scripts: zephyr_module: Move SPDX name normalization to writer.py
Since `writer.py` is the one writting the SPDX file, it should normalize
the name field and not `walker.py` which generates the SBOM components.
Signed-off-by: Thomas Gagneret <thomas.gagneret@hexploy.com>
diff --git a/scripts/west_commands/zspdx/walker.py b/scripts/west_commands/zspdx/walker.py
index e3389e0..eaa8c5d 100644
--- a/scripts/west_commands/zspdx/walker.py
+++ b/scripts/west_commands/zspdx/walker.py
@@ -89,10 +89,6 @@
return purl
- def _normalize_module_name(self, module_name):
- # Replace "_" by "-" since it's not allowed in spdx ID
- return module_name.replace("_", "-")
-
def _add_describe_relationship(self, doc, cfgpackage):
# create DESCRIBES relationship data
rd = RelationshipData()
@@ -285,8 +281,6 @@
log.err(f"cannot find module name in meta file; bailing")
return False
- module_name = self._normalize_module_name(module_name)
-
# set up zephyr sources package
cfgPackageZephyrModule = PackageConfig()
cfgPackageZephyrModule.name = module_name + "-sources"
@@ -351,8 +345,6 @@
log.err(f"cannot find module name in meta file; bailing")
return False
- module_name = self._normalize_module_name(module_name)
-
module_ext_ref = []
if module_security:
module_ext_ref = module_security.get("external-references")
diff --git a/scripts/west_commands/zspdx/writer.py b/scripts/west_commands/zspdx/writer.py
index 5fb032e..d1d77f7 100644
--- a/scripts/west_commands/zspdx/writer.py
+++ b/scripts/west_commands/zspdx/writer.py
@@ -17,20 +17,26 @@
)
PURL_REGEX = r"^pkg:.+(\/.+)?\/.+(@.+)?(\?.+)?(#.+)?$"
+def _normalize_spdx_name(name):
+ # Replace "_" by "-" since it's not allowed in spdx ID
+ return name.replace("_", "-")
+
# Output tag-value SPDX 2.3 content for the given Relationship object.
# Arguments:
# 1) f: file handle for SPDX document
# 2) rln: Relationship object being described
def writeRelationshipSPDX(f, rln):
- f.write(f"Relationship: {rln.refA} {rln.rlnType} {rln.refB}\n")
+ f.write(f"Relationship: {_normalize_spdx_name(rln.refA)} {rln.rlnType} {_normalize_spdx_name(rln.refB)}\n")
# Output tag-value SPDX 2.3 content for the given File object.
# Arguments:
# 1) f: file handle for SPDX document
# 2) bf: File object being described
def writeFileSPDX(f, bf):
+ spdx_normalize_spdx_id = _normalize_spdx_name(bf.spdxID)
+
f.write(f"""FileName: ./{bf.relpath}
-SPDXID: {bf.spdxID}
+SPDXID: {spdx_normalize_spdx_id}
FileChecksum: SHA1: {bf.sha1}
""")
if bf.sha256 != "":
@@ -64,10 +70,13 @@
# 1) f: file handle for SPDX document
# 2) pkg: Package object being described
def writePackageSPDX(f, pkg):
- f.write(f"""##### Package: {pkg.cfg.name}
+ spdx_normalized_name = _normalize_spdx_name(pkg.cfg.name)
+ spdx_normalize_spdx_id = _normalize_spdx_name(pkg.cfg.spdxID)
-PackageName: {pkg.cfg.name}
-SPDXID: {pkg.cfg.spdxID}
+ f.write(f"""##### Package: {spdx_normalized_name}
+
+PackageName: {spdx_normalized_name}
+SPDXID: {spdx_normalize_spdx_id}
PackageLicenseConcluded: {pkg.concludedLicense}
""")
f.write(f"""PackageLicenseDeclared: {pkg.cfg.declaredLicense}
@@ -136,10 +145,12 @@
# 1) f: file handle for SPDX document
# 2) doc: Document object being described
def writeDocumentSPDX(f, doc):
+ spdx_normalized_name = _normalize_spdx_name(doc.cfg.name)
+
f.write(f"""SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
-DocumentName: {doc.cfg.name}
+DocumentName: {spdx_normalized_name}
DocumentNamespace: {doc.cfg.namespace}
Creator: Tool: Zephyr SPDX builder
Created: {datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")}
