-
Bug
-
Resolution: Not a Bug
-
Highest
-
None
-
Jakarta Release
-
None
-
None
The tern scan below indicates the image 'onap/integration-python:9.1.0' contains libuuid but does not disclose its license, actually it is GPL-3.0 which will be disclosed by derived image, e.g. 'nexus3.onap.org:10001/onap/multicloud/framework:1.7.3'
$ tern report -o int-py39-output.txt -i nexus3.onap.org:10001/onap/integration-python:9.1.0
=======================================================================================
Layer 3:
info: Layer created by commands: /bin/sh c set -ex && apk add --no-cache --virtual .fetch-deps gnupg tar xz && wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python$PYTHON_VERSION.tar.xz" && wget O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]}/Python$PYTHON_VERSION.tar.xz.asc" && export GNUPGHOME="$(mktemp -d)" && gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$GPG_KEY" && gpg --batch --verify python.tar.xz.asc python.tar.xz &&
&& rm rf "$GNUPGHOME" python.tar.xz.asc && mkdir -p /usr/src/python && tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz && rm python.tar.xz && apk add --no-cache --virtual .build-deps bluez-dev bzip2-dev dpkg-dev dpkg expat-dev gcc libc-dev libffi-dev libnsl-dev libtirpc-dev linux-headers make ncurses-dev openssl-dev pax-utils sqlite-dev tcl-dev tk tk-dev util-linux-dev xz-dev zlib-dev && apk del --no-network .fetch-deps && cd /usr/src/python && gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && ./configure --build="$gnuArch" --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared --with-system-expat --with-system-ffi --without-ensurepip && make -j "$(nproc)" EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000" LDFLAGS="-Wl,-strip-all" && make install && rm -rf /usr/src/python && find /usr/local -depth ( ( -type d -a ( -name test -o -name tests -o -name idle_test ) ) -o ( -type f -a ( -name '.pyc' -o -name '.pyo' -o -name '.a' ) ) ) -exec rm -rf '{}' + && find /usr/local -type f -executable -not ( -name '*tkinter' ) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' | tr ',' '\n' | sort -u | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0
warning:
Unrecognized Commands:set -ex
wget
wget
gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $GPG_KEY
gpg --batch --verify python.tar.xz.asc python.tar.xz
command -v gpgconf > /dev/null
gpgconf --kill all
rm -rf $GNUPGHOME python.tar.xz.asc
mkdir -p /usr/src/python
tar -xJC /usr/src/python --strip-components=1 -f python.tar.xz
rm python.tar.xz
cd /usr/src/python
--query DEB_BUILD_GNU_TYPE
./configure --build=$gnuArch --enable-loadable-sqlite-extensions --enable-optimizations --enable-option-checking=fatal --enable-shared --with-system-expat --with-system-ffi --without-ensurepip
make
make install
rm -rf /usr/src/python
find /usr/local -depth ( ( -type d -a ( -name test -o -name tests -o -name idle_test ) ) -o ( -type f -a ( -name *.pyc -o -name *.pyo -o -name *.a ) ) ) -exec rm -rf {} +
find /usr/local -type f -executable -not ( -name tkinter ) -exec scanelf --needed --nobanner --format %n#p
| tr , n | sort -u | awk system([ -e /usr/local/lib/ $1 ]) == 0 { next }
{ print so: $1 }
| xargs -rt apk add --no-cache --virtual .python-rundeps
python3 --version
info: Retrieved package metadata using apk default method.
File licenses found in Layer: None
Packages found in Layer:
------------------------------------------------------------+
Package | Version | License(s) | Pkg Format |
------------------------------------------------------------+
busybox | 1.32.1-r6 | apk | |
alpine-baselayout | 3.2.0-r8 | apk | |
alpine-keys | 2.2-r0 | apk | |
libcrypto1.1 | 1.1.1k-r0 | apk | |
libssl1.1 | 1.1.1k-r0 | apk | |
ca-certificates-bundle | 20191127-r5 | apk | |
libtls-standalone | 2.9.1-r1 | apk | |
ssl_client | 1.32.1-r6 | apk | |
zlib | 1.2.11-r3 | apk | |
apk-tools | 2.12.5-r0 | apk | |
scanelf | 1.2.8-r0 | apk | |
musl-utils | 1.2.2-r0 | apk | |
libc-utils | 0.7.2-r3 | apk | |
ca-certificates | 20191127-r5 | apk | |
tzdata | 2021a-r0 | apk | |
libffi | 3.3-r2 | apk | |
libintl | 0.20.2-r2 | apk | |
ncurses-terminfo-base | 6.2_p20210109-r0 | apk | |
ncurses-libs | 6.2_p20210109-r0 | apk | |
libbz2 | 1.0.8-r1 | apk | |
sqlite-libs | 3.34.1-r0 | apk | |
xz-libs | 5.2.5-r0 | apk | |
musl | 1.2.2-r1 | apk | |
expat | 2.2.10-r1 | apk | |
libtirpc-conf | 1.3.1-r0 | apk | |
krb5-conf | 1.0-r2 | apk | |
libcom_err | 1.45.7-r0 | apk | |
keyutils-libs | 1.6.3-r0 | apk | |
libverto | 0.3.1-r1 | apk | |
krb5-libs | 1.18.3-r1 | apk | |
libtirpc | 1.3.1-r0 | apk | |
libnsl | 1.3.0-r0 | apk | |
libuuid | 2.36.1-r1 | apk | |
.python-rundeps | 20210711.083045 | apk |
------------------------------------------------------------+
$ tern report -o mvbroker-output.txt -i nexus3.onap.org:10001/onap/multicloud/framework:1.7.3
libuuid | 2.36.1-r1 | GPL-3.0-or-later AND GPL-2.0-or-later AND GPL-2.0-only AND | apk |
- blocks
-
MULTICLOUD-1224 Multicloud dockers contain GPLv3
- Closed