Zephyr SPDX does not pass validation #89413
Assignees
Labels
bug
The issue is a bug, or the PR is fixing a bug
Licensing
The PR has licensing issues => licensing expert to review
priority: medium
Medium impact/importance bug
Comments
henrikbrixandersen
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Discussed in #89371
Originally posted by im-sampm May 1, 2025
Hello! I wanted to bring it to the team's attention that the current Zephyr SPDX file does not pass validation.
To recreate this bug, download the zephyr-v4.1.0.spdx file here: link
And upload it to the SPDX validator here: link (using the File Type "V2 Tag/Value").
Which returns the following error:
My team was able to narrow the issue down to this line in the SPDX:
This line is generated from the following file:
zephyr/tests/drivers/virtualization/ivshmem/plain/boards/qemu_kvm_arm64.overlay
Line 5 in 5615e46
According to the SPDX v2 Spec,
UNLICENSEDis an invalid entry because it is not part of the SPDX License List and if it is a custom license, it should be prefixed withLicenseRef-.This is also the only file which includes the
UNLICENSEDentry: linkTo fix this issue, the license should either be removed or updated IN
qemu_kvm_arm64.overlayto match the SPDX spec. Until then, every SPDX file generated by the Zephyr project will be out of spec.Here is the
git blamefor the line:@mikeg-infomagnus @sivakinfomagnus
The text was updated successfully, but these errors were encountered: