the generated report!

By the way, pausing or canceling a job results in the error added in the attachement.



BUG 2:

- if you follow the steps mentioned before and then upload a new project to be analysed, the upload jobs will stay yellow even if you do vagrant reload. I have been waiting for the upload for over 2 hours even if the project is not very big (react js of facebook).

How to handle this bug?



I hope all the screenshow are helpful.

Could you please help me, how to avoid the problem or fix it in the vagrant container?

Thank you so much!

Sincerely,

Stephanie Mehltretter


Re: Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Greene (US), Geoffrey N <geoffrey.n.greene@...>
 

3.3.0 worked well when I tried it for eval purposes...

-----Original Message-----
From: main@... [mailto:main@...] On Behalf Of Michael C. Jaeger
Sent: Tuesday, June 19, 2018 12:23 PM
To: main@...
Subject: Re: [FOSSology] Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Hello,

maybe soon ready by Anupam:

https://github.com/fossology/fossology/pull/1122

Or, you could try the last release, 3.3.0 where we did not see the errors.

Kind regards, Michael

On 19.06.2018, at 17:02, Stephanie Mehltretter <s.mehltretter@...> wrote:

Hey,
thanks for the answer. Restarting the scheduler as you mentioned help me for the first time. Unfortunately I have to do a more complex license scan until next Thuesday and have to review toe licenses my self and generate a reviewed report out of them. At the moment this is not possible because of the bugs in the scheduler. Would it be possible to produce a bug fix soon?

Thank you so much!
Yours sincerely,
Stephanie

Am 18.06.18 um 14:03 schrieb Michael C. Jaeger:
Hello,

looks like we have an unfortunate time with the scheduler the past days.

Regarding the apache message: I am not sure if this indicates a serious problem. As far as I know the server name should be set by admin of the machine (in this case your vagrant machine) and if it is not set, then this message arrives.

FOSSology is a server application therefore some admin tasks may be necessary to fully set this up.

It seems like the scheduler crashes and then is not starting again. However the start can be triggered at restart of the machine, so that it is why it returns when you issue vagrant to reprovision

You could do
· “vagrant ssh” (being in the directory from where you executed the other vagrant commands) to log into the machine directly
· once logged in, either try to “sudo service fossology graceful-stop” and “sudo service fossology stop” (or “sudo service fossology restart”)
· see htop or top what it is doing

Any other than that, the scheduler might require an investigation why it is stopping, maybe it is a general error.

Kind regards, Michael



From: main@... [mailto:main@...] On Behalf Of Stephanie Mehltretter
Sent: Montag, 18. Juni 2018 12:07
To: main@...
Subject: [FOSSology] Flossology bugs: upload and unified report tasks are not executed in vagrant vm

Hello,
I am new to Flossology and have installed the software using vagrant and Virtualbox. The installation worked fine and I can use a Fossology instance onhttp://localhost:8081/repo/. In the terminal I got the warning that " default: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.0.2.15. Set the 'ServerName' directive globally to suppress this message".

BUG 1:

The problem is that the unified report only can be downloaded after executing a vagrant reload in the Terminal!

My steps are the following:

1) upload via version control system the project "https://github.com/laravel/framework" (works - see attachement)

2) under the tab "browse" click on the project and select "export unified report"

--> in the job list 29 new jobs show up doing a unified report. ALL of those jobs stay yellow until you type "vagrant reload" in the terminal.

Then you can go to the job list and see blue yellow and gree jobs and you can download the generated report!

By the way, pausing or canceling a job results in the error added in the attachement.



BUG 2:

- if you follow the steps mentioned before and then upload a new project to be analysed, the upload jobs will stay yellow even if you do vagrant reload. I have been waiting for the upload for over 2 hours even if the project is not very big (react js of facebook).

How to handle this bug?



I hope all the screenshow are helpful.

Could you please help me, how to avoid the problem or fix it in the vagrant container?

Thank you so much!

Sincerely,

Stephanie Mehltretter


Fossology, SPDX Packages & Sub Packages

 

Dear All,

I am having a hard using Fossology to fulfil my needs efficiently.
I would like to share one of the core aspect I am struggling with, and would love to see if some of you are facing the same problems.

My goal is to scan complete products source code, and ultimately produce a report listing all embedded components (libraries, dependencies, etc.), their licenses as well as copyright notices.
Today, I generate SPDX-TV reports with Fossolgy, convert them to XLS format using the SPDX Tools [1], and manually reorganise the file to create a list of components.
I didn't find within Fossology  a way to indicate that, for example, a given directory/file contains the library X, licensed under Y, and copyrighted to Z, and generate the corresponding SPDX report.

Beside, the SPDX specifications seem to allow Packages and Sub-Packages identification [2] that seems to be what I'm looking for.

So my questions are:
- Do you share the need of identifying components / sub-packages within a scanned project ?
- If so, is there a way to achieve this with Fossology, and producing SPDX reports ?
- Can the SPDX [Sub-]Package be used to identify components and their license ?
- ... or is my compliance process totally wrong (should I identify and scan all components separately) ?



Nicolas

-- 
Nicolas Toussaint
OAB - Orange Applications for Business - Lyon
Tel: +33 608 763 559
_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: Fossology, SPDX Packages & Sub Packages

 

Hello again,

I came to the conclusion that, 
- from an SPDX point of view, the packages is what I need to describe the embedded components and dependencies included in the scanned project
- Fossology does not permit (yet) the creation of multiple packages

Now we can head towards making Fossology handle such packages + exoprt them to SPDX, but I will need confirmation that it is a good idea & others have the same need.

Also, how to achieve this ? 
I can imagine adding a "Make Package" link in the Actions column (see attached file).
This would 
- let the user configure the package
- clear all files within the directory (or compressed file), and include them in the package

In an ideal world (to come), dependencies and library could be compared to existing database (see Sharing-creates-value and Clearly Defined initiatives) and cleared automatically this way.

Any thoughts on this ?





-- 
Nicolas Toussaint
OAB - Orange Applications for Business - Lyon

-----Original Message-----
From: Nicolas Toussaint <nicolas1.toussaint@...>
Subject: Fossology, SPDX Packages & Sub Packages
Date: Mon, 20 Aug 2018 16:01:28 +0200

Dear All,

I am having a hard using Fossology to fulfil my needs efficiently.
I would like to share one of the core aspect I am struggling with, and would love to see if some of you are facing the same problems.

My goal is to scan complete products source code, and ultimately produce a report listing all embedded components (libraries, dependencies, etc.), their licenses as well as copyright notices.
Today, I generate SPDX-TV reports with Fossolgy, convert them to XLS format using the SPDX Tools [1], and manually reorganise the file to create a list of components.
I didn't find within Fossology  a way to indicate that, for example, a given directory/file contains the library X, licensed under Y, and copyrighted to Z, and generate the corresponding SPDX report.

Beside, the SPDX specifications seem to allow Packages and Sub-Packages identification [2] that seems to be what I'm looking for.

So my questions are:
- Do you share the need of identifying components / sub-packages within a scanned project ?
- If so, is there a way to achieve this with Fossology, and producing SPDX reports ?
- Can the SPDX [Sub-]Package be used to identify components and their license ?
- ... or is my compliance process totally wrong (should I identify and scan all components separately) ?



Nicolas

-- 
Nicolas Toussaint
OAB - Orange Applications for Business - Lyon
Tel: +33 608 763 559

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Help a newbie

marc.mcgarry@...
 

I am trying to run software packages/components through fossology. If i zip the package folder (with the jar file inside), will this successfully test all of the classes inside? 

 

Re: Help a newbie

 

Hi Marc,

Yes, Fossology will open all compressed
files (zip, tgz, jar, etc.) and scan the contents.
This is done recursively, so that a jar in a zip is also opened and its contents scanned.



On 12/10/2018 16:56, marc.mcgarry@... wrote:
I am trying to run software packages/components through fossology. If i zip the package folder (with the jar file inside), will this successfully test all of the classes inside? 

 

-- 

Nicolas Toussaint
OAB - Orange Applications for Business - Lyon
_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: Help a newbie

Michael C. Jaeger
 

Hello,

 

your mail raises a few questions, I try to bring a few considerations.

 

1. „classes“ refers to *.class files? if yes, then this is maybe not the right thing for FOSSology, but maybe for some binary analysis tool (- next generation) or so. class files are usually results of a compiler so they omit source code comments which is where licensing statements are usually in.

 

2. FOSSology should be able to unpack *.jar files, so no need to zip it, except you would like to upload a set of jar files at once. If fossology cannot look into a jar file, it is a bug (and should be thus put in the issues tracker).

 

3. what is your point with “test” what are look for exactly?

 

Kind regards, Michael

 

From: main@... [mailto:main@...] On Behalf Of marc.mcgarry@...
Sent: Freitag, 12. Oktober 2018 16:57
To: main@...
Subject: [FOSSology] Help a newbie

 

I am trying to run software packages/components through fossology. If i zip the package folder (with the jar file inside), will this successfully test all of the classes inside? 

 

Re: Help a newbie

Michael C. Jaeger
 

Hello,

 

oh interesting, I have not seen your point from your answer, glad that our e-mails crossed.

 

Kind regards, Michael

 

From: main@... [mailto:main@...] On Behalf Of Nicolas Toussaint
Sent: Freitag, 12. Oktober 2018 17:03
To: main@...
Subject: Re: [FOSSology] Help a newbie

 

Hi Marc,

Yes, Fossology will open all compressed files (zip, tgz, jar, etc.) and scan the contents.
This is done recursively, so that a jar in a zip is also opened and its contents scanned.


On 12/10/2018 16:56, marc.mcgarry@... wrote:

I am trying to run software packages/components through fossology. If i zip the package folder (with the jar file inside), will this successfully test all of the classes inside? 

 



-- 
 
Nicolas Toussaint
OAB - Orange Applications for Business - Lyon
_________________________________________________________________________________________________________________________
 
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
 
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

VS: [FOSSology] Help a newbie

Martin von Willebrand
 

Fossology agent doing the unpacking will unpack zip-packages and jar-packages, even if they are nested.

 

You likely want to run source code files through Fossology, though, because many build systems remove texts that would be interesting for license analysis purposes. In java, you should look at uploading .java-files and not .class-files.

 

Best

Martin

 

Martin von Willebrand, Attorney-at-law, Partner
HH Partners, Attorneys-at-law Ltd
Bulevardi 7, 5th floor
P.O. Box 232, 0
0101 Helsinki, Finland
Tel: +358 9 177 613, Fax: +358 9 653 873
GSM: +358 40 770 1818
martin.vonwillebrand@...
www.twitter.com/mvonwi
www.hhpartners.fi
Validos ry, Chairman,
www.validos.org

HH Partners shines in international rankings. See details at hhpartners.fi.


Privileged and confidential information may be contained in this message. If you are not addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, kindly notify us by reply e-mail and delete this message immediately. Thank you.

 

Lähettäjä: main@... [mailto:main@...] Puolesta marc.mcgarry@...
Lähetetty: perjantai 12. lokakuuta 2018 17.57
Vastaanottaja: main@...
Aihe: [FOSSology] Help a newbie

 

I am trying to run software packages/components through fossology. If i zip the package folder (with the jar file inside), will this successfully test all of the classes inside? 

 

Re: VS: [FOSSology] Help a newbie

marc.mcgarry@...
 

On Fri, Oct 12, 2018 at 08:05 AM, Martin von Willebrand wrote:

ng will unpack zip-packages and jar-packages, even if they are nested.

 

You likely want to run source code files through Fossology, though, because many build systems remove texts that would be interesting for license analysis purposes. In java, you should look at uploading .java-files and not .class-files.

 

Best

Is there any plans to use ALL features of SPDX 2.1 specification in future releases?

thuy.tran.xh@...
 

Hi all,

As announced in the release, https://github.com/fossology/fossology/wiki/FOSSology-3.1-Release-Announcement-(Working-Version)

Key features in FOSSology 3.1 are:
Support for SPDX 2.1 document formats(tag:value format now available as well as RDF)

I have tried the fossology installation in the ways of docker as well as from source.
From the template (Only package/ document/file information) at https://github.com/fossology/fossology/tree/master/src/spdx2/agent/template, we could not generate SPDX 2.1 FULL features at https://spdx.org/spdx-specification-21-web-version

Is there any plans to use ALL features of SPDX 2.1 specification in future releases?
Thank you.

Regards,
Thuy Tran.

Re: Is there any plans to use ALL features of SPDX 2.1 specification in future releases?

Michael C. Jaeger
 

Hello,

currently, I am not aware of the FOSSology project planning to support "ALL features of SPDX 2.1 specification in future releases", for a number of reasons, just a few examples:

* Spec 2.1 supports identification of code snippets (See section 5), currently fossology does not support it and I am not aware of plans by someone to contribute it
* Spec 2.1 support for example besides the copyright statement also a file contributor, which could be taken, maybe, from some SCM information. I am not aware of plans here neither
* ...

and so forth. I think FOSSology will support only parts of the SPDX 2.1 spec as they are covered by the application functionality.

I am not sure of that answer covers your question? The fact that you have used bold types letters in your e-mail provides a slight impression that you expect something in particular from the FOSSology project?

Maybe the following two issues provide also helpful information to you?

https://github.com/fossology/fossology/issues/1309
https://github.com/spdx/spdx-spec/issues/112

Please do not hesitate to clarify what you intended to say about our release notes or our idea of SPDX 2.1 document generation.

Kind regards, Michael

On 12. Mar 2019, at 13:30, thuy.tran.xh@... wrote:

Hi all,

As announced in the release, https://github.com/fossology/fossology/wiki/FOSSology-3.1-Release-Announcement-(Working-Version)

Key features in FOSSology 3.1 are:
Support for SPDX 2.1 document formats(tag:value format now available as well as RDF)

I have tried the fossology installation in the ways of docker as well as from source.
From the template (Only package/ document/file information) at https://github.com/fossology/fossology/tree/master/src/spdx2/agent/template, we could not generate SPDX 2.1 FULL features at https://spdx.org/spdx-specification-21-web-version

Is there any plans to use ALL features of SPDX 2.1 specification in future releases?
Thank you.

Regards,
Thuy Tran.

Release of 3.5.0

Shaheem Azmal M MD
 

Hello all,

After two release candidates, making fixes for REST API installation and various migration tests, FOSSology is stable enough for a new release. The main features of the 3.5.0 release can be found under RC1.

Particular corrections after RC1 can be found under RC2.

Mainly 3.5.0 adds more documentation, infrastructure improvements and support for brand new FOSSology REST API. A brief introduction about the REST API can be found at:

https://www.fossology.org/get-started/basic-rest-api-calls/

Moreover, new functionality has improved JSON output for nomos and restructured license detection for nomos. Last but not the least, FOSSology now have capabilities to ignore files specific to version control systems from the scanning improving scan times.

Credits

From the git commit history, we have following contributors since 3.4.0:

@ag4ums,
@ChristopheRequillart,
@AMDmi3,
@GMishx,
@mcieno,
@max-wittig,
@maxhbr,
@rlintu,
@sandipbhuyan,
@shaheemazmalmmd


Please find the release and binary packages for Debian and Ubuntu based systems here https://github.com/fossology/fossology/releases/tag/3.5.0 

Thanks & Regards
Shaheem Azmal M MD

Need to remove Debian packaging meta info from master branch

Gaurav Mishra
 

Hello all,

 

During our effort to publish FOSSology as a Debian package, we got few suggestions from the Debian community.

One of those suggestion is to remove the Debian packaging information (debian folder) from the master branch and put it into another branch like chore/debian/jessie.

 

This is done so to avoid conflicts as Debian maintainers will be editing this packaging information in the FOSSology mirror (hosted at Debian Sala). And any change in upstream can result in conflicts.

 

As this change will alter the packaging steps required by many of FOSSology users, we need your feedback.

 

I have opened an issue on GitHub for the same: https://github.com/fossology/fossology/issues/1341

 

Kindly respond either on this thread or on the GitHub issue if you have any concerns regarding the same.

With best regards,
Gaurav Mishra