Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix up a few filesAnalyzed issues #195

Merged
merged 5 commits into from
Oct 25, 2022
Merged

Fix up a few filesAnalyzed issues #195

merged 5 commits into from
Oct 25, 2022

Conversation

lhh
Copy link
Contributor

@lhh lhh commented Oct 19, 2021

No description provided.

@lhh
Copy link
Contributor Author

lhh commented Oct 19, 2021

Looks like circleci stuff on mac is broken. I'm not quite sure how to fix it.

pombredanne
pombredanne requested changes Oct 19, 2021
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent catch!
Thank you ++
Could I interest you in adding a unit test too to avoid regression?

@pombredanne
Copy link
Member

pombredanne commented Oct 19, 2021
edited
Loading

And sorry if I did update your branch by mistake with the latest. Let's pretend it was because of fat fingers.

@lhh
Copy link
Contributor Author

lhh commented Oct 20, 2021

Yes, of course. I'll add some tests.

@pombredanne
Copy link
Member

@lhh Thank you! you rock.

@lhh
Copy link
Contributor Author

lhh commented Oct 21, 2021

I am chasing possibly a bug in the RDF writer not handling multiple packages properly (particularly when one is filesAnalyzed = false), which is why that and the tag/value writer tests are not present yet. My apologies for the delay.

I'm out for a few days.

@dholth
Copy link
Contributor

dholth commented Nov 22, 2021

Should package_object["packageVerificationCode"] = self.package_verification_code( be optional or 'mandatory missing' per spec version 2.2 https://spdx.github.io/spdx-spec/package-information/#79-package-verification-code-field

@pombredanne
Copy link
Member

Should package_object["packageVerificationCode"] = self.package_verification_code( be optional or 'mandatory missing' per spec version 2.2 https://spdx.github.io/spdx-spec/package-information/#79-package-verification-code-field

@dholth this code is a source of troubles more often than not. We should make it optional in this library IMHO.

@armintaenzertng
Copy link
Collaborator

@lhh, do you still plan on updating this PR?

@lhh
Copy link
Contributor Author

lhh commented Oct 20, 2022

Ah, yes - my apologies. I'll address the above issues shortly.

@lhh lhh force-pushed the main branch 2 times, most recently from d4a1415 to 03788d4 Compare October 20, 2022 15:17
jasinner
jasinner previously approved these changes Oct 21, 2022
View reviewed changes
Copy link

@jasinner jasinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I verified this fixed the bug described in #193

@goneall please merge this.

@armintaenzertng
Copy link
Collaborator

@pombredanne you still have a blocker on this PR. As I don't want to dismiss your review, would you care to have a short look at it again?

pombredanne
pombredanne previously approved these changes Oct 21, 2022
View reviewed changes
nicoweidner
nicoweidner reviewed Oct 21, 2022
View reviewed changes
Copy link
Collaborator

@nicoweidner nicoweidner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left two minor questions. Thanks for the contribution!

tests/utils_test.py Outdated Show resolved Hide resolved
tests/utils_test.py Outdated Show resolved Hide resolved
@lhh lhh dismissed stale reviews from pombredanne and jasinner via 95ce7a3 October 21, 2022 13:59
@lhh
Fix filesAnalyzed handling when writing
15afc32 
When filesAnalyzed is False, several sections should be omitted
when writing rather than being presented as empty sets or "None".

SPDX 2.2, sec:
  3.8.3 - files analyzed specification
  3.9.3 - verification code
  3.14.3 - licenses from files

Without doing this, invalid SPDX documents are written and cannot be
parse by the parser.

Signed-off-by: Lon Hohberger <lhh@redhat.com>
@lhh
Fix handling of XML filesAnalyzed tag
654ece5 
xmltodict is used to generate a Python dictionary from
XML tags. Unfortunately, it does not transmogrify CDATA
"true" or "false" to their Python bool representation,
so we must do it ourselves.

Add this to the XML example for testing purposes.

Signed-off-by: Lon Hohberger <lhh@redhat.com>
@lhh
tests: Don't try to sort lists of dicts
d28bed6 
Reading in SPDX BOMs with multiple packages produces a list
of dictionaries, which cannot be sorted (throws a TypeError)

Signed-off-by: Lon Hohberger <lhh@redhat.com>
@lhh
tests: Add multiple-package test cases
5ca2de0 
When multiple packages are present, some may have
filesAnalyzed set to True, others set to False.

Make sure we test both cases.

Signed-off-by: Lon Hohberger <lhh@redhat.com>
@lhh
Make package verification code optional
2195eee 
The SPDX specification holds that the package verification code
is mandatory whenever files_analyzed is True or none (omitted),
however, for the purposes of this library, we make it optional
here.

Signed-off-by: Lon Hohberger <lhh@redhat.com>
nicoweidner
nicoweidner approved these changes Oct 21, 2022
View reviewed changes
Copy link
Collaborator

@nicoweidner nicoweidner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing my questions! I didn't look at the remaining code in detail, but two other reviewes already approved, so this should be good to merge

This was referenced Oct 24, 2022
Closed
Closed
@armintaenzertng armintaenzertng merged commit 5fb15bd into spdx:main Oct 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicoweidner nicoweidner nicoweidner approved these changes

@pombredanne pombredanne pombredanne left review comments

@jasinner jasinner jasinner left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@lhh @pombredanne @dholth @armintaenzertng @jasinner @nicoweidner