wip

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

cyclonedx_py/_internal/utils/pep621.py

@@ -71,26 +71,25 @@ def project2licenses(project: dict[str, Any], lfac: 'LicenseFactory',
             # per spec:
             # > These keys are mutually exclusive, so a tool MUST raise an error if the metadata specifies both keys.
             raise ValueError('`license.file` and `license.text` are mutually exclusive,')
-        if gather_text and 'file' in plicense:
-            # Per PEP 621 spec:
-            # > [...] a string value that is a relative file path [...].
-            with open(join(dirname(fpath), *PurePosixPath(plicense['file']).parts), 'rb') as plicense_fileh:
-                content_type = guess_type(plicense_fileh.name) or AttachedText.DEFAULT_CONTENT_TYPE
-                yield DisjunctiveLicense(
-                    name=f"declared license of '{project['name']}'",
-                    acknowledgement=lack,
-                    text=AttachedText(
-                        content_type=content_type,
-                        encoding=Encoding.BASE_64,
-                        # Per PEP 621 spec:
-                        # > Tools MUST assume the file’s encoding is UTF-8.
-                        # But in reality, we found non-printable bytes in some files!
-                        content=b64encode(
-                            plicense_fileh.read()
-                        ).decode('ascii')))
+        if len(plicense_file := plicense.get('file', '')) > 0:
+            if gather_text:
+                # Per PEP 621 spec:
+                # > [...] a string value that is a relative file path [...].
+                # > Tools MUST assume the file’s encoding is UTF-8.
+                # But in reality, we found non-printable bytes in some files!
+                with open(join(dirname(fpath), *PurePosixPath(plicense_file).parts), 'rb') as plicense_fileh:
+                    content_type = guess_type(plicense_file) or AttachedText.DEFAULT_CONTENT_TYPE
+                    yield DisjunctiveLicense(
+                        name=f"declared license of '{project['name']}'",
+                        acknowledgement=lack,
+                        text=AttachedText(
+                            content_type=content_type,
+                            encoding=Encoding.BASE_64,
+                            content=b64encode(
+                                plicense_fileh.read()
+                            ).decode('ascii')))
         elif len(plicense_text := plicense.get('text', '')) > 0:
-            license = lfac.make_from_string(plicense_text,
-                                            license_acknowledgement=lack)
+            license = lfac.make_from_string(plicense_text, license_acknowledgement=lack)
             if isinstance(license, DisjunctiveLicense) and license.id is None:
                 if gather_text:
                     # per spec, `License` is either a SPDX ID/Expression, or a license text(not name!)

cyclonedx_py/_internal/utils/pep639.py

@@ -107,6 +107,9 @@ def dist2licenses_from_files(
 
 def _make_license_from_content(file_name: str, content: Union[str, bytes],
                                lack: 'LicenseAcknowledgement') -> DisjunctiveLicense:
+    # In the past, we did best-effort decoding to string,
+    # see https://github.com/CycloneDX/cyclonedx-python/blob/b7a8f64ae212c5a5fd6b7cf8c83851ba692df256/cyclonedx_py/_internal/utils/pep639.py#L67-L71  # noqa:E501
+    # But this was dropped, in favour of base64 encoding; CycloneDXis for machines, not humans!
     content_type = guess_type(file_name) or AttachedText.DEFAULT_CONTENT_TYPE
     return DisjunctiveLicense(
         name=f'{lack.value} license file: {"/".join(Path(file_name).parts)}',