def get_layer_file_data_list(layer_obj):
'''Given a layer object return the SPDX list of file refs in the layer.
Return an empty string if the files are not analyzed'''
layer_lics = []
if layer_obj.files_analyzed:
layer_checksum = spdx_common.get_layer_checksum(layer_obj)
# some files are located in different places in the filesystem
# they would occur as duplicates in this list
# keep a list of previously printed file spdx-refs
file_refs = set()
# file data
for filedata in layer_obj.files:
# we use the layer checksum as the layer id
file_ref = spdx_common.get_file_spdxref(filedata, layer_checksum)
if file_ref not in file_refs:
layer_lics.append(spdx_common.get_file_spdxref(
filedata, layer_checksum))
file_refs.add(file_ref)
return layer_lics
def get_layer_files_list(layer_obj, template, timestamp):
"""Given a layer object and the SPDX template mapping, return a list
of SPDX dictionary representations for each file in the layer"""
file_dicts = []
file_refs = set()
for filedata in layer_obj.files:
# we do not know the layer's id so we will use the timestamp instead
file_ref = spdx_common.get_file_spdxref(filedata, timestamp)
if file_ref not in file_refs:
file_dicts.append(get_file_dict(filedata, template, timestamp))
file_refs.add(file_ref)
return file_dicts
def get_file_dict(filedata, template, layer_id):
'''''Given a FileData object and its SPDX template mapping, return a
SPDX JSON dictionary representation of the file. A layer_id is used to
distinguish copies of the same file occuring in different places in the
image'''
mapping = filedata.to_dict(template)
file_dict = {
'fileName':
mapping['FileName'],
'SPDXID':
spdx_common.get_file_spdxref(filedata, layer_id),
'checksums': [{
'algorithm':
spdx_common.get_file_checksum(filedata).split(': ')[0],
'checksumValue':
spdx_common.get_file_checksum(filedata).split(': ')[1]
}],
'licenseConcluded':
'NOASSERTION', # we don't provide this
'copyrightText':
'NOASSERTION' # we don't know this
}
# Some files may not have a fileType available
if mapping['FileType']:
file_dict['fileTypes'] = [mapping['FileType']]
if not filedata.licenses:
file_dict['licenseInfoInFiles'] = ['NONE']
else:
file_license_refs = []
for lic in spdx_common.get_file_licenses(filedata):
# Add the LicenseRef to the list instead of license expression
file_license_refs.append(spdx_common.get_license_ref(lic))
file_dict['licenseInfoInFiles'] = file_license_refs
# We only add this if there is a notice
file_notice = spdx_common.get_file_notice(filedata)
if file_notice:
file_dict['noticeText'] = file_notice
# We only add this if there is a comment
file_comment = spdx_common.get_file_comment(filedata)
if file_comment:
file_dict['comment'] = file_comment
# We only add this if there are contributors
file_contributors = get_file_contributors(filedata)
if file_contributors:
file_dict['fileContributors'] = file_contributors
return file_dict
def get_files_list(image_obj, template):
'''Given a image_obj object, and the SPDX template mapping, return a list
of SPDX dictionary representations for each file in each layer of the
image.'''
file_dicts = []
# use file refs to keep track of duplicate files that may be located
# in different places in the filesystem
file_refs = set()
for layer in image_obj.layers:
if layer.files_analyzed:
layer_checksum = spdx_common.get_layer_checksum(layer)
for filedata in layer.files:
# we use the layer checksum as the layer id
file_ref = spdx_common.get_file_spdxref(
filedata, layer_checksum)
if file_ref not in file_refs:
file_dicts.append(
get_file_dict(filedata, template, layer_checksum))
file_refs.add(file_ref)
return file_dicts
def get_layer_file_data_block(layer_obj, template):
'''Given a layer object and the template object, return the SPDX document
block with file data. Return an empty string if the files are not
analyzed'''
block = ''
if layer_obj.files_analyzed:
layer_checksum = spdx_common.get_layer_checksum(layer_obj)
# insert a blank line in the beginning
block += '\n'
# some files are located in different places in the filesystem
# they would occur as duplicates in this block
# keep a list of previously printed file spdx-refs
file_refs = set()
# file data
for filedata in layer_obj.files:
# we use the layer checksum as the layer id
file_ref = spdx_common.get_file_spdxref(filedata, layer_checksum)
if file_ref not in file_refs:
block += fhelpers.get_file_block(filedata, template,
layer_checksum) + '\n'
file_refs.add(file_ref)
return block
def get_file_block(filedata, template, layer_id):
'''Given a FileData object, and the SPDX template mapping, return a SPDX
document block for the file. The mapping should have only FileName and
FileType keys. A layer id is used to distinguish copies of the
same file occuring in different places in the image'''
block = ''
mapping = filedata.to_dict(template)
# File Name
block = block + 'FileName: {}'.format(mapping['FileName']) + '\n'
# SPDX ID
block = block + 'SPDXID: {}'.format(
spdx_common.get_file_spdxref(filedata, layer_id)) + '\n'
# File Type
block = block + 'FileType: {}'.format(mapping['FileType']) + '\n'
# File checksum
block = block + 'FileChecksum: {}'.format(
spdx_common.get_file_checksum(filedata)) + '\n'
# Concluded license - we won't provide this
block = block + 'LicenseConcluded: NOASSERTION' + '\n'
# License info in file
block = block + get_license_info_block(filedata)
# File copyright text - we don't know this
block = block + 'FileCopyrightText: NOASSERTION' + '\n'
# File comment - we add this only if there is a comment
comment = spdx_common.get_file_comment(filedata)
if comment:
block = block + 'FileComment: <text>\n' + comment + '</text>' + '\n'
# File Notice - we add this only if there is a notice
notice = spdx_common.get_file_notice(filedata)
if notice:
block = block + 'FileNotice: <text>\n' + notice + '</text>' + '\n'
# File Contributor - we add this only if there are contributors
contributors = get_file_contributor_block(filedata)
if contributors:
block = block + contributors
return block