How to migrate from 0.6.1 to 0.7.0

Below is a (non-exhaustive) overview of changes in the new release that might require adjustments during migration:

Changes concerning naming

• The class Algorithm was renamed to Checksum
• Checksum fields in File and Package were renamed from chk_sum/check_sum to checksum

Changes concerning repository structure

• The classes License, LicenseConjunction, LicenseDisjunction, ExtractedLicense were moved to a separate file license.py

  -> imports need to be adapted, e.g. from spdx.document import License to from spdx.license import License

• the function calc_verif_code was moved from package.py to utils.py

Changes concerning the data model

• Files are saved at document-level. To map a file belonging to a package you need to add a CONTAINS relationship, e.g. instead of adding the file to the package

package.add_file(file_entry)

add the file at document level and create a new CONTAINS relationship

doc.add_file(file_entry)
relationship = Relationship(package.spdx_id + " CONTAINS " + file_entry.spdx_id)
doc.add_relationship(relationship)

• Enums for ChecksumAlgorithm, FileTypes and RelationshipType were introduced.

  • To build a Checksum object you need to use a ChecksumAlgorithm object as identifier, e.g.

  from spdx.checksum import ChecksumAlgorithm
  from spdx.checksum import Checksum
  
  new_checksum = Checksum(identifier=ChecksumAlgorithm.SHA1, value="85ed0817af83a24ad8da68c2b5094de69833983c")
  

  • To build a file with valid file types use a FileType object

  from spdx.file import File
  from spdx.file import FileType
  
  file = File('./some/path/tofile')   
  file.spdx_id = 'SPDXRef-File'
  file.file_types = [FileType.OTHER]
  
  

Further examples on how to build a valid document can be found in the provided test files, e.g. tests/test_document.py.