wip

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx_py/_internal/environment.py

@@ -145,7 +145,10 @@ def __call__(self, *,  # type:ignore[override]
             rc = None
         else:
             pyproject = pyproject_load(pyproject_file)
-            root_c = pyproject2component(pyproject, ctype=mc_type, fpath=pyproject_file, gather_license_texts=False)
+            root_c = pyproject2component(pyproject, ctype=mc_type,
+                                         fpath=pyproject_file,
+                                         gather_license_texts=self._gather_license_texts,
+                                         logger=self._logger)
             root_c.bom_ref.value = 'root-component'
             root_d = tuple(pyproject2dependencies(pyproject))
             rc = (root_c, root_d)

cyclonedx_py/_internal/pipenv.py

@@ -132,7 +132,8 @@ def __call__(self, *,  # type:ignore[override]
             if pyproject_file is None:
                 rc = None
             else:
-                rc = pyproject_file2component(pyproject_file, ctype=mc_type, gather_license_texts=False)
+                rc = pyproject_file2component(pyproject_file, ctype=mc_type,
+                                              gather_license_texts=False, logger=self._logger)
                 rc.bom_ref.value = 'root-component'
 
             return self._make_bom(rc,

cyclonedx_py/_internal/requirements.py

@@ -116,7 +116,8 @@ def __call__(self, *,  # type:ignore[override]
         if pyproject_file is None:
             rc = None
         else:
-            rc = pyproject_file2component(pyproject_file, ctype=mc_type, gather_license_texts=False)
+            rc = pyproject_file2component(pyproject_file, ctype=mc_type,
+                                          gather_license_texts=False, logger=self._logger)
             rc.bom_ref.value = 'root-component'
 
         if requirements_file == '-':

cyclonedx_py/_internal/utils/packaging.py

@@ -25,12 +25,8 @@
 
 from .cdx import url_label_to_ert
 from .pep621 import classifiers2licenses as pep621_classifiers2licenses
-from .pep639 import dist2licenses_from_files as pep639_dist2licenses_from_files
 
 if TYPE_CHECKING:  # pragma: no cover
-    import sys
-    from logging import Logger
-
     from cyclonedx.factory.license import LicenseFactory
     from cyclonedx.model.license import License
 

cyclonedx_py/_internal/utils/pep639.py

@@ -40,12 +40,11 @@
     from cyclonedx.factory.license import LicenseFactory
     from cyclonedx.model.license import License
 
-    from ..py_interop.packagemetadata import PackageMetadata
-
 
 def project2licenses(project: dict[str, Any], lfac: 'LicenseFactory',
                      gather_texts: bool, *,
-                     fpath: str) -> Generator['License', None, None]:
+                     fpath: str,
+                     logger: 'Logger') -> Generator['License', None, None]:
     lack = LicenseAcknowledgement.DECLARED
     if isinstance(plicense := project.get('license'), str) \
             and len(plicense) > 0:
@@ -60,7 +59,14 @@ def project2licenses(project: dict[str, Any], lfac: 'LicenseFactory',
                 # per spec:
                 # > Tools MUST assume that license file content is valid UTF-8 encoded text
                 # anyway, we don't trust this and assume binary
-                with open(join(plfiles_root, plfile), 'rb') as plicense_fileh:
+                try:
+                    plicense_fileh = open(join(plfiles_root, plfile), 'rb')
+                except Exception as err:  # pragma: nocover
+                    logger.debug('Error: failed to read license file %r for project %r: %r',
+                                 plfile, project.get('name', '<unnamed>'), err)
+                    del err
+                    continue
+                with plicense_fileh:
                     yield DisjunctiveLicense(name=f'declared license file: {plfile}',
                                              acknowledgement=lack,
                                              text=AttachedText(encoding=Encoding.BASE_64,
@@ -79,7 +85,7 @@ def dist2licenses_from_files(
     logger: 'Logger'
 ) -> Generator['License', None, None]:
     lack = LicenseAcknowledgement.DECLARED
-    metadata: 'PackageMetadata' = dist.metadata  # see https://packaging.python.org/en/latest/specifications/core-metadata/
+    metadata = dist.metadata  # see https://packaging.python.org/en/latest/specifications/core-metadata/
     for mlfile in set(metadata.get_all('License-File', ())):
         # see spec: https://peps.python.org/pep-0639/#add-license-file-field
         # latest spec rev: https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020  # noqa: E501

cyclonedx_py/_internal/utils/pyproject.py

@@ -35,14 +35,17 @@
 from .toml import toml_loads
 
 if TYPE_CHECKING:  # pragma: no cover
+    from logging import Logger
+
     from cyclonedx.model.component import Component, ComponentType
     from packaging.requirements import Requirement
 
 
 def pyproject2component(data: dict[str, Any], *,
                         ctype: 'ComponentType',
                         fpath: str,
-                        gather_license_texts: bool
+                        gather_license_texts: bool,
+                        logger: 'Logger'
                         ) -> 'Component':
     tool = data.get('tool', {})
     if poetry := tool.get('poetry'):
@@ -51,7 +54,8 @@ def pyproject2component(data: dict[str, Any], *,
         component = pep621_project2component(project, ctype=ctype)
         # region licenses
         lfac = LicenseFactory()
-        component.licenses.update(pep639_project2licenses(project, lfac, gather_license_texts, fpath=fpath))
+        component.licenses.update(pep639_project2licenses(project, lfac, gather_license_texts,
+                                                          fpath=fpath, logger=logger))
         if len(component.licenses) == 0:
             # According to PEP 639 spec, if licenses are declared in the "new" style,
             # all other license declarations MUST be ignored.
@@ -74,12 +78,14 @@ def pyproject_load(pyproject_file: str) -> dict[str, Any]:
 
 def pyproject_file2component(pyproject_file: str, *,
                              ctype: 'ComponentType',
-                             gather_license_texts: bool
+                             gather_license_texts: bool,
+                             logger: 'Logger'
                              ) -> 'Component':
     return pyproject2component(
         pyproject_load(pyproject_file),
         ctype=ctype, fpath=pyproject_file,
-        gather_license_texts=gather_license_texts
+        gather_license_texts=gather_license_texts,
+        logger=logger
     )
 
 

tests/_data/infiles/environment/with-license-pep639/NOTICE

@@ -0,0 +1 @@
+thisis the content of the NOTICE file.

tests/_data/infiles/environment/with-license-pep639/pyproject.toml

@@ -8,9 +8,9 @@ description = "depenndencies with license declaration accoring to PEP 639"
 license = "MIT OR GPL-2.0-or-later OR (FSFUL AND BSD-2-Clause)"
 # https://peps.python.org/pep-0639/#add-license-files-key
 license-files = [
-  "LICEN[CS]E*", "AUTHORS*",
+  "LICEN[CS]E*", "AUTHORS*", "NOTICE",
   "licenses_a/LICENSE.MIT", "licenses_a/*.CC0",
-  "LICENSE.txt", "licenses_b/**",
+   "licenses_b/**",
   "nonexisting_file", "nonexisting_dir/foo",
 ]