def generate_spdx_package(self) -> Package: """Generates the SPDX package. Example of a SPDX package: PackageName: eduVPN DataFormat: SPDXRef-1 PackageSupplier: Organization: The Commons Conservancy eduVPN Programme PackageHomePage: https://eduvpn.org PackageLicenseDeclared: GPL-3.0+ PackageCopyrightText: 2017, The Commons Conservancy eduVPN Programme PackageSummary: <text>EduVPN is designed to allow users to connect securely and encrypted to the Internet from any standard device. </text> PackageComment: <text>The package includes the following libraries; see Relationship information. </text> Created: 2017-06-06T09:00:00Z PackageDownloadLocation: git://github.com/eduVPN/reponame PackageDownloadLocation: git+https://github.com/eduVPN/reponame.git PackageDownloadLocation: git+ssh://github.com/eduVPN/reponame.git Creator: Person: Jane Doe Returns: the corresponding package """ package = Package( name=determine_spdx_value(self.name), spdx_id=f"SPDXRef-{self.id}", download_location=determine_spdx_value(None), version=determine_spdx_value(self.version), file_name=determine_spdx_value(self.name), supplier=None, originator=Person(determine_spdx_value(self.author), determine_spdx_value(self.author_email)), ) package.check_sum = Algorithm("SHA1", str(NoAssert())) package.cr_text = NoAssert() package.homepage = determine_spdx_value(self.url) package.license_declared = License.from_identifier( str(determine_spdx_value(self.main_licence))) package.conc_lics = License.from_identifier( str(determine_spdx_value(self.licence))) package.summary = determine_spdx_value(self.description) package.description = NoAssert() files = self.get_spdx_files() if files: package.files_analyzed = True for file in files: package.add_file(file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(file.licence)))) _set_package_copyright(file, package) package.verif_code = determine_spdx_value( package.calc_verif_code()) else: # Has to generate a dummy file because of the following rule in SDK: # - Package must have at least one file dummy_file = SpdxFile(Path(UNKNOWN), self._package_info.root_dir, self.main_licence) package.verif_code = NoAssert() package.add_file(dummy_file.generate_spdx_file()) package.add_lics_from_file( License.from_identifier( str(determine_spdx_value(dummy_file.licence)))) return package
testfile2.type = FileType.SOURCE testfile2.comment = 'This is a test file.' testfile2.chk_sum = Algorithm('SHA1', 'bb154f28d1cf0646ae21bb0bec6c669a2b90e113') testfile2.conc_lics = License.from_identifier('Apache-2.0') testfile2.add_lics(License.from_identifier('Apache-2.0')) testfile2.copyright = NoAssert() # Package package = Package() package.name = 'TagWriteTest' package.version = '1.0' package.file_name = 'twt.jar' package.download_location = 'http://www.tagwritetest.test/download' package.homepage = SPDXNone() package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba' license_set = LicenseConjuction(License.from_identifier('Apache-2.0'), License.from_identifier('BSD-2-Clause')) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier('Apache-2.0')) package.add_lics_from_file(License.from_identifier('BSD-2-Clause')) package.cr_text = NoAssert() package.summary = 'Simple package.' package.description = 'Really simple package.' package.add_file(testfile1) package.add_file(testfile2) doc.package = package # An extracted license