Closed kzantow closed 1 year ago
@kzantow I took a look at the sample file and the issue is due to 2 issues with the sample.spdx file:
LicenseRef-
Below is an example from the file:
FileName: file 2
SPDXID: SPDXRef-id 2
FileType: SOURCE
FileType: TEXT
FileChecksum: MD5: 3b3d84497fe614195e799aeafdd0740b
FileChecksum: SHA1: a518255d3dcf2c6f3fa8a4de15b6aafc77221b29
LicenseConcluded: Apache-2.0
LicenseInfoInFile: f1
LicenseInfoInFile: f2
LicenseInfoInFile: f3
LicenseComments: comments 2
FileCopyrightText: copy 2
ArtifactOfProjectName: name 2
ArtifactOfProjectHomePage: http://some-other-url.com/
ArtifactOfProjectURI: http://some-url.org/page-1/uri
ArtifactOfProjectName: name 4
ArtifactOfProjectHomePage: http://some-fourth.edu/
ArtifactOfProjectURI: http://some-fourth.edu/uri
FileComment: comment 2
FileNotice: notice 2
FileContributor: c1
FileContributor: c2
FileDependency: d1
FileDependency: d2
FileDependency: d3
FileDependency: d4
LicenseID: LGPL-3.0
ExtractedText: text 1
LicenseName: name 1
LicenseCrossReference: x1
LicenseCrossReference: x2
LicenseCrossReference: x3
LicenseComment: comment 1
in the above, all the lines inclusive of LicenseID
through LicenseComment
should be moved into a separate section and not included in the middle of the file properties.
Also, the LicenseID: LGPL-3.0
should be replaced with LicenseID: LicenseRef-LGPL-3.0
to be valid.
Note that the tag/value parser should do a better job of reporting this error.
I'll move the issue over to the tag/value parser to track this issue.
Thank you very much for the response @goneall -- I've had a hard time finding information about the overall Tag Value format (I see plenty of individual property examples in the SPDX docs, but nothing describing the actual TV format itself). Is there any way you could point me to some documentation for this?
@kzantow aside from the spec itself, there is a repo of examples which may be helpful.
While attempting to validate the attached SPDX Tag-Value file, it results in this error in the online validator:
This is difficult to understand what the problem is -- is it a parser issue or something wrong with the SPDX file?
sample.spdx.txt