Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Most Haskell packages fail to have their license information extracted #150

Open
exarkun opened this issue Jan 21, 2025 · 0 comments
Open

Comments

@exarkun
Copy link

exarkun commented Jan 21, 2025

If I generate the SBOM for a Haskell package in nixpkgs, eg vector:

nix run github:tiiuae/sbomnix#sbomnix -- --depth 1 nixpkgs#haskellPackages.vector

Then the result is missing license information for some of the packages:

❯ cut -d , -f 2,17 < sbom.csv 
"pname","meta_license_short"
"elfutils","gpl2Only;lgpl3Plus;gpl3Plus"
"ghc","bsd3"
"glibc","The GNU C Library"
"gmp-with-cxx","lgpl3Only;gpl2Only"
"libffi","mit"
"ncurses","mit"
"primitive",""
"vector",""
"vector-stream",""

For example, the "vector" package itself is given no license. However, it certainly has this metadata in nixpkgs:

  "vector" = callPackage
    ({ mkDerivation, base, base-orphans, deepseq, doctest, HUnit
     , primitive, QuickCheck, random, tasty, tasty-bench, tasty-hunit
     , tasty-inspection-testing, tasty-quickcheck, template-haskell
     , transformers, vector-stream
     }:
     mkDerivation {
       pname = "vector";
       version = "0.13.1.0";
       sha256 = "1vpcxn0zkhmvksz373iz66bv42f358jv3zqg390vk2mbkqkp5wk3";
       revision = "1";
       editedCabalFile = "03fpy8vnjyk7hw6sci361pmb05jl5z05yb08yjv5wxqxnp7jq0xw";
       libraryHaskellDepends = [ base deepseq primitive vector-stream ];
       testHaskellDepends = [
         base base-orphans doctest HUnit primitive QuickCheck random tasty
         tasty-hunit tasty-inspection-testing tasty-quickcheck
         template-haskell transformers
       ];
       benchmarkHaskellDepends = [ base random tasty tasty-bench ];
       description = "Efficient Arrays";
       license = lib.licenses.bsd3;
     }) {};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant