def generate_spdx_document(self) -> Document:
"""Generates the SPDX document.
Example of SPDX document section.
SPDXVersion: SPDX-2.1
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: mbed-targets
DocumentNamespace: http://spdx.org/spdxdocs/spdx-v2.1-3c4714e6-a7b1-4574-abb8-861149cbc590
Creator: Person: Anonymous ()
Creator: Organization: Anonymous ()
Creator: Tool: reuse-0.8.0
Created: 2020-01-20T17:53:41Z
CreatorComment: <text>
This document was created automatically using available reuse information consistent with REUSE.
</text>
Returns:
the corresponding document
"""
doc = Document()
doc.version = Version(1, 2)
doc.name = determine_spdx_value(self.document_name)
doc.namespace = determine_spdx_value(self.document_namespace)
doc.spdx_id = "SPDXRef-DOCUMENT"
doc.comment = determine_spdx_value(
"This document was created automatically using available information from python packages."
)
doc.data_license = License.from_identifier("CC0-1.0")
doc.creation_info.add_creator(Person(self.author, self.author_email))
if not self._is_dependency:
doc.creation_info.add_creator(
Organization(self.organisation, self.organisation_email))
doc.creation_info.add_creator(Tool(self.tool_name))
doc.creation_info.set_created_now()
if not self._is_dependency:
review = Review(
Person(
determine_spdx_value(self.reviewer),
determine_spdx_value(self.reviewer_email),
))
review.set_review_date_now()
doc.add_review(review)
# FIXME with current tooling and specification, only one package can
# be described in a file and hence, all dependencies are described
# in separate files. Find out what to do with dependencies when new
# tools are released as it is not entirely clear in the specification
doc.package = self.generate_spdx_package().generate_spdx_package()
for external_reference in self.external_refs:
doc.add_ext_document_reference(
external_reference.generate_external_reference())
return doc
import codecs
from spdx.writers.tagvalue import write_document, InvalidDocumentError
from spdx.parsers.loggers import ErrorMessages
from spdx.document import Document, License, LicenseConjunction, ExtractedLicense
from spdx.version import Version
from spdx.creationinfo import Person
from spdx.review import Review
from spdx.package import Package
from spdx.file import File, FileType
from spdx.checksum import Algorithm
from spdx.utils import SPDXNone, NoAssert, UnKnown
doc = Document()
doc.version = Version(1, 2)
doc.name = "Hello SPDX"
doc.spdx_id = "Test#SPDXRef-DOCUMENT"
doc.comment = "Example Document"
doc.namespace = "spdx"
doc.data_license = License.from_identifier("CC0-1.0")
doc.creation_info.add_creator(Person("Alice", "*****@*****.**"))
doc.creation_info.set_created_now()
review = Review(Person("Joe", None))
review.set_review_date_now()
review.comment = "Joe reviewed this document"
doc.add_review(review)
# File
testfile1 = File("TestFile1")
testfile1.type = FileType.BINARY
testfile1.spdx_id = "TestFilet#SPDXRef-FILE"
testfile1.comment = "This is a test file."
testfile1.chk_sum = Algorithm("SHA1", "c537c5d99eca5333f23491d47ededd083fefb7ad")