Bug 454480

Summary: Discover shows inaccurate warning about proprietary software for open-source Snap applications
Product: [Applications] Discover Reporter: kskot <288pat0tem>
Component: Snap BackendAssignee: Aleix Pol <aleixpol>
Status: RESOLVED FIXED    
Severity: normal CC: aleixpol, bugseforuns, kde, ManuelBoe, nate
Priority: VHI Keywords: regression
Version: 5.24.90   
Target Milestone: ---   
Platform: Neon   
OS: Linux   
Latest Commit: Version Fixed In: 5.25.5
Attachments: warning text shown for kdenlive

Description kskot 2022-05-27 11:09:46 UTC
SUMMARY
Discover shows a warning about proprietary software for snap applications. The warning text reads "This application's source code is partially or entirely closed [...]". This warning text is also shown for open source applications. So I assume this warning is triggered because of the snap backend. The warning should either be removed, because the application is in fact open source or the warning text should specifically be about the snap backend.


STEPS TO REPRODUCE
1. open Discover
2. navigate any KDE app which is available via snap
3. Click on the warning button near the license box
4. notice the the warning text 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
KDE neon Plasma 24.90 beta
Comment 1 Nate Graham 2022-05-27 14:15:46 UTC
All snap apps, or just a specific one? Can you attach a screenshot of one?
Comment 2 kskot 2022-05-27 14:55:41 UTC
Created attachment 149262 [details]
warning text shown for kdenlive

The warning showed up for every snap application I checked on Discover. See the attachment for an example.
Comment 3 Nate Graham 2022-06-01 15:56:46 UTC
That is strange. It even shows "GPL-2.0+" but colors it orange. This is probably a code error in the Snap backend, where it mis-identifies that license as proprietary.
Comment 4 ManuelBoe 2022-06-27 22:09:09 UTC
The issue seems to occur when the licence does not match the pattern expected by Discover. 
For example, if applications use only GPL as the licence description instead of gpl-2.0.

The following licence descriptions are frequently used and wrongly marked as non-free:

GPL
GPL3
BSD
Comment 5 ManuelBoe 2022-06-27 22:13:01 UTC
(In reply to Nate Graham from comment #3)
> That is strange. It even shows "GPL-2.0+" but colors it orange. This is
> probably a code error in the Snap backend, where it mis-identifies that
> license as proprietary.

There are also applications from the Manjaro repositories that are wrongly marked as nonfree.

For example:
Latte - GPL
Onboard - GPL
Leafpad - GPL
Accerciser - BSD
QVKbd - GPL3
Deepin Terminal - GPL3
Comment 6 David Edmundson 2022-07-12 09:17:35 UTC
The code checks against a whitelist of open source licenses.

Anything not a valid SPDX identifier (i.e  "GPL") will fail the check.
Comment 7 Bug Janitor Service 2022-07-20 21:52:23 UTC
A possibly relevant merge request was started @ https://invent.kde.org/plasma/discover/-/merge_requests/332
Comment 8 Aleix Pol 2022-07-25 23:25:51 UTC
Git commit 2787a5292608115140e618bf904dd1eadfa70a52 by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 25/07/2022 at 23:19.
Pushed by apol into branch 'master'.

pk: Try harder to convert non-appstream packages licences

It will try to use as_license_to_spdx_id which does its best guess,
hopefully it will be enough on most cases, will submit some others that
I've seen upstream to catch some other cases.

M  +1    -1    discover/qml/ApplicationPage.qml
M  +23   -18   libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +36   -1    libdiscover/backends/PackageKitBackend/PackageKitResource.cpp

https://invent.kde.org/plasma/discover/commit/2787a5292608115140e618bf904dd1eadfa70a52
Comment 9 Aleix Pol 2022-07-25 23:27:57 UTC
Git commit 8c6160822d83e0825fc49fcc4ac5af160d2fe9ec by Aleix Pol Gonzalez, on behalf of Aleix Pol.
Committed on 25/07/2022 at 23:27.
Pushed by apol into branch 'Plasma/5.25'.

pk: Try harder to convert non-appstream packages licences

It will try to use as_license_to_spdx_id which does its best guess,
hopefully it will be enough on most cases, will submit some others that
I've seen upstream to catch some other cases.


(cherry picked from commit 2787a5292608115140e618bf904dd1eadfa70a52)

M  +1    -1    discover/qml/ApplicationPage.qml
M  +23   -18   libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +36   -1    libdiscover/backends/PackageKitBackend/PackageKitResource.cpp

https://invent.kde.org/plasma/discover/commit/8c6160822d83e0825fc49fcc4ac5af160d2fe9ec
Comment 10 Patrick Silva 2022-08-03 13:54:15 UTC
This bug persists on Arch Linux after update to Plasma 5.25.4. Can reproduce with snap versions of SupertuxKart game and Clementine music player, for example.
Comment 11 Aleix Pol 2022-08-23 10:59:54 UTC
Git commit 834c7566bda5ee7cd79592186c463b8838b67a1a by Aleix Pol i Gonzalez.
Committed on 23/08/2022 at 10:59.
Pushed by apol into branch 'master'.

snap: Properly communicate a snap's licence

Treat it as an SPDX expression and parse it using AppStream.
http://people.ubuntu.com/~robert-ancell/snapd-glib/reference/SnapdSnap.html#snapd-snap-get-license

M  +6    -1    libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +2    -1    libdiscover/backends/SnapBackend/SnapResource.cpp

https://invent.kde.org/plasma/discover/commit/834c7566bda5ee7cd79592186c463b8838b67a1a
Comment 12 Aleix Pol 2022-08-23 11:00:22 UTC
Git commit 32778200077cafd360f46d0f1ea21a1cdfefef5b by Aleix Pol Gonzalez, on behalf of Aleix Pol i Gonzalez.
Committed on 23/08/2022 at 11:00.
Pushed by apol into branch 'Plasma/5.25'.

snap: Properly communicate a snap's licence

Treat it as an SPDX expression and parse it using AppStream.
http://people.ubuntu.com/~robert-ancell/snapd-glib/reference/SnapdSnap.html#snapd-snap-get-license


(cherry picked from commit 834c7566bda5ee7cd79592186c463b8838b67a1a)

M  +6    -1    libdiscover/appstream/AppStreamUtils.cpp
M  +2    -0    libdiscover/appstream/AppStreamUtils.h
M  +2    -1    libdiscover/backends/SnapBackend/SnapResource.cpp

https://invent.kde.org/plasma/discover/commit/32778200077cafd360f46d0f1ea21a1cdfefef5b