def add_package(package, parent=None):
""" Function to recursively add a package and it's deps"""
spdxpackage = SpdxPackage(name=package.package_name,
version=package.version)
spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}'
id_count[0] += 1
spdxpackage.homepage = SPDXNone()
spdxpackage.cr_text = NoAssert()
spdxpackage.download_location = UnKnown()
spdxpackage.files_analyzed = False
spdxpackage.conc_lics = NoAssert()
spdxpackage.license_declared = NoAssert()
spdxpackage.licenses_from_files = [NoAssert()]
# if we have a parent be sure to list the relationship
if parent != None:
spdxpackage.add_relationship(
Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF,
parent))
# go through the same process for depenedencies
for dep in package.dependencies:
add_package(dep, parent=spdxpackage)
# finally add it to the document
doc.add_package(spdxpackage)
testfile2 = File('TestFile2')
testfile2.type = FileType.SOURCE
testfile2.comment = 'This is a test file.'
testfile2.chk_sum = Algorithm('SHA1',
'bb154f28d1cf0646ae21bb0bec6c669a2b90e113')
testfile2.conc_lics = License.from_identifier('Apache-2.0')
testfile2.add_lics(License.from_identifier('Apache-2.0'))
testfile2.copyright = NoAssert()
# Package
package = Package()
package.name = 'TagWriteTest'
package.version = '1.0'
package.file_name = 'twt.jar'
package.download_location = 'http://www.tagwritetest.test/download'
package.homepage = SPDXNone()
package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba'
license_set = LicenseConjuction(License.from_identifier('Apache-2.0'),
License.from_identifier('BSD-2-Clause'))
package.conc_lics = license_set
package.license_declared = license_set
package.add_lics_from_file(License.from_identifier('Apache-2.0'))
package.add_lics_from_file(License.from_identifier('BSD-2-Clause'))
package.cr_text = NoAssert()
package.summary = 'Simple package.'
package.description = 'Really simple package.'
package.add_file(testfile1)
package.add_file(testfile2)
doc.package = package
testfile2 = File('TestFile2')
testfile2.type = FileType.SOURCE
testfile2.comment = 'This is a test file.'
testfile2.chk_sum = Algorithm('SHA1', 'bb154f28d1cf0646ae21bb0bec6c669a2b90e113')
testfile2.conc_lics = License.from_identifier('Apache-2.0')
testfile2.add_lics(License.from_identifier('Apache-2.0'))
testfile2.copyright = NoAssert()
# Package
package = Package()
package.name = 'TagWriteTest'
package.version = '1.0'
package.file_name = 'twt.jar'
package.download_location = 'http://www.tagwritetest.test/download'
package.homepage = SPDXNone()
package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba'
license_set = LicenseConjuction(License.from_identifier('Apache-2.0'),
License.from_identifier('BSD-2-Clause'))
package.conc_lics = license_set
package.license_declared = license_set
package.add_lics_from_file(License.from_identifier('Apache-2.0'))
package.add_lics_from_file(License.from_identifier('BSD-2-Clause'))
package.cr_text = NoAssert()
package.summary = 'Simple package.'
package.description = 'Really simple package.'
package.add_file(testfile1)
package.add_file(testfile2)
doc.package = package
