search

dl9pf / meta-spdxscanner

SPDX scanner support
MIT License
9 stars 10 forks source link

Modify Document and Package Info #20

Closed soimkim closed 4 years ago

soimkim commented 4 years ago
  1. Add DocumentName and DocumentNamespace
  2. Reorder PackageComment
soimkim commented 4 years ago

Changes of Document Information DocumentName and DocumentNamespace are Mendatory fields of SPDX-2.1. So I added it to the document information. And "DocumentComment" changed to "DocumentComment: " because ':' is missing.

AS-IS:

# Document Information

SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentComment<text>SPDX for busybox version 1.30.1</text>
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.</text>

TO-BE:

# Document Information

SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: busybox-1.30.1
DocumentNamespace: http://spdx.org/spdxdocs/SPDXRef-scancode-tk.bbclass in meta-spdxscanner-busybox_1.30.1
DocumentComment: <text>SPDX for busybox version 1.30.1</text>
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.</text>
soimkim commented 4 years ago

Change of Package information

Reason for reordering PackageComment: PackageCopyrightText is a </ text> that is written on multiple lines. In the current order, PackageComment will be included in PackageCopyrightText's . So I changed the insert function to call based on PackageDownloadLocation (the value is not multiple lines) instead of PackageCopyrightText.

AS-IS:

# Package

PackageName: busybox
PackageVersion: 1.30.1
PackageDownloadLocation: http://www.busybox.net/downloads/busybox-1.30.1.tar.bz2;name=tarball
PackageHomePage: http://www.busybox.net
PackageSummary: <text>Tiny versions of many common UNIX utilities in a single small executable</text>
PackageVerificationCode: 8acba8453ea506e73d4f95817631f67367fe35aa
PackageDescription: <text>busybox version 1.30.1</text>
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseInfoFromFiles: Artistic-2.0
PackageLicenseInfoFromFiles: BSD-3-Clause
PackageLicenseInfoFromFiles: BSD-4-Clause-UC
PackageCopyrightText: <text>(c) 1991 Linus Torvalds
PackageComment: <text>
ModificationRecord: true
</text>
(c) 1991, 1992 Linus Torvalds
(c) 1995 Erik Andersen <andersen@codepoet.org>
</text>

TO-BE:

# Package

PackageName: busybox
PackageVersion: 1.30.1
PackageDownloadLocation: http://www.busybox.net/downloads/busybox-1.30.1.tar.bz2;name=tarball
PackageHomePage: http://www.busybox.net
PackageSummary: <text>Tiny versions of many common UNIX utilities in a single small executable</text>
PackageComment: <text>
ModificationRecord: true
</text>
PackageVerificationCode: 0dc34750a0240338d9849b540380352c44aac976
PackageDescription: <text>busybox version 1.30.1</text>
PackageLicenseDeclared: NOASSERTION
PackageLicenseConcluded: NOASSERTION
PackageLicenseInfoFromFiles: Artistic-2.0
PackageLicenseInfoFromFiles: BSD-3-Clause
PackageLicenseInfoFromFiles: BSD-4-Clause-UC
PackageCopyrightText: <text>(c) 1991 Linus Torvalds
(c) 1991, 1992 Linus Torvalds
(c) 1995 Erik Andersen <andersen@codepoet.org>
</text>
leimaohui commented 4 years ago

Has been merged into http://git.yoctoproject.org/cgit/cgit.cgi/meta-spdxscanner/ .