fix(spdx): Only warn when the same LicenseIDs have different text (#2053)

A lot of packages that exist in Wolfi and Chainguard OS have the same
LicenseIDs but different license text. Until we've updated all
references across the OS to be unique when the text differs, only throw
a warning

Signed-off-by: RJ Sampson <rj.sampson@chainguard.dev>

Author: EyeCantCU

pkg/sbom/generator/spdx/spdx.go

@@ -151,7 +151,7 @@ func (sx *SPDX) Generate(ctx context.Context, opts *options.Options, path string
 
 	for _, pkg := range opts.Packages {
 		// Check to see if the apk contains an sbom describing itself
-		if err := sx.ProcessInternalApkSBOM(opts, doc, pkg); err != nil {
+		if err := sx.ProcessInternalApkSBOM(ctx, opts, doc, pkg); err != nil {
 			return fmt.Errorf("parsing internal apk SBOM: %w", err)
 		}
 	}
@@ -201,7 +201,7 @@ func locateApkSBOM(fsys apkfs.ReaderFS, ipkg *apk.InstalledPackage) (string, err
 	return "", nil
 }
 
-func (sx *SPDX) ProcessInternalApkSBOM(opts *options.Options, doc *Document, ipkg *apk.InstalledPackage) error {
+func (sx *SPDX) ProcessInternalApkSBOM(ctx context.Context, opts *options.Options, doc *Document, ipkg *apk.InstalledPackage) error {
 	// Check if apk installed an SBOM
 	path, err := locateApkSBOM(opts.FS, ipkg)
 	if err != nil {
@@ -260,9 +260,7 @@ func (sx *SPDX) ProcessInternalApkSBOM(opts *options.Options, doc *Document, ipk
 		return fmt.Errorf("copying element: %w", err)
 	}
 
-	if err := mergeLicensingInfos(apkSBOMDoc, doc); err != nil {
-		return fmt.Errorf("merging LicensingInfos: %w", err)
-	}
+	mergeLicensingInfos(ctx, apkSBOMDoc, doc)
 
 	// Add CONTAINS relationships from the document root package to all top-level elements from the internal SBOM.
 	// This ensures they are reachable from the document root for tools that traverse the SBOM graph.
@@ -328,14 +326,14 @@ func copySBOMElements(sourceDoc, targetDoc *Document, todo map[string]struct{})
 	return nil
 }
 
-func mergeLicensingInfos(sourceDoc, targetDoc *Document) error {
+func mergeLicensingInfos(ctx context.Context, sourceDoc, targetDoc *Document) {
 	var found bool
 	for _, sourceinfo := range sourceDoc.LicensingInfos {
 		found = false
 		for _, targetinfo := range targetDoc.LicensingInfos {
 			if targetinfo.LicenseID == sourceinfo.LicenseID {
 				if targetinfo.ExtractedText != sourceinfo.ExtractedText {
-					return fmt.Errorf("source & target LicenseID %s differ in Text; perhaps multiple versions of the package have different contents of files provided in license-path", targetinfo.LicenseID)
+					clog.FromContext(ctx).Warnf("source & target LicenseID %s differ in Text; please either update the package's license-path or use the correct LicenseID", targetinfo.LicenseID)
 				}
 				found = true
 				break
@@ -345,7 +343,6 @@ func mergeLicensingInfos(sourceDoc, targetDoc *Document) error {
 			targetDoc.LicensingInfos = append(targetDoc.LicensingInfos, sourceinfo)
 		}
 	}
-	return nil
 }
 
 // ParseInternalSBOM opens an SBOM inside apks and