verification of tag-File fails because of used ID

[meretp]

I try to use tools-java to verify this file from tools-python. But when I execute the command

 java -jar target/tools-java-1.1.1-jar-with-dependencies.jar Verify ../tools-python/data/SPDXSimpleTag.tag

I get the the following error:

14:27:47.000 [main] ERROR org.spdx.storage.simple.InMemSpdxStore - Can not delete ID __anon__gnrtd12.  It is in use
Analysis exception processing SPDX file: Can not delete ID __anon__gnrtd12.  It is in use.

Since the error comes from InMemSpdxStore I decided to open the issue in this repo.

[goneall]

@meretp Thanks for providing the file and info. I was able to duplicate the problem.

It is a bug in the tag-value store.

In this line: https://github.com/spdx/spdx-java-tagvalue-store/blob/5872e08938ebeda4fde87412e521e5103173f5e3/src/main/java/org/spdx/tag/BuildDocument.java#L161

the relationship is created to the file itself when it should be the package which creates the extra reference - not to mention creating an incorrect relationship.

The reason we haven't hit this until now is that the artifactOf has been deprecated - replaced by contains relationship.

You can work around this by removing the artifactOf.

I'll transfer this to the tag/value store and create a PR for a fix.