From f47b340396d3df6ece0f6a2b5da2897fbdad9942 Mon Sep 17 00:00:00 2001
From: Sebastian Schildt <sebastian.schildt@de.bosch.com>
Date: Sun, 5 May 2024 15:41:42 +0200
Subject: [PATCH] Remove createbom helper

Signed-off-by: Sebastian Schildt <sebastian.schildt@de.bosch.com>
---
 DEPENDENCIES                                  | 134 ------------
 build-databroker-cli.sh                       |   3 +-
 build-databroker.sh                           |   3 +-
 createbom/README.md                           |  20 --
 createbom/bomutil/maplicensefile.py           |  40 ----
 createbom/bomutil/quirks.py                   |  36 ----
 createbom/createbom.py                        | 201 ------------------
 createbom/licensestore/0BSD.txt.gz            | Bin 401 -> 0 bytes
 createbom/licensestore/Apache-2.0.txt.gz      | Bin 3977 -> 0 bytes
 createbom/licensestore/BSD-2-Clause.txt.gz    | Bin 721 -> 0 bytes
 createbom/licensestore/BSD-3-Clause.txt.gz    | Bin 37 -> 0 bytes
 createbom/licensestore/BSL-1.0.txt.gz         | Bin 781 -> 0 bytes
 createbom/licensestore/BlueOak-1.0.0.md.gz    | Bin 758 -> 0 bytes
 createbom/licensestore/CC0-1.0.txt.gz         | Bin 2838 -> 0 bytes
 createbom/licensestore/ISC.txt.gz             | Bin 459 -> 0 bytes
 createbom/licensestore/MIT.txt.gz             | Bin 651 -> 0 bytes
 .../licensestore/Unicode-DFS-2016.txt.gz      | Bin 1219 -> 0 bytes
 createbom/licensestore/Unlicense.txt.gz       | Bin 723 -> 0 bytes
 createbom/licensestore/WTFPL.txt.gz           | Bin 314 -> 0 bytes
 createbom/licensestore/Zlib.txt.gz            | Bin 488 -> 0 bytes
 createbom/licensestore/ring.LICENSE.txt.gz    | Bin 3341 -> 0 bytes
 createbom/licensestore/webpki.LICENSE.txt.gz  | Bin 595 -> 0 bytes
 22 files changed, 4 insertions(+), 433 deletions(-)
 delete mode 100644 DEPENDENCIES
 delete mode 100644 createbom/README.md
 delete mode 100644 createbom/bomutil/maplicensefile.py
 delete mode 100644 createbom/bomutil/quirks.py
 delete mode 100755 createbom/createbom.py
 delete mode 100644 createbom/licensestore/0BSD.txt.gz
 delete mode 100644 createbom/licensestore/Apache-2.0.txt.gz
 delete mode 100644 createbom/licensestore/BSD-2-Clause.txt.gz
 delete mode 100644 createbom/licensestore/BSD-3-Clause.txt.gz
 delete mode 100644 createbom/licensestore/BSL-1.0.txt.gz
 delete mode 100644 createbom/licensestore/BlueOak-1.0.0.md.gz
 delete mode 100644 createbom/licensestore/CC0-1.0.txt.gz
 delete mode 100644 createbom/licensestore/ISC.txt.gz
 delete mode 100644 createbom/licensestore/MIT.txt.gz
 delete mode 100644 createbom/licensestore/Unicode-DFS-2016.txt.gz
 delete mode 100644 createbom/licensestore/Unlicense.txt.gz
 delete mode 100644 createbom/licensestore/WTFPL.txt.gz
 delete mode 100644 createbom/licensestore/Zlib.txt.gz
 delete mode 100644 createbom/licensestore/ring.LICENSE.txt.gz
 delete mode 100644 createbom/licensestore/webpki.LICENSE.txt.gz

diff --git a/DEPENDENCIES b/DEPENDENCIES
deleted file mode 100644
index 06df9e6f..00000000
--- a/DEPENDENCIES
+++ /dev/null
@@ -1,134 +0,0 @@
-crate/cratesio/-/aho-corasick/0.7.20, MIT AND Unlicense, approved, #4240
-crate/cratesio/-/ansi_term/0.12.1, MIT, approved, clearlydefined
-crate/cratesio/-/anyhow/1.0.68, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/arrayref/0.3.6, BSD-2-Clause, approved, clearlydefined
-crate/cratesio/-/arrayvec/0.5.2, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/async-stream-impl/0.3.3, MIT, approved, clearlydefined
-crate/cratesio/-/async-stream/0.3.3, MIT, approved, clearlydefined
-crate/cratesio/-/async-trait/0.1.63, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #6666
-crate/cratesio/-/base64/0.13.1, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #6655
-crate/cratesio/-/bitflags/1.3.2, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/blake2b_simd/0.5.11, MIT, approved, clearlydefined
-crate/cratesio/-/bytes/1.3.0, MIT, approved, clearlydefined
-crate/cratesio/-/cfg-if/1.0.0, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/clap/3.2.23, Apache-2.0 AND MIT, approved, #4243
-crate/cratesio/-/clap_lex/0.2.4, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #4254
-crate/cratesio/-/constant_time_eq/0.1.5, CC0-1.0, approved, clearlydefined
-crate/cratesio/-/crossbeam-utils/0.8.14, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/dirs-sys/0.3.7, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/dirs/1.0.5, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/dirs/4.0.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/either/1.8.0, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #4245
-crate/cratesio/-/fnv/1.0.7, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/futures-channel/0.3.25, Apache-2.0 AND MIT AND Apache-2.0 AND MIT AND BSD-2-Clause-Views, approved, #6671
-crate/cratesio/-/futures-core/0.3.25, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/futures-sink/0.3.25, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/futures-task/0.3.25, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/futures-util/0.3.25, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/getrandom/0.1.16, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/getrandom/0.2.8, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/h2/0.3.15, MIT, approved, clearlydefined
-crate/cratesio/-/hashbrown/0.12.3, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/hermit-abi/0.2.6, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/http-body/0.4.5, MIT, approved, clearlydefined
-crate/cratesio/-/http/0.2.8, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/httparse/1.8.0, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #4256
-crate/cratesio/-/httpdate/1.0.2, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/hyper-timeout/0.4.1, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/hyper/0.14.23, MIT, approved, clearlydefined
-crate/cratesio/-/indexmap/1.9.2, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/itertools/0.10.5, Apache-2.0 AND MIT AND Apache-2.0 AND MIT, approved, #4247
-crate/cratesio/-/itoa/1.0.5, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/lazy_static/1.4.0, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/libc/0.2.139, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/linefeed/0.6.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/log/0.4.17, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/matchers/0.1.0, MIT, approved, clearlydefined
-crate/cratesio/-/memchr/2.5.0, Unlicense OR MIT, approved, clearlydefined
-crate/cratesio/-/memoffset/0.6.5, MIT, approved, clearlydefined
-crate/cratesio/-/mio/0.8.5, MIT, approved, clearlydefined
-crate/cratesio/-/mortal/0.2.3, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/nix/0.23.2, MIT, approved, clearlydefined
-crate/cratesio/-/nom/5.1.2, MIT, approved, clearlydefined
-crate/cratesio/-/nu-ansi-term/0.46.0, MIT, approved, clearlydefined
-crate/cratesio/-/num_cpus/1.15.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/once_cell/1.17.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/os_str_bytes/6.4.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/overload/0.1.1, MIT, approved, clearlydefined
-crate/cratesio/-/percent-encoding/2.2.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/phf/0.11.1, MIT, approved, clearlydefined
-crate/cratesio/-/phf_shared/0.11.1, MIT, approved, clearlydefined
-crate/cratesio/-/pin-project-internal/1.0.12, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/pin-project-lite/0.2.9, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/pin-project/1.0.12, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/pin-utils/0.1.0, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/ppv-lite86/0.2.17, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/proc-macro2/1.0.50, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/prost-derive/0.9.0, Apache-2.0, approved, clearlydefined
-crate/cratesio/-/prost-types/0.9.0, Apache-2.0, approved, clearlydefined
-crate/cratesio/-/prost/0.9.0, Apache-2.0, approved, clearlydefined
-crate/cratesio/-/quote/1.0.23, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/rand/0.8.5, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/rand_chacha/0.3.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/rand_core/0.6.4, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/redox_syscall/0.1.57, MIT, approved, clearlydefined
-crate/cratesio/-/redox_syscall/0.2.16, MIT, approved, clearlydefined
-crate/cratesio/-/redox_users/0.3.5, MIT, approved, clearlydefined
-crate/cratesio/-/redox_users/0.4.3, MIT, approved, clearlydefined
-crate/cratesio/-/regex-automata/0.1.10, MIT OR (MIT AND Unlicense), approved, clearlydefined
-crate/cratesio/-/regex-syntax/0.6.28, Apache-2.0 AND MIT AND Apache-2.0 AND MIT AND Unicode-DFS-2016, approved, #4252
-crate/cratesio/-/regex/1.7.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/rust-argon2/0.8.3, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/ryu/1.0.12, Apache-2.0 AND BSL-1.0 AND CC-BY-SA-3.0, approved, #4267
-crate/cratesio/-/serde/1.0.152, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/serde_derive/1.0.152, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/serde_json/1.0.91, Apache-2.0 AND MIT, approved, #4264
-crate/cratesio/-/sharded-slab/0.1.4, MIT, approved, clearlydefined
-crate/cratesio/-/signal-hook-registry/1.4.0, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/siphasher/0.3.10, Apache-2.0 AND MIT, approved, #6665
-crate/cratesio/-/slab/0.4.7, MIT, approved, clearlydefined
-crate/cratesio/-/smallstr/0.2.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/smallvec/1.10.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/socket2/0.4.7, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/sqlparser/0.16.0, Apache-2.0, approved, #6669
-crate/cratesio/-/syn/1.0.107, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/terminfo/0.7.5, WTFPL AND X11-distribute-modifications-variant, approved, #6663
-crate/cratesio/-/textwrap/0.16.0, MIT, approved, #6657
-crate/cratesio/-/thiserror-impl/1.0.38, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/thiserror/1.0.38, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/thread_local/1.1.4, Apache-2.0 OR MIT, approved, clearlydefined
-crate/cratesio/-/tinyvec/1.6.0, Zlib OR (Apache-2.0 OR MIT), approved, clearlydefined
-crate/cratesio/-/tinyvec_macros/0.1.0, MIT OR (Apache-2.0 AND MIT) OR (MIT AND Zlib), approved, clearlydefined
-crate/cratesio/-/tokio-io-timeout/1.2.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/tokio-macros/1.8.2, MIT, approved, clearlydefined
-crate/cratesio/-/tokio-stream/0.1.11, MIT, approved, clearlydefined
-crate/cratesio/-/tokio-util/0.6.10, MIT, approved, clearlydefined
-crate/cratesio/-/tokio-util/0.7.4, MIT, approved, clearlydefined
-crate/cratesio/-/tokio/1.24.2, MIT, approved, #6659
-crate/cratesio/-/tonic/0.6.2, MIT AND Apache-2.0, approved, #6653
-crate/cratesio/-/tower-layer/0.3.2, MIT, approved, clearlydefined
-crate/cratesio/-/tower-service/0.3.2, MIT, approved, clearlydefined
-crate/cratesio/-/tower/0.4.13, MIT AND Apache-2.0, approved, #6661
-crate/cratesio/-/tracing-attributes/0.1.23, MIT, approved, clearlydefined
-crate/cratesio/-/tracing-core/0.1.30, MIT, approved, clearlydefined
-crate/cratesio/-/tracing-futures/0.2.5, MIT, approved, clearlydefined
-crate/cratesio/-/tracing-subscriber/0.3.16, MIT AND BSD-3-Clause AND BSD-2-Clause AND LicenseRef-Public-Domain, approved, #6670
-crate/cratesio/-/tracing/0.1.37, MIT, approved, clearlydefined
-crate/cratesio/-/try-lock/0.2.4, MIT, approved, clearlydefined
-crate/cratesio/-/unicode-ident/1.0.6, , approved, #4138
-crate/cratesio/-/unicode-normalization/0.1.22, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/unicode-width/0.1.10, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/want/0.3.0, MIT, approved, clearlydefined
-crate/cratesio/-/wasi/0.11.0+wasi-snapshot-preview1, (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT), approved, #6667
-crate/cratesio/-/wasi/0.9.0+wasi-snapshot-preview1, (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT), approved, #6654
-crate/cratesio/-/winapi-i686-pc-windows-gnu/0.4.0, Apache-2.0 AND MIT, approved, #6664
-crate/cratesio/-/winapi-x86_64-pc-windows-gnu/0.4.0, Apache-2.0 AND MIT, approved, #6658
-crate/cratesio/-/winapi/0.3.9, Apache-2.0 AND MIT, approved, clearlydefined
-crate/cratesio/-/windows-sys/0.42.0, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_aarch64_gnullvm/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_aarch64_msvc/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_i686_gnu/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_i686_msvc/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_x86_64_gnu/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_x86_64_gnullvm/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
-crate/cratesio/-/windows_x86_64_msvc/0.42.1, MIT OR Apache-2.0, approved, clearlydefined
diff --git a/build-databroker-cli.sh b/build-databroker-cli.sh
index cfae6ffb..bb35d000 100755
--- a/build-databroker-cli.sh
+++ b/build-databroker-cli.sh
@@ -6,7 +6,8 @@
 # Uses cross for cross-compiling. Needs to be executed
 # before docker build, as docker collects the artifacts
 # created by this script
-# this needs the have cross, cargo-license and createbom dependencies installed
+# this needs the have cross, cargo-license and kuksa sbom helper
+# installed
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/build-databroker.sh b/build-databroker.sh
index 1bfc8323..4f46c814 100755
--- a/build-databroker.sh
+++ b/build-databroker.sh
@@ -6,7 +6,8 @@
 # Uses cross for cross-compiling. Needs to be executed
 # before docker build, as docker collects the artifacts
 # created by this script
-# this needs the have cross, cargo-license and createbom dependencies installed
+# this needs the have cross, cargo-license and the kuksa-sbom helper
+# installed
 #
 # SPDX-License-Identifier: Apache-2.0
 
diff --git a/createbom/README.md b/createbom/README.md
deleted file mode 100644
index 874585ac..00000000
--- a/createbom/README.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# BOM Generator
-
-Generates a BOM
-
-## Troubleshooting
-
-If you run it and you get errors like:
-
-```
-Could not find license file for 0BSD in adler
-Error: BOM creation failed, unresolved licenses detected
-```
-
-The a possible reason is that the `Cargo.lock` in the repository has been updated and some components use licenses
-not covered here. This can be solved by:
-
-* Find the corresponding license test. Check for instance [SPDX](https://spdx.org/licenses/)
-* Verify that license is feasible for our use.
-* Download or create a text file with the license text, do `gzip` and put it in `licensestore` folder.
-* Add the identifier (in the example above `0BSD`) to `maplicensefile.py`
diff --git a/createbom/bomutil/maplicensefile.py b/createbom/bomutil/maplicensefile.py
deleted file mode 100644
index 044f587d..00000000
--- a/createbom/bomutil/maplicensefile.py
+++ /dev/null
@@ -1,40 +0,0 @@
-#! /usr/bin/env python
-########################################################################
-# Copyright (c) 2022, 2023 Robert Bosch GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-########################################################################
-
-"""Mapping of license identifiers of cargo license to the filenames of the actual license texts."""
-
-MAP = {
-    "Apache-2.0": "Apache-2.0.txt.gz",
-    "BlueOak-1.0.0": "BlueOak-1.0.0.md.gz",
-    "MIT": "MIT.txt.gz",
-    "Unlicense": "Unlicense.txt.gz",
-    "BSL-1.0": "BSL-1.0.txt.gz",
-    "Unicode-DFS-2016": "Unicode-DFS-2016.txt.gz",
-    "BSD-2-Clause": "BSD-2-Clause.txt.gz",
-    "CC0-1.0": "CC0-1.0.txt.gz",
-    "WTFPL": "WTFPL.txt.gz",
-    "Zlib": "Zlib.txt.gz",
-    "ISC": "ISC.txt.gz",
-    "ring": "ring.LICENSE.txt.gz",
-    "rustls-webpki": "webpki.LICENSE.txt.gz",
-    # License text taken from https://spdx.org/licenses/0BSD.html
-    "0BSD": "0BSD.txt.gz",
-    # License test taken from https://spdx.org/licenses/BSD-3-Clause.html
-    "BSD-3-Clause": "BSD-3-Clause.txt.gz"
-}
diff --git a/createbom/bomutil/quirks.py b/createbom/bomutil/quirks.py
deleted file mode 100644
index 70df6fa2..00000000
--- a/createbom/bomutil/quirks.py
+++ /dev/null
@@ -1,36 +0,0 @@
-#! /usr/bin/env python
-########################################################################
-# Copyright (c) 2022, 2023 Robert Bosch GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-########################################################################
-
-'''Hook for applying some sanitation to make further processing easier'''
-
-def apply_quirks(component):
-    '''
-    Takes one component entry from cargo license and might return
-    a modified/extended entry.
-    Use sparingly. Comment what you are doing
-    Use narrow matching (name and complete license string) to catch
-    changes
-    '''
-    if component["name"] in {"io-lifetimes", "linux-raw-sys", "rustix", "wasi"} \
-        and component["license"] == "Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT":
-        # All licenses are "OR", we already ship Apache-2.0 and MIT. The LLVM exception
-        # does not apply to us, so lets keep it clean.
-        component["license"] = "Apache-2.0 OR MIT"
-        return component
-    return component
diff --git a/createbom/createbom.py b/createbom/createbom.py
deleted file mode 100755
index 4785195f..00000000
--- a/createbom/createbom.py
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/usr/bin/env python3
-########################################################################
-# Copyright (c) 2022,2023 Robert Bosch GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-########################################################################
-
-"""
-This script will generate a list of all dependencies and licenses of a
-Rust project. It will create a folder called thirdparty in that
-project folder containing a list of dependencies and a copy
-of each license used in dependencies
-"""
-
-import argparse
-import sys
-import json
-import re
-import os
-import gzip
-
-from subprocess import check_output, CalledProcessError
-
-from bomutil.maplicensefile import MAP as supported_licenses
-from bomutil import quirks
-
-
-class LicenseException(Exception):
-    pass
-
-
-class RunCargoException(Exception):
-    pass
-
-
-def extract_license_ids(license):
-    """Extract valid licenses for each dependency. We most of the time
-    do not care whether it is "AND" or "OR" currently, we currently assume we are
-    compatible to all "OR" variants, and thus include all"""
-    license_ids = []
-    if license:
-        license_ids = re.split(r"\s*AND\s*|\s*OR\s*|\(|\)", license)
-        license_ids = list(filter(None, license_ids))
-
-    return license_ids
-
-
-def extract_license_filenames(crate):
-    license_files = []
-    crate = quirks.apply_quirks(crate)
-
-    crate_name = crate["name"]
-    license_ids = extract_license_ids(crate["license"])
-    license_file = crate["license_file"]
-
-    if not license_ids and not license_file:
-        raise LicenseException(
-            f"Neither license nor license file specified for {crate_name}"
-        )
-
-    if license_file:
-        license_ids.append(crate_name)
-
-    missing = []
-    for license_id in license_ids:
-        if license_id in supported_licenses:
-            license_file = supported_licenses[license_id]
-            license_files.append(license_file)
-        else:
-            missing.append(license_id)
-
-    if missing:
-        missing_licenses = ", ".join(missing)
-        raise LicenseException(
-            f"Could not find license file for {missing_licenses} in {crate_name}"
-        )
-
-    return license_files
-
-
-def generate_bom(source_path, target_path, dashout):
-    try:
-        cargo_output = check_output(
-            [
-                "cargo",
-                "license",
-                "--json",
-                "--avoid-build-deps",
-                "--current-dir",
-                source_path,
-            ]
-        )
-    except CalledProcessError as e:
-        raise RunCargoException(f"Error running cargo license: {e}")
-
-    crates = json.loads(cargo_output)
-    dashlist = []
-
-    # Cargo will also pick up our own dependencies. As they are not thirdparty
-    # creating a new list without our own packages
-    crates = [
-        crate for crate in crates if not crate["name"].startswith("databroker")
-        and not crate["name"].startswith("kuksa")
-    ]
-
-    license_files = set()
-    errors = []
-    for crate in crates:
-        try:
-            print(f"License for {crate['name']} {crate['version']}: ", end="")
-            license_filenames = extract_license_filenames(crate)
-            for license_filename in license_filenames:
-                license_files.add(license_filename)
-            unpacked_filenames = [
-                filename[:-3] if filename.endswith(".gz") else filename
-                for filename in license_filenames
-            ]
-            print(" ".join(unpacked_filenames))
-            del crate["license_file"]
-            crate["license_files"] = unpacked_filenames
-            dashlist.append(
-                f"crate/cratesio/-/{crate['name']}/{crate['version']}")
-        except LicenseException as e:
-            errors.append(e)
-
-    if errors:
-        for error in errors:
-            print(error)
-        raise LicenseException(
-            "BOM creation failed, unresolved licenses detected")
-
-    # Exporting
-    os.mkdir(target_path)
-
-    for license_file in license_files:
-        print(f"Copying {license_file[:-2]}")
-        with gzip.open("licensestore/" + license_file, "rb") as inf:
-            content = inf.read()
-        with open(os.path.join(target_path, license_file[:-3]), "wb") as outf:
-            outf.write(content)
-
-    print("Writing thirdparty_components.txt")
-    with open(
-        os.path.join(target_path, "thirdparty_components.txt"), "w", encoding="utf-8"
-    ) as jsonout:
-        json.dump(crates, jsonout, indent=4)
-
-    if dashout is not None:
-        print(f"Exporting dash output to {dashout}")
-        with open(dashout, 'w') as f:
-            for line in dashlist:
-                f.write(f"{line}\n")
-
-
-def main(args=None):
-    parser = argparse.ArgumentParser()
-    parser.add_argument("dir", help="Rust project directory")
-    parser.add_argument("--dash", default=None, type=str,
-                        help="if present, write an input file for dash PATH", metavar="PATH")
-    args = parser.parse_args(args)
-
-    source_path = os.path.abspath(args.dir)
-    target_path = os.path.join(source_path, "thirdparty")
-
-    if os.path.exists(target_path):
-        print(
-            f"Folder {target_path} already exists. Remove it before running this script."
-        )
-        return -2
-
-    if args.dash is not None and os.path.exists(args.dash):
-        print(
-            f"Requested Dash output file {args.dash} exists. Remove it before running this script.")
-        return -3
-
-    print(f"Generating BOM for project in {source_path}")
-    try:
-        generate_bom(source_path, target_path, args.dash)
-    except LicenseException as e:
-        print(f"Error: {e}")
-        return -100
-    except RunCargoException as e:
-        print(f"Error: {e}")
-        return -1
-
-
-if __name__ == "__main__":
-
-    sys.exit(main(sys.argv[1:]))
diff --git a/createbom/licensestore/0BSD.txt.gz b/createbom/licensestore/0BSD.txt.gz
deleted file mode 100644
index d6b2a6dc9572d57e6c9a2289bd26c7671ac812a3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 401
zcmV;C0dD>uiwFoYFv4U21295UL@soAbO2S5QE#I#5QN|JD@J`rx!<sX1uPjm=QWM`
zm|mO<4-F9zRr&W_(^l7$kj%n-GvnQ->1~+jVZ34)ai3FxKjZCD;B7n&XFZSC)30&D
zX_%L3c)c$P%Vn4`kLTt6I3=9*=kfZ$?LOVcIpKX+F3@lJ9PbOxDM9s@G^N)E{!Yj1
zl1|&rCbkUmbv#gD7{NaHXH#*7ClZ~XK(0a-Q6F0$P#GyLnNC2~La9J58WtQ(Y!SGj
zpn9)}n*B3&rR^)@nw2u$-WrYgLHimVhqBd?cE+0cvIf^CIu_Zg0h|Xvvx|^6oBZgs
zV^~8w%cylC_X62-X~-5@H*gsX<-gxlQF<r*yH_vOprVeNT;UV_9uF-=@tPR)R?^#;
z+t<N&uwK@}y|4yQq>Sp`w5$}$u~rMYG3irA<6Ty3XbhAaIBu+I*p-|?zpA4TD(vM8
vC_uqTPV{}uv|kO?!||u%y6(IKZL#Ka(93tUy4L@%f4lhr2J-0|UjhICY`4dF

diff --git a/createbom/licensestore/Apache-2.0.txt.gz b/createbom/licensestore/Apache-2.0.txt.gz
deleted file mode 100644
index 43305c2eb64f5cfea476fbb3f65a5a57a131d446..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3977
zcmV;44|eb$iwFoQjcQ{613_?MV`ybEE_8Tw0Nq+!bKAxhe$TJia;8&h2Bw``+c-~*
zB`0hhN+Zg3GnqUrfd#oWfJJrzQS7hpx$F%jCA-tNYBH@!V$YsEm+yS%EQI*P-=df0
zPKkHARGm{_JoDr~ly%y4;;Z?qLi|m3qqGO{)vH(EJh^B$4E^huFZcWXT+%jkW4A9G
z-palF0vFz2-~GH6i`A8QbF;cy-Y;)fYw`BxPP|`V7vk>v_U`8D{Tuwcpr@{u>-)Rq
z5AX3C67c0*T&Y@jdI06z{0pzm%%5l`+)g%)XqD{504E)kZJm%^B}&s(yh_x@iqWY;
zSk+rojU|3vcv1LlrQKllX2kD>bfUs7RV6kDu~sDu`4Z$?Gj4a{J7H@0py4@Fj;-p3
zW4(+$QLHrm!Rqa95N6*gD?lY!sE31)<FGSU|C{#na?Y(7c5)D~>DEeE*lp<{Z--0)
zwUv#yCebHKj2#}3v{yowBqeA8W`JkC7y}P@1+{X#H5hcTrYVH9Dtu^2=>kuK-;P}c
z%SzL>rt^~ggJQ3T9n0Yj=i;rgq(?v6-ay18t44<hAI-d!86Cxm3w_B;&0g68+-Jc{
zsD$qL--Q^AC?z-@pYu}qC$fMQt?cAhq4RKGH<mlESRwX1MaKv4)4q~q=a$)Pj3$tB
zp+OUJkK5@UCDpnHYxc^PDEi{tSAV>u?F^WQ4Ic!JgB!r==mT(*RW3*bksH;45lRiN
zoJh~~OfLV$j5BcoYw=%pcA0w}{zIEQ=xRh+R^;*F1*k{RRy$M#^lr6t6z~*hoCM^S
zlTcg3ZY883q*r?!X}wjovKE%puQgfxBW}@}O2g44WmRyn?#gB)Q$P}m&J3c_t;XHK
zkIvM?9>dGghTxP6tRHfZ1bH$1KoRo4*4xq2@8Fh3W$<yc`4@!3sp_&j@OR*jv7!8^
zt!d%Mawj{`IwS~0Md$EI83KyFY5d1pNWtbIamDn2UdGWeA#Hk%31vt*f6OgJ0-OQ9
zo*XzwFF5G~qqjpjoV%^6v=qak&yW4V*pDZmu!k>6W5OYfw3Gt63&)5Fz^3!ZYGnmL
z@*s61H%-X@43`Q-Qw+dT`cRS)7XrG08Q|dvZ)_=eSd&@hFko#V3k7YxhzmG?dX#Ms
zJHtYNb_jD`h)*v1Uct_fkW7u)UnVPDDXSmAiVsSlLEP*(0&tJ>Ht?tSlGp}8@r`uo
zypB?_!aXqhA$l0Aa4T{b=E8ob%UuQr;H&{^0A!|B51L$wQ4FT>c_I{8*x2w1M0hvn
z+2n;`l~WEPg{&`OGt*E~z%sqn9qe-I^HV$yI8{&5zYxdf^VY*?_P!(WzG_(2N*(i4
z_0m$Lpk3$~t+J{)Kpu1-$#5Hp7L1clw(2rCT>}u=T9#BKimXOPqn;>*)={QTUVnp7
z?rZ#6k00kiOxbL|Xh5HEp_WEHP}syL6vLHgB0-X2+t4cb{VC;(EGY&=eFIxJ0k++^
z0qpSL5qJkh7imuF`Bb2d2**!oMes6}yJxFKPE-(;X?u+KjRIrVV2Y>7%jZ>lF^gxK
zd0AZVBP_!r)j$GT17KXB7dEn?INDoW*Ae*`J8yk~S&$oDB}1W|2A7hB?C*+aOHstG
zd=L09=>&+V8(iD~r37hN$%<6S9o(Q=mqR$z+)-f(DXB*KC)oX1`IxOlu9X|T$Y5j=
z1(~(cZoqNN(NUGB9b3XnPa{7N;-%809)l64XASWPM{&I_M>9G|-d5U=2z@rOqd>Wo
z)7y@)A3_m*M20;Zi3nD+71&#fJXhzl(-c19*YVgP13yW5aswhhwnv+a9VoL=5KllE
z6(Kn&o$r&9(5c@?h@S?xEe+V4%QX_-Ed3aWzM6|4kyhchZ{qO-vl8o(i>r^-v&~GF
zW;rS=sFETxkU$6lor%Q}F931~rv!%As{t$%!VjRYsrDMVMrXPg<aq}t#*Z(6_1G;o
zPUaw+;qaoi3O;Edb`PdRAU~<*zW>7wL$?JhAjf));}fJyaNds_SPNE!K<yg|fgZmB
zow?LH`o<HByl=~Ce#BxT%O^XYDd&VO?4YkR2i-~p-TwpcT);Bb513%katwhYfr5@3
zqD#^9Su^heT?b)1`Jjm91%;@OHg%0W4~l?l0Dk#@0a1({*f9|YJW=+nkYFa93{Aj3
z3cJd_Z?N4o9XOq=jM(K>D;uf7-u!HKIItoK$*mi4vxDq)PFhXbSzAD#(9tLzYG0oC
z7w!_;VACmI5dr>ykwjKc%Z?X>196Azt1YO{ByXym-(ruh2(@l5mNoi6_CgMj3S&At
zWzbtzL2f1fOd#hQ_ls1pBDc22xff(GJVt3o<WKw=JTFBf_ioe!9<@<hE&^b&pnT#4
zN2vH5z)?+L#hq`plbkX+=Mat+{LvCq1u;y;rjZyZQ)otgri4Z#<(MydfmLyJz!XLA
zg;<d;5Vi`w48a$z3(~MptQZQunTtD>Plo2Sbt?}E*^W^Na8L(sGr^;0SRT0qX(Mbl
z0?1JuA)|r+H?bm5+h#7|Pas*5S|Kt>3awTt_Hu0+=!v+#2kd$s>g<KQ<dcpNX<O76
z)#H8x+^XS-2wFMyjol&sog7qBeK_tUzNa!8_S|H9^57;>Y3!r0f9Ii&#Snt_L3bD@
z+&#K%dxW?c(kK&K_bnMiv7G77Wwx_b10+}xcyrdmQ+EIw9Um^+IBu8%qQDGG)v@r=
zT_7x03VBnJkqHXXA*Gu?8;>B)=yMFI_?MU)qi2vo%2kF4EmRpiCYqBo&JL+?@kvfg
z_0(w9C4yG;zi<4|)w9*j{qoKA43h70AbVrl`8|+wXZz&Yl|jInOgXVE`709@T2Bc+
zloj=uDd^N$vmz)-obzU4Jg5;e@ImMZ#pl>H6La3eXYESC1~M8Y9kx^Xl-@5%*$Tu6
zHhmq`ltIU2>tvxxRJmt$_&x{oNs#4vJsm&^T_>EulDSP4@KnCB#i^BL;Ck7V%l8In
ztW+Om3K0nC0NGg}&{i+-kca4-4(D^wFe9;05}MHa9d}`fU#Diy{7vM6Tj@CDgB~I^
zugFlQ>iFCu#5zo7^RaBms=|L;?052r%%lX>y@fs}6AHGz14ra%qJ9d;8&##cYHR~-
zokUCk7ViIoJC8Aq3>=0SV1~2FMAIthnV1LI@i_k2Fi+iEoHbGEDu}kyu$~FP(cmj{
z1q$)!$W_LXoJQ6<VYz1*d>ZYYxiVrg*<F#T&uCMmw5h3CJUr2g<kPvBN+b`r&Zc=u
zfs@;+NfnN)8)wNxr7?~sW0}~g9CZQ{hkQ%Tj=u@uUNx~mHy7_asG^RXrXFFVQe*o|
z60-}EINvxNv&d|im5s5U99<=*k2@X@a+vCE^6B$`)0%mjMQUaN!y=fvR^j%M*RRZg
zi{kAK)t8OorVP_|OYI$&5mL>KP!61`6kh~k8e}f<8!@}!0V!B9wnSU#=_v3IK0~M@
zQ;(|5AfA9X8pNutw0y60+<W-DfIkBi1_I&`7Be1Q8A8s1DR*`wgogJQYD{0kHHK_)
zZWb90PQ8?Uz?r`P2s-%~=7&Sj28~0cq&C&6-$(6lkFcOS@ClZ5aw!yk)8h3sY6DgV
z-ciB<y(?nVfs@*k`E1Ch;5T0l&XfSQ)L-V}N;_(u@Y1#xAAo;?T@En`qN<w%H?Y)s
zV~dqwfV@b}OPYce$zeYCT~hS|b;Y5<af_NijpNISb1!kO1&}{mti^IY6F)50%XKjB
zhvofGH}CJohsE99Vs*c~UW=Q%{969ztyrvn5r1E<u7K`nz5#y3>8ML5(S$2iHYQCO
zL~~LZaOwa}E}4oNB6|w4V9fjF{k!V|tiF1&T)n+pu714!`FeF<h@Y?T-uwhwE`C_P
zTi*XdA@p{6zq(%Y>jMif<92Ze4txJ@aVKuy-`(D<uesXtZDE5q3!r}wn`*jspqm-)
z3a8-$p0lR68tFM5xQ6J$M=1Uh;%4(wo;ErMoCuE_;95IEc4tZ*+hhiHf6q$O*!-gP
zw3+4D`|BJ&2b1EWcUo?ALzm}Eth@r~PdAVrECar3XxIrlLZ_XLTEa~h1kjL=3_7)K
zG_bEyT^8}SyO@k}<K*X)@qWQX0cZM+-VmW9<+eDFi1!v@%K_g&aCAF<K0g>eC*=c&
zGQnkyrj7kXfLtqExt-4NadmhlAiW&mdWCoE+3hnV6cAg!N<ad`GhMup^Fjkc<ID~8
z#&NafJ9Dh!u~y@)@o}R|)*K_ojQox6yfZUg%_jyI&)$g#t?<~5;eg#5Q|)z=&kjFA
zQ8s-qaY~4sU_`}hshiPqHIhv|c8T0j5j^uI2;Kr<@aFd5jg^DI!8k;MemsctGU6~@
zRu7skNo)W524sLYLU_5si{}jZZY~xj)&#UdKwjK=kqUK|6d!g--KXh#d|CMHbz5Me
z<<1zMg3_dOa@kHZSKw{6B0K@8BMoI&Dn3NdV^EKN2Z}q@cKB*Z8i=u3o1nWeo5oL}
zh_}2%*g@vYS1oWJ%opEZ>42cI!T8DSu@mA}G8&BRnF&tkqc>W*Cc6!ZoZDZE&=A*u
zjX;`Ul=LO0lWtKGqNhnw76yJMj6IXC8J{uXIp4`Pb+k>TYG_w@1u*04%;;R&mXIir
z>uAN4&ZD*Iw#-kC0h6IC$7Yp>sKx2rcysV%BOT~~7DzUYWPYDTV@4aJE*!wut1GOl
z=U#)O-xs&H@W}F?uhE4xEdWG4_}3TmSNHHYQe_|SlHl+DGZz&8HHzspA<$|AS!1CM
zAHr0lNS%DGRZ}?u1p<<tL4Sj{lnNqq_Umu62z)e|@YU`Rf{9SocYRqWJr@^Oru$QT
zUm(lTAp8%Pg1U8TQytI?hy<YcQ4il8WMw<Mo5fsl2f*{kco9lXJu3h>0Sg<47gYST
zpOXd@r)N2CAj*)ja@$2Tvk%2MT&-?YdS!)fNP{L07tTOA8eAg=&#+cZZ$ACYFQ_I2
zo{snN-g4pIHI8S}kVD#Xhd0(74CylQ*8}|hCVnNoLC>RG*5BxHA0$=QGfl&%$X^H*
z7x+MY=koG<6cPFn1OhH!etaHiyzYD(O3)Z1DpDMgx_+~vX_=gi>_Q;RA%y#<UO9aS
z+<mpaegP`elFwo2PjL_b&KZiyMrx;TIN_y1{=icV{C}k1fq0YI)=EuO2tiJ?24V(|
j)@?@!IG_Yj7P{j%`~0*d@pX54uK9le=3+(TTr2<pLnw%@

diff --git a/createbom/licensestore/BSD-2-Clause.txt.gz b/createbom/licensestore/BSD-2-Clause.txt.gz
deleted file mode 100644
index 55fd2bdce7a2aca01edba42341b7cf5f46ab1050..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 721
zcmV;?0xta@iwFq)jca27142_oEix@bY+-eCWiE7hbO4o7-A~&v5P$byapDQ2tkZbh
zo*c(*ETwT~J1rIBAtV7TB{9kei2r_PQ$!ilroFUR-`(%)8tViuzp$=arWP_=x5LyD
z!rbG_Xzw3pIIl0@`lYSLn+UG&maZGBzP%wtwT+$T(cUhzbpupG10KN+Fu7%{+wgL0
zhiZI*J2&=I1kZMU05^tjx6Gt>jlHvV<pCn7#ugsivA6TwHt;yQC);2#KU6b*v<T95
z?%59aP`jbAerXCzeLH_A<l729N}9mky=kdkgLBI?!`RLhYV?5Bt$XsVH>ZP}(SC$I
zI}rfr5X@to(hbdTT9C2sD%-c?ijd3C8j$NGgf|W7u31pmUu1X%UdjK;fTO#{)l1(F
zb4b^N;nG(O-(hovzM9+7R^9X-bhu8~JTZW#Oe!>Jxi)*MIAC2Uxf2ObAU=ReIWSoq
zl-Q&OQkf-OX`p$6uenhoE{(*8Gpcd(jQ9r455TVq#kB^hKx~UlAQ+-6nj67&1R`fy
znTUK70RliS4P;^~42~HYc~bIu4dfcOT(J~?(pY4|9D<OwFuCViBN>H)DkE5#Q3XY*
z3aL4uEs_Y$GAgz_Ss^<z0^jl6fKF+a{n4e@{=s9+Q6!BsP689UOoZahcsuVE!{kt3
z7J)7}6TaYA9L-R5h>n<=|15C`n<SxIx<PN}|A+){!b-)rUNh#P%UBy>O2c6zW#WS-
znyZ~)T>pSf>X25cc?1bHG!P>MMulyx<5G(dn#c`Tsw|9<`2{-PV=Rg=imORTSLVSg
zCM4CtgZd0Y_z~<=j_=9`8j_+u0*#3=b23Jd4+AtO9wFzOOl)}0xK|@R%3f%GfwvOc
z4~SRVJw?tkSoSwURV0)r|JW#862uy4vJ+nRaTsr}#qoa<B4a7M#=ZIlZ1%<Q6a@eP
Dj*w30

diff --git a/createbom/licensestore/BSD-3-Clause.txt.gz b/createbom/licensestore/BSD-3-Clause.txt.gz
deleted file mode 100644
index eb4e7256d48e7d8e10be0f93ba302bab8ff474ce..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 37
mcmb2|=HS?O?05<Tvs18(uCcCjPGV_ss$NM&2?H|&3;+PqX$Zjp

diff --git a/createbom/licensestore/BSL-1.0.txt.gz b/createbom/licensestore/BSL-1.0.txt.gz
deleted file mode 100644
index b19cc1c53d40383123fa9d7aec42616e75a35164..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 781
zcmV+o1M>VIiwFp;j%s57142_wEio=IE_8Tw0CkeVZtFG>Mfd!QK~{Z$66C!u3Unu1
zbWBth4T?^hB`whwTS+uXDyjSRossP{K~X>plA3$x&LJ1x#{{)Mq<0f6l&-O3v~Um4
zHbmz~`2O&SyL>uMSoi&x)MfDF@$qNIwl)kd&NVJVXM^3J;TX)AY@5L$SPT9DO=rT<
zW{^CX@eC()MS&0a9nI+eHVF-w-zVcnHy*)2<4<Q&rp`jV<uYRnrfK|eLKmuQeKQSq
zOtT&}Z`i+u{h6f>)AZLdej<~*+jMu|D8>{qPOzuo+o{22>*A?5=XsHW+fT`6%>HE?
zTFi|T4iyKN=14cQ>n{%{^rDEZ4ekx&yjghn;m>%Tf&EuN;K<B{_8z6l*+}Q_ogcom
zAg+fgj4pPTl&tkg1bzA*;<W$6Hi>j3IrzT!?+E5s#x(8;VsOVU!RQmhh~UPr-g6jY
zg%BO?BcilKG{e%SpIS6yq%eDg`$2TR;OwFdmVh<$4P5L#1tFYGZ`@!*#s+#kdwX@p
zVK5C%fiY?L>uvu_3V$Pw-qJ(CH9?y3F%ta`=uh%#>}`z5sOdghgiktl(GiA-UHbEl
z&cTO)>;}_xZnXE8XJGb}<ifl0EkdxP4Tx)ga0Wf5&>$i+9w&3O_#!+Kk3Kx$Wvn^W
za;0B##X;1tRq|OBynwsB#{FFeFG8>7P6Jk`ywa~ASCCh)@SCWL4EXO`#p@cRVq&u`
z1;;Z{Ez4aYswY^Wu96x`u@M?gwFGK-wGzB0vkh0vHE#2TD20B_*h=V%JXcad4%=L5
zvD}rpg6&RiWz93tLYEv<6zE>vi)y8?8{hCsKVWw}1pbU0R<HB2oLesC_Em|ewT87U
z3$7?JjUg)zg{ZX>n3W=b0kYs2JztcZtuEzI<eU77&uWRKYW{!84KHgxA7O%}thCCP
z8ly_3KdN5@rf0blHMLqPxygXoA_aNVReY(1tY+?C(_jhhcQyYoWChPl^r}hxx%lB9
L=S0QoIRyX!E1H4i

diff --git a/createbom/licensestore/BlueOak-1.0.0.md.gz b/createbom/licensestore/BlueOak-1.0.0.md.gz
deleted file mode 100644
index 377124c23060a783303b94389c4baa77c433eb33..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 758
zcmV<S0tx*eiwFpTF$-h>143+dWlv#iEio=IE-)@_WB|QXO^?(t487-9SlR=ys%92(
zLkMX>dsqpU6<Q%7#34=HHkvf95_h`&_c-YX)8)=BGqs<epPzjNpWJ}(O`qT^Rp{W0
zHRvNM^#en+<l*h%=5V9b)fGGrp{MleskIT@90-j)V+1^7n8+jO2;E>>=rMFQW&|b}
zDV$)m+$v7Fk!l`w$k75BZRxOpv9%7N55#EL`UVVn4z?VaLR592PKxT%I?K}`GrBbf
zd)D3vse2C;Dh#PyK!ZXH_=0Ew6Ai*GGUz5CrZ~${g~4Gw06et_`3+R>5+M;SiCdu3
z*+#SU6xHB!tyV8^9eR2BDv_>ij!6}yW>|p^>gUS96GKH3KS?F&G)V({X)?65-!w7^
zr8Bqr&(w#}K4DOhROd2YP0rCc3-g)!Nm5%@>Q2ivE|gr^#Ec^pg-4#=3npsMWTe4W
zASz%Ot%zcM9VCAFdV&8cDzjFXDA9PP^gt|yqxvg?uozbO%|ByH&>%<9kYHpON>qYg
z2i^v=G0UEiHj0^cR)bp_SeaG}xmbX9aRC(S!1&Dn%vaL1{O~7HLw#tO`}qENEM+f9
zp9~G&Sa+b%9G8S+UWt!$TX)Z9NIP*~r)j1RWEQrzi@qYj7;JX)HoI1zbCl@R_0D27
zv;Vay^!xRdpI>i^b=Gh~?6aBF%DS9@^(g^sF+d-*?2OS4B4eMem(iz;EiB&Ms7g;F
zYt7lWGf#u!e4(Dohz}N9Mk;p3Rp_e-w(GF6n$a!W_b6}w9~?H%Kh*-`wC$oC5uCCt
z7b7fD8kXSF<<;JHE;0R%+u=~^fp%mQOu#dp_UB?XtsKNH^ZNSwHbSjKx?4#?r^lo|
zjbgODGZUAX!fY(mV#?fzd=1+3lqhefqR5xS?}(|q*d^whH}|v{tWJg%s7iNQJTB~=
os8gkgy{r^oT)_EgrCc#il@`HaBc92!9;7|>2kq>>hY$t;08`IvGynhq

diff --git a/createbom/licensestore/CC0-1.0.txt.gz b/createbom/licensestore/CC0-1.0.txt.gz
deleted file mode 100644
index 579708c83cc882847ea9afed890828ae8be1739e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2838
zcmV+x3+eP9iwFoik85K914BbFEio=IE_8Tw0Hs;mZrex_edkv+{IWK{D3jg60NFe#
zvYZHGOMxUOn8y~`vN|EzoNiKz{(eqXH7P2#bJ-mXVDVP>I(4cu@kTdxZ`8z<rK^Iv
zH4nPLRc?}GGWkut8vUm3E4<-@E|NsyzsYhsUe7*G)nsvZx0tW+cllwl#J$B_%~oo@
zSgWzR9e+|cv*n!{&#%?>Vk-APEEgYV*He~rJAF64RjcXp<7_frjnwsQwO-EN-m{#=
zjat8lu<OO-{%$&7pG2_wDa5jn@p`>j&ZmF9nB30jwdM4d4OzXPeHcA9HR@lna27C|
z-z=7QVm$sI&(+0v^<uWVP;bYp+3E=ycjG_V6!mGmT#o1K*;FJg;m`7VHh%}<Q+2<Z
zK6YZU<Y#9(m+I4E`KO48=3T4z)8+Jjemz~L62IAMayy>gt<>#o{C0LbTmPjXLS2vV
z#_wRva=N;|U6bmY<>HP-{Vz83`dLD6!zf8sjc!b7sz$l3`q28?1r*47XH=mNfo_&A
zH0pEfZOCobSgNIF=Uw}-b8Um4Mjf0la;4kGm8iK)7sXL!uG$)(n6FvU2C2jP=<UO<
zQM$_2(iG5(zjP<4%iL^jh3kze+~G>KwX0ZkMrG`LLf?dT6U^T&+j^*szYJIE(&%i*
z5}`H44|T!MF0ROQTsr8q6)GP_e!;y2X6~F1J6qFdFP&Ff<+{-u9gK*B7<KUpuU}jt
zKojE|Z7We3)WL?GYMiQ#FLec5;Hx)<t^RKL$qw;TUcAC<T9F{Ng$v|PEdeIm5TM4}
zP21S&LEg+_r_#gNy{XFDqG>(shp|b>EHv7!&Db5p?IN}}{B3qx(owgY0&isSo-ETF
zm`D*i*oITKHQFaoLK*NXE3_?Hsjapi#z-}6T8o@g9#T|5Znwu2FJun(dwi!TB2eZN
zHYA0n7JiW$Z*m*NHQWel>y04`f`aS8ZVLWbS4WCUsSYqZI0GEwByTApcoriSSZmSd
z6s69A!j=|gi&Es68J}4MsQY3>)k`s!gq8YuinXCgQ;a%Pq)d8OI(mZJHaCz&mBVHy
z5`FQDo^M-EPSZDe%gyk7w$v$GU69}#6h2Tnc~iI12i$!i36R@Ij_y+^pv`)zAzLN2
z_D$D(Y)=<+v&G8|XOXjlAS5^Pxx7Jj?!@#MCjJhN+dW$m(z6;t3edZ?$vPVml03Kc
z8{Q$F0ip7}{YXP?s=(K&6d{aoRiZ<1$PO1dO&yZoHN_>pcQM{>tuLu#(=IvYYeOZ-
z1&vF{4?C0C!2L{FC3C)uCsxpd)TC<fineOBw*`DE;F5G^U85?=rl^%|B3aTucsQuz
z{)M)J-^w;2LB2{vjXnBOxkF*{2kz`0EQQS!?4K|)>GhJ1(&&m}Mc1}M7;?N{@aRU4
zVLQ7HqZuDhSc81O8huyY2&0=-l{!aB?6oa4^`baLBB@h0CP8gCP()x%oimi^qeOUD
z8Qk4C0*nss2#f}AC+GSBrauY?^*NeoL-mKIt6Y<CtK*%<Nm*@OfdK)f|0T*|M|@L6
zB8_M&ZcGT#xvraZkiwKok`RY))`dQ%JPa8^+6rTf-r+oWT?H~N7V4WsS!gO9HFosX
z8yX4{qlRlVju{y*G@4@9MXfxp-XxYJNrBl$V7c~a!R**cu4UfzQ$ZT(Ux-hsslL2e
zUDz+CG9jqk)RwbFpxWEJANBGiom^CeJQ(I}wbeE@ZNojS7?B>d&j(X0#s_2fGZkKJ
zlN0!I1p|`wgV*&={eG#@!aTrXfqK${*xg=df)vO^FeL&fm!}cZ%8;bNELIG?+arek
z$nJ_Sv_u3#><V;yAca!h*VdB(U?H#nc=`I}bV9PJ_gM6_^{z(WsSny?T=MuME94y%
zZChoQr^2gO>P~y;dG-4BA1YE5?oN@^c`AU}nHZr}OrhB(?xI+1Sr<HR`G&|KkTz~R
zoO|>QnUzcH!P5+x$1fu9Q5m@}0`kt;t2f++dn!4>{(#&S+NTOM3Po2im7+rM-UN*L
ze9+D398W|G(IcO7@}3|ReM2Y$vdGho=GamE9eNsbc;;^CTm^Rhd!#;T+C@fcEoCMX
z5ycvZ0r4%{2r3Cg03N6+c(&_3O<IJI0(Wi}cy^pHgvbW{>YxX-EyXl1=+A)4rHMr-
z_Acv56LL>+5jSw}KxR@#H+b5Q&CudA%5NYZN;I=mipKpe>T#svki^}{#^`RQ(FB2r
zTGuUyo#8ZM*zm;R(c4z?^YT<L<||N-3kQ7Fz#bivZOcUFk$lz5ze<N=6Y{RO>F_xw
zows1&7UpmX94z7VrNt|eq+ob_wPjnXyp5~?y|A~rAmpP$Nu*GQMn?l1TSfvvl^w2F
zO*91sm2sfCYUP8Z1l@$*A$P3Waw8-G<I8sacWL)m-_pwg`$X!0j%d<sp$Za!aXu1A
zsq>y)3AvG?rqS0IVX42EAYtZ*eFQha^R49pPg@8a>%16{dN3k1@Iz#z(ki*Zi0f9k
zLERB`46-+Lh!JAZM{XgI44Dj`(VnoQoKtsg%mDlo=?keuz(oe==HJ*eG89?I{ishn
zJdeQ^@DUb++!OdTTntip<Oc?UZ)@3K@Yta5tIzJ(dDT~C9Jdk;uuE=#16<LOunhbM
zfAusWpIUK&IsX~qf`fW%GnAWAH*kETvo9mHLi!7VFy`Ey38#$FBh)Z)T!iU!3+@+*
z8b=r4Y8k9S5}3Eq@QD-P8+d}?NCb!RhfuQK_`T^9-SyZbNNn^MN+pu&5}jojSj|rd
zLd~k4+II{*=^1$MGdOK<ouA(#DhNO&tXkG__Soc!a2E`2?~b}?jxT7bN>N*tkgP3M
z2*g3|1WpER5&f<H^k9g~<}og-B4&^*_)2Yx-_Id%^8Bvw4Ctw6Kri_<&{NNWUh=D;
zr=A79<QGBj@phg3GU%x@&`U02I}z&9Ia1eMeO>1UMVPBoU+B;^SWc{)_e6{=4&ZrL
z4|la^yR=gn-A<%U)&JS1Ot44|oi)TSiNc?M%#{3upz%E&H%M<vFz{T`G%z)d`<~!%
zrU%vAwV3AX@a<B3uu&6LZeRKgx@U{1Xyz^aDK?Tk(F^#JiyiC)i5C+39iqZ#Yl7#z
z5)-2wtPQe?L%y**4cJNHZvIFwo!T||0dW65LflSE2$^tg0~;hKA4-qZ+!4g&a9dod
zH6vOiw>wju*A?xXOzrZX+Tmv+`%mO{^eh4m*9?!f1IIf8o{T3%J$G44hK~}p8O(l%
z_k0+fHiQ>89>g#!sAPo&?Drfw?t2IA31e*}Y{&%=Kc@g@##h~HB|(niOPO!m-VI1>
zfoI1v(|>ThcBYoaU|%G3CRo_viQd@465|JR;o9e><94)J3#!tA0|R;@o80M`QI5o5
zx!%C%jCa05GSweg<%WVwc$NVOu_>orP?!lww3up~WB|LF>~xHo4lK|lU>O;)f0;0h
z@~)Tk<i-&XET4h|<Te}RHjgD3l<ZRYkVC@}$qJ)~M<v}kUEJ<NGy<(nhcI$9H9VGz
z08U%+6Z>I@+;T3^Cy#NlJ3aW><FXM;xsh|u^e5eOo9@VhCy^ntiMCGUc%`BQg|rW-
zlywY1f1U!?hYss!RXhObR?lc!J_tDH1XW$-af{0OQ@99|lW+eG%myw4IZ~h+jZq$S
oEQ{J{?!~+ne0Lxw5Be!+i+RKMd?x1yW{b)H0POmYX@?sC0L2t|zyJUM

diff --git a/createbom/licensestore/ISC.txt.gz b/createbom/licensestore/ISC.txt.gz
deleted file mode 100644
index b14b8468df744cead52f4772f8cf9d35b1de0617..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 459
zcmV;+0W|&}iwFo;MC)S!14&auE_8Tw09BC7ZmTd5hWCDoQP(Kv85|gbC1X?DH0qKR
zr?J#x1Wv2GeaEC#dnAMz_%9zLYzZ>F_-XZwb$)pd>l)$&DZ+L21-!)hR=|54!<o)u
z8vn%w#;~R(oUX}3x`Y+hcut?g;^9mmhv~-V>oUjH!)Hhrpm+I<*92$pf%F%@_|pwu
zmtjhNEMQ*ZM;QG`X+xr$hv5`IJj>-vc)cW;Vj{@ge{Y<BNq;`gvmX`+6AW)}89VrO
z$CzsntghXW8w6pYGx|wXSiu9gG(P}W6=V_bU84<D!j_VY)&iFj$Yr>40xcYcYnZ_U
zH>B5Op|IazRm#2+>ae*)+etwcf84r;7ERgE$oE1D_snu}Eu2DYcN73h13sa0V4EEB
zhiQ)>1>Z}AnkKHE!FE^*E(^jnSh|7<_5B2-D7CWq*i#m1pyDk*WQ4o*XFN9CSxt=w
z4BB40OkW$_GO6tb+*_mq?s&G+-U!wf<U>L;nV8d6I-yloQ>imN6DT}LaX?if8JXVH
zP8$;T_S;YZH^Syd-Mj48TOeg9yeH;$Z#y809MhqppKtk=TK~WP-4|V-Q(?sd004Qd
B*Bk%<

diff --git a/createbom/licensestore/MIT.txt.gz b/createbom/licensestore/MIT.txt.gz
deleted file mode 100644
index 37744a6241720397968b18f574da303151dd507f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 651
zcmV;60(AW!iwFpUjcQ{615HU(09{gFZ<{a>fA^<2<*AiW_r5m=oW>epWJtTH>H`52
zJP{mWvnbzwcO+fcNs*B6?)UF5nXDkSjTyaREOzJXWRHD-hvpI9uBM*e;jNp8VXRN)
zow349C+od+BUlf;natq|$EhBJX(Q++W59LL^!0Q!5d;VIc!jf>JObPy)ONJv5o%~q
zh~Z@Dk;c0&T<Xc-a0|8fuCX=pLF=0NWX4bj((CMCJUoQnz^c3>R*#EFYwCg75vcdk
zf{P8kn*&V7hsid?5rG|>VQ$I8M|-d*dsiU%lHM~UojoQXpAno~YdiXyCDwU94A%D%
zw3et3bHJjf;<Cnwa(r_Wcry$P87%r<vVOW-X2|-P78>p=@>IF>?({W@^{ktx5hcxn
zX&tU?QT%0^KouJA+%UKcMQhyHT1w=<Gge`%KDggz$#OgH=mJ{3S)c=)Kd*Xk`Mw?o
zIGFpwP#4!*{}X2-c^~lbwjSW@rbX}nm`|v`6;P^8^~$vXSwf-Ji%diUD_-Jz6~U{l
zwrW=aPH3K2dr%wT`5u1AJc&U3EVL*~P@2iCNTtA<%;R*I$ov`Bh|3lJgJmWwB&`&X
z;GIf}lE^Zl<1Ie<TBfqvM{FajoH#d11BZg^O2)gCYbbWQP^Ccm1Zi`bZ#1fiOyt!Q
zs$vbq3qGLS@-!tW#&_smlRt=6vDfl>TftVPiNNAopfkQs#Z3xB#VMCr1PRahvsh3H
zSu~@un>%>j3M!Ev$6s7Yl~asZ<(0-~gei6P7y2qo5dqh-q=js>$|6SVM1)#M5SNP^
l3#}TyTm(nxy(`6ELP!Kpk*g#yMf@0k`U7}2iMcEU005g;K7{}P

diff --git a/createbom/licensestore/Unicode-DFS-2016.txt.gz b/createbom/licensestore/Unicode-DFS-2016.txt.gz
deleted file mode 100644
index 7a0140108eafec0c08087b4da0a943da8384fdad..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1219
zcmV;!1U&m6iwFqnk!oWA166KmV{c?-Eks6BEiy1MHZF8{bO4oAQEuZl5dGIF2Ki|g
z&^q1x?V>0kOLR<B7F|(F>QBX@EdsJ+Nb<VbuU?}^=rwwjo}_Om+i?Q~*a9&kiJUjX
zH*X&EM20F7KFK7UP%J}{XhFe4D#Su08GWQE$O4+lSZE58h_sqzPeCd?Pa8v->2^J}
z8_Ih_KUKr9@4wvL9goM!p|R_>G?TX5-mTmHOJ}#$FsX)J{j;}eJ1Wh_Hg>RWGschG
zNjB@rKY#q$Q&bEE&1`LYDw>jXyBUr}XC|JPs0?LNrYP4U{X!u=Zw__+LY*l}8Y)AZ
zwyxWwZMIaKZBbLP?Tp!(W|(->6-DYPiB%BE<bltvvmlP$bEuXpJdjFBWpj}}NpO*C
z{*;eAIhuaZ-W4ggH?J=@AABb14ghDKuzr5Ts<%=(u*9#qd{iOwt|$mYvCLfD$UC2G
zDrl;5e3`DW633)wgo?aOq>Hf+p-Li|NtNhvP3qUKO*}ax&J-yETjPR%emfuka`y4y
zSeH6W<uuO(GXQcuq`dC`)v?eA4oc<2JahFdQJK^l1<}|bY&f@_{{D+Teg6FE<Nc5K
z_vcpouGbXQHMvba+Si-zt0^a5Wc#7B&xgU3bZAP`xvu_4Y__5AlN%~sBGC3dv_`h4
z%5>)Wg|=PM0N<w#w85zBs_3>TYiOak7uuVyM?m{L6cB2&^$KEO-pR$B1zWOCHy539
zWYPES+7?`V*{%<)yMl%8-E!c~tFmuC5GLV_)So2&y*THQ018Sj4Rj7tc<E|(fPdcS
z9qmxHhk<zpyK9E>5wfliC6CH^xwbnyCURh><{-tPH@?Rl__S+FyW#)FQMNxk*S4>G
zDld)m`51Rd-y3uoQI@OOc<<NeA~?^U+clgT;4&YpcK7CF-c=;=Z*%Ax)L<M$*@8~g
z)wN%3$)BoXAcF&%&buu@SOp<mbm9{4Uq#ZigIxo4zc)qac%kBQ2=63-_YTn_!}I^k
zfVRE%+KaAx4fVbm!fO*I{w-7WC?gTkO`u8Y8=szJHdlE@*pdcGwt_==L9(J>WP+&|
zzb#Xt-89R^GM2(QK^W(3h=lQXE)mOx%m4~AV&geMN#X2fA<}S;*I+7RnZY_{GD{e9
z2GD?(K?(=R;~=GFo-P&NC`kn4PGmAmk!8GFM&C*!w|_;>OEkQT9fZUqZ_#r$KW5<7
zZRRSDM9SrlPx@3nibW_p;rWVyi^ejT#$v1s41{qY7e1Zd^iqT}h!GaaRD>CShp%eb
zGm>KkKEDVaguX<a-sx!`WLlxdl)z;kXH4BJRSSxhb`-%r{qdSWC|U%D0P{2#e6et$
z0scZZaNdoqS&CPm67dkr2a$y0at(Qz0-q|^rvTgtsdTpzHyP2&0RkftBO(jHv4$$J
z>cO1Bz#?#{?k0KP*2V8@vxi_=y$yRG#>e>z^gPPeclvLNowLp2O665s!>ql&;&H)d
zdN%AD4xlK%nr^T?TMY)L<ykyhI5|&z*Y4WEINZLdVKa!j>~h|Qu>Rz4{d>cAv9Nt-
hF^0#^4ue7F1HN|l+vsVh@qJtL<X;19T+j*$0060RS=;~s

diff --git a/createbom/licensestore/Unlicense.txt.gz b/createbom/licensestore/Unlicense.txt.gz
deleted file mode 100644
index 2d5f62c1c2912196fca665606dd06416284dda27..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 723
zcmV;^0xbO>iwFqrjcQ{6166KpX=7z>b7d}ccys`5R9%moI23*7S6ua(&b+Uxl{|^l
zSS1h{((F7sU?$#zNo~_A`|I~ylFoEiD<Of+Js<b@LUVSJaP`4jGQOkPTi?#($p+g|
zoci?B1WUmV)<o<$pC(FYOPBdHxR$zUG|oR{nef-i+gB=7wbSLA(>Qgm$9<`f=bYwf
zbG#cbZoosd!;sSyvd+a6+-Xk0vZr6tIavq20A=jWp|t>amij4-z>$e$e$jQ=$$1l?
z*7F;Gg=)A=cfrwy)|r7pe)1pRcJih1)0Gj~XpN8PM|t{t4lZ`CO>XiLu1rD>?eyZ^
zKX&OZxR-OH!TgN*l8Kqq8SJdRJjHD4-*-cu1))iHamTV|7=GhIya+z>12bl?xc^O^
zj+RFA?Vi}38fKUFx%_0k?OnRrctsob9A0kceJAcL(jTo)gj&Q*XX`@biY(4;Yhy$^
ziy&KM+<zp&b7DrCe%O%6w9J%YZk+!<<KP!=bak=eV$<x>m6f>r3mWE^?53a7%;Uyk
z#G5x4-%^-;he>!BJ&vl`N~)_(a}-*Vs%fvQuWBvV^g+~Ef5_>mnr(Gx2o+kC%`;US
z66G^}QRO<%<X?L&>zXP}YPT<xT<4_9RdHCW@-saFS5^%bYNr~IHWjhpok~gIHrY<<
z)fP+fqzctM=d@8x$($RI3fc?ZsMVnmn)V01uWAYTHE2s!ZZuTnPL|C>rb_IQ{E7wD
zTTv8?lsLe>uIWj_gm^0CjTQb^g;2Yk)?z0<vk{$D0O+OcZsfR?%ND2wu2rL|lG|TZ
zWuvjo(U5Mq_XT=Xwahc2Rn5I`bOm}&4v1<Y0j`uc7EYDkg^v<mA8PsLWi3SkuA0HW
z7vtbI7}IeIJX8ERFN1_X#qz7cr`F@FF#?~?DP8_}e4IUo*ZOE5rttFk=f7?ez7x6x
F007UKchdj>

diff --git a/createbom/licensestore/WTFPL.txt.gz b/createbom/licensestore/WTFPL.txt.gz
deleted file mode 100644
index 9e57dae5fdd3e640c372b3833ff48e29c67b0d4f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 314
zcmV-A0mc3wiwFq3k85K916Nc=P)sg#cys`jP|-@mFcf|7SDZ(MQHJ;^V%K&q=$f&%
zjy-10T^m`Fk*1UVy=i?AK?E;c$UQmtoXY{eE92O$k_y!-$Ffdeu;(>)Nf8i^O}%(!
zDMIH(nMe4g-pKXJ8r;p0QA7Gb4tMkUeH0<J=c`j~=W&zXP9RF5v9b+agu_EG^i%gW
z#D@H1SjjKsuGSD#k25)~yeA27(F83BBOz7qojMGj5V!~7m4<cDR;r^S8I4RuJ?s&_
z3o0kokm(81HiIVPXOl|P3DYXmLiy23oKE&57>U5Qrj5pj?+8Zd>6D31GLC*k@XzR~
ze7i1@6d6)pWUOMmD6!<*FmCp&cn$%wvf8pmJ$_BZHP6_RrO614-t!oHJK%lj{h#jf
MC*s~{ZsGv|00Lf_UH||9

diff --git a/createbom/licensestore/Zlib.txt.gz b/createbom/licensestore/Zlib.txt.gz
deleted file mode 100644
index f9c19c9ecfda58795346ed73132288aada6df1e5..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 488
zcmV<E0T=!siwFohkZWTA16pipVlH%ebO3FWF>l;3425_73T{b(tAVszI~AP*WayAB
z$RNwK%|;SkN;=p5^(F1=AwjyyC-U*VkGemRdU&9KxuA2m-#@_9hF+fGX>2iOpYYka
z$C(Ng9_#7_LC=funFbu-#+Q#&ZceaLow-%;c?0~t2$ljYKxv7DgVRRwxo#c6eTK|{
zXUtW*VuU&)_@?brphuW74iL%r5n)sbQyhHq6Bg%%3grn#;k5U)g21C5Um5J2`+<_E
z6yj`dCmXG1E1MW+w3BtdX}b<vnk-!K<S2*O2AdZ+C6quuf?qUI@Kv?TN$U^USW&~)
z{abLLQib|f6;^elAja(krS(5CRI4}ZBge?AsVgik54+?S=k7Xq)O!}1D8EYwsg<e(
ztFh9Mf(9Ec;8)nVUGE(Lgy_jY`MO`N!WH-7hq%VMLWBEpuX)GCbkv8pr4KDs3k^QJ
zWL_f<Q?fnky{TR*VBpZ~_ni`~+;pS;E~NAXm7}dg`Pg<Wir}wC%B^#sI{0QV^}cYE
zfN(~!MV2F&hF&yOjvFK|FIwi+Y76tRi&t=L+*>|Y+M^NwKLYpJ$RC#UAE5)bf1m{u
epH;!0$i?3N2JO9Ed|sEXX1l*c5T5y00{{S^c=2ce

diff --git a/createbom/licensestore/ring.LICENSE.txt.gz b/createbom/licensestore/ring.LICENSE.txt.gz
deleted file mode 100644
index 651640e65488a31ffb59549a77292d17d2ca088e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3341
zcmV+o4f66IiwFpmMC)S!19E9@XD&=hLq$$gMJ{xBbO6m-ZFAek5&n)}aicGmI1m-P
zd2y8KOdt}H&{Bj7fOa&UP6L8R5-|v{coD;Y-)HykK#-y>+f^sgIFSV6_ICGnpL?D=
zjf+}}dKuRu#lK3(xY~+&QQ{eXo2MB*EyP0BqG<5nTvXdU5u3DL;teUXG?95FE0N~(
zyHyoUnMjcoGs%OizVPZ-l_+IWtX49g$r;(hFYCCJ$4rQh35)01z&n`0=sGQO7+A_u
z_ARSdrum{rPS0eSKH`IUS**lWLC?c*WW!Wv20Rp1S~oFSp~>3uR+X;OEH25jcJyw7
zhMbFY;e~_qs@`U;%lQ65?nZFhIC2=z<whmIw$ePwni)-x=Low_lZIxCvy9yfnyTh;
zmzE`j7!>PmnJ$*Kc=OHc@6PeR@5NP_!hvvwboBY9ds(j1s-j5XG(5CnVZF7*s+gs7
ze2??l1>BjXRb8gjh8G!`s)~8Nq0E!7alR#6>!w^6h=!Am$Ml^RdoCp<m$E(GibWac
zwVc^vT^5fiuOn3r1rSe*M@g2F*7dwVl#;wq^R9RPnvd3Ni6kH;ln0DVQ7jx=bnA-H
zzmDEJfs3Sz`@nza4c(zQaYFolBAoG%UvehVtsjJ9h?N;R-koqpBY{zYGmbnrBwO#j
z=vD;ojT2yqk5RC<vppV+CPQz0!vnp$`;muPb_RrhO*Zb_U~r2k&XqUvq6eP-+Ka|+
z7^1qzV(bg|ojZ<1cuRJ=o?W?O<T+O(S6ur620oCz@ZKGG4$5=r1@0iSVZ;1{mj?bg
zbpJ7dJ-j1^&Yg2Zp73b%D@S(gM4^v~1H>0jMiIqv9r$-*<cH+Cn1n9oa3Y6BBZ=@i
zv@y<whXFb6;NKwf{4v?X08AYP4*4;5Z${pYJ07?+*5?6{AK=|dsK?mC3A~Ud^(PUH
z_Q@s}us<HV{EkXLB?P{(7jA$=+&OIcdVe{v_`6m@$;4En9|&^%walp_g@XcalBF%s
zJ`2gcRM887t~pgv1AHmX>sH(LeQ`~ls0x;fpWr8xwam8Mr_1;e^(bzNVv)&C5mWW5
zzSp*7Uqn>RrvFm{HuS@+Nzf0v8>U5F1BT#M3!w;YP~@r+i?Z6o8Fr|Y|7p@vVdK2W
zvSP!gP}QPr$aQMh!4mM6Hmgf(S=a08^5P=N;{HrN%B(<tRs97A&_{IiNo83oY{u2J
zoc){fwY^Z`!hBkaVw1P{3(O!StrED&-HpCabBb7sJ1;URu+8q!8l0zbZ3CrKTA3zi
zP%LP8_bnh1_5ehm(oDcyS_8N@gL?=%FY@zR0td5nTE^xjp`a5lO%dY;X(VU#`XX0F
z_5n*@)$z8{YafeQ6KA6JHSJ@~up(-=N{W1z68u+cd8B1*jr58tz=Hp%fHa3Cd?@2>
zyW&7C6iu!6741M@gg{F6&{Da<dr95#L)7y38e5^mPho&PYBxTrfU9t*Hy3hAguDrw
zoYO9vizJ36_zl?ZRAALes=_R;Rr#2RP~h}FLayPAg$l{5Dmzb#QvR%e=@;cf=TsFP
z?NQ{6>V$Kwj4UY$(`F&^W;I2TVVzMILjJyn3rKzk*lG6#0azjW20IAeP1VL<(h5>$
z8Wn)5y$!ni5_s|Ehc|D3c>Uv#=Et{hzuEox7updH770(z_rEObq9^|P0$-Nsb@t!W
z<V?V^x3mYp7TwajFN@z$&3z#pzz)Anp;od44e7%Q846^(`%-$Sv?u{+M@@0)$rM#q
zGUHmI<PWxBvcemBnlNjzd38ADH7)nkt$4SNyILnJG;Ss9OYPe0{(*Pg5MA=NB2rSy
zI@YX=_xK$)k`a8Vz1&tvm%$#H>2#TCr=44v6xfumWZ4(mnKw_J!K9tU7-uxn{-6B8
zq}mF-F)NaW7-wwOj@Xn!wG~<od@QSW`8Rx68|VgOs^Kqvu9bN9D8T@kjqVI-Zc7j6
zGOinxlIZqJT4~EIf8&&3o^=Lv+7BsCKIFv)(7GVAmwMz0?_4T{wE@-+AvF64N>Uj-
zsC8||w6QJ=^HOA>@Rar@Y)zZZrr&{?i?b7*hi}!6lE*8|esVDWgjeX~VCoYUEfyCj
zOS2QuX@4LofHVZy6x)i_jE?a@7VOjCPJ<BxE>mi{lDaDIKpKd{(dYIdx+*gt$5<8m
zcYTWJS>IMzQ5|c7-9qjXa?+N0$#1pKJ8W8kt4gn7@_X@_n0LUfAo&TnX|KOOiWRg8
zac`13s|plP`2;iClGIcFfra^eT^>k-j_kO4U<%t#8~A?%y%oRy%5vn@D;5OI?R&!g
z<sNK2#3-V}PZWi{(;T+A0&gDs5flRGl}q}>risYRQ7!T*A)@q!xOc$O2a}N#kd^yM
zaPNb7Q$R)|xkGGP$3@FwfIb_6Xi&nygTF^L%@G}gD3LmNI<m<|t9aaBTtwys51)`a
zr~4_Q@rPN0hl5Gr-jV;vOE|d-BQKgnuDJ32A*-d(4c>VJH~fjlKT$+>M-u%+KVMBC
zWhjr{IC6tva!>N*jK<#j?^$FGoCz%}<=h{0*vOe5Jdj<=2QSH<ylUkXrvM2YMBO)i
zC8;{`9+O?~z0hSpjN0<l<nNsaBfMIDbs(s0USZ)~3upKaW`<-&zmK{IJzYke!NILw
z0BZY};!@mKN4q;Ix9hrCl<^v}p##erYSHO#i4Pu%Mxn<kNchh@h~6cMbA~#8201#`
zqIAWJ*~}^c-f8{Y^3a-c_X2#=Kj8i??L0sJ#q6`g8VAf8zdI-D*a_oU47{)(XOJpB
zz-GK)u}Nn@B#ueF?#M|8*Z1;vG-=ALd}0II&!np=ND1;OU9KRW*v(khRT8g}Up^dz
znbt$4*|y~2yp&R(gRQ`+60jTI(n;TS9uZJuj;tWM!rbO#<dvCgyu{|lyFM@aCupvb
zXX;Fe4k3|=nU=uS9x=0NgH07}4hG-aA_yIB)odA8P_jdUYgs3Kn=Spsd-89z#nA{_
z2YRd>qF?tYBN=MdtEPts4p6=lu-J09wN==*I|mS;hbxXt{+`Hny`%ZdA|tg611Rig
zs#@%eno_Q?KUbYPc~#l!s6(Bu@YX&!ILWItJ60+hd8K8cgdo>bI=@&Ix^9K14?a3|
z%an~y`b@Lh-7>AfQ8JSFVgX8ox9T=Uyrz{R{H!SrS80!a)cLNeKbofBR%L>2nYMg@
z3z>KeYjM)%AV?MY7ZX1sC|c1;LRmL!kV&<C2P)vS$g?zOuBnZjJ(U0^?l$#*QW^La
z8t_Hc-=9nQb;a9PDZeM0?|&71?KY;}`YgdGKZ965yY=ef&+H^dixB#4igG4i?HPV$
z`Y)4nb$67iW-W^bJyaRt({`^mH<c6-1BQW^eTU6a*X6lFH|R+q&bDYwgp6PBQ|Q7C
zlDL)$^^Gd%(}GV3NqS**)hTExi}{)IrX&BckyP!G<yM^1#-h8AO`Y+Kye7M8zi=Tw
z!c#s0=O^v9`zf*Ff@z8ee*&_&r%{+}fI4c8@<%HaBTp2${Vau|u2r;jIHE|%)Mts3
z&r&30?IWV(OBD$-?~W+>qZNskBdm?SN|79qBOK!wDw5-Jg!R&aA~C#`55D!Lxwo$}
zS2EX{V%<!sU+JtpevH#Bo@P=2h}C%qZ|@x#Fp$e20o*dDFUvSzfKmu`jqv1^ib(Vp
zZ<0B_!JM&QYoMLJj>y%<vFE7{fd>6^cQ;I^b2FZZd-hz3jzsqVr9_E^=4cQ7867pr
z?%rdWyXW?9>GDvTBxii7Y@53-FHeltc)1(p-izHR_g>&e*_`ft(VcP&M&Xk?<=zY2
zDfhnqPWjlCa_>d1lzT6HrQCb5E9Kr-Un#5JiHvADxCy0;OZ0L{*Nt3uz;n}Nmvm)&
z*f;8rF_?T|=(!>$?QPd-C1raxyFke|Q@)D@OFv&{j~AUW7t^emUaaB@sCA+LSO9d!
z>NMezK4Ec9w023?-!|)9!aBejq1u#)I`ctp8|#orYLQnJkl@6i_K7b4u?k2Bf;$QI
zh?6s(WG3Ux(i$K<I6<c~3*bSbbjc3R%*R=Z@YM{={`jE7I*u@);uIERH!1KP)Ywp_
z)AmwVBT*%@%u;P`l%VlW30lmeM3PPsA8Krtns>I5q?I*q${bUw8`N2Wl<|yoylgIe
zk4dUaRa*y&<TIeES`tLDI@L!63bopBN}3*W6e<BybzPL*TkF<!y1ab`*lcbX>L-ms
zOb@8>{|=0>J7mz(VAWxON2m_B-X}?)Z9T{M812UX*c)F5n1xx>M^Mi)e@VkIcK;A~
zH@6WO&}ir$J&I<~w!0X|NMjx6LoHhELlu*tF5TGy6QQAPb>ZnKHnl54lxl}n3iXDr
XGlDH*b{yjF4`BWa+LesVjVAyAc}s|4

diff --git a/createbom/licensestore/webpki.LICENSE.txt.gz b/createbom/licensestore/webpki.LICENSE.txt.gz
deleted file mode 100644
index 5da686a854fa35ab341cf1ec1e8a6975d607f185..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 595
zcmV-Z0<8TXiwFqb9Ux=?19xR&aBFEUOi4pUPE$oLba-?CZBtEe+aMUe^DAEUv`KEe
zP1<EQ;*c20fedh?9$lL>OpdXDG|Ru=i_?!y+R0!)pRa-a?(CGHjo{P4hO>(nMxSh7
zKsvYxQ}DlRmjIW8>+Be952vxW0Y6*V`(f~BH$Ib3T$i^oT?YFZk`2fBgOJism*Acc
z3BG;#`W+U*wIk@GONTo`wg_@DIzK}4aEi8o4)FyXeed@8Y{&lI2k2c)!9AUly#|VY
zpU!Q_-T^TeGM&QYG4&aB0pI1PKPA{(n^R*c`*eZl(2jE}EcD`fY>^IanoG1#{>75+
zJuKG8rrG~>1RqJ?K24Kt1Go{|VaTzajabQ4476OC9aRjthOLqhe94w@LpAPifQlt#
z5N%8)m4+n_t)_efw5|bJiVDM-COd8_P;5;V;w4g0>_b?Tb+hDRJ+t^`TXVGdV1rzd
z4O3->Te{#iH;=RNiW|YSzC!^J64(P126UB0{?4>uP;<Jd8LXrtR6K&-vXaxfz_^N)
zra*zWl~hnlq1n#{#SjBax}ocwK|!XzZpp5qMoY9*SW7px$?;c8ZlIPrCx%8dG@yoN
zDh>|Q>H>BZ!)z)?rh?GYa49kxO^u>Cfne*JubC)WCdwIYq(We$;YuigDz3AmY)qbx
zoCQ%su&d%c?>q!dG5a%x<u`OzUHv=%{Gap5cY}@ZH^GJec4|Yq+;@lIkM4AYd_>=G
h3|_C^#tzRhZrn)z$GER~$#9l;<PVr*!d8?6002_rAEp2R