1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
package builder2v1
import (
"fmt"
"github.com/spdx/tools-golang/spdx"
"github.com/spdx/tools-golang/utils"
)
// BuildPackageSection2_1 creates an SPDX Package (version 2.1), returning
// that package or error if any is encountered. Arguments:
// - packageName: name of package / directory
// - dirRoot: path to directory to be analyzed
// - pathsIgnore: slice of strings for filepaths to ignore
func BuildPackageSection2_1(packageName string, dirRoot string, pathsIgnore []string) (*spdx.Package2_1, error) {
// build the file section first, so we'll have it available
// for calculating the package verification code
filepaths, err := utils.GetAllFilePaths(dirRoot, pathsIgnore)
if err != nil {
return nil, err
}
files := []*spdx.File2_1{}
fileNumber := 0
for _, fp := range filepaths {
newFile, err := BuildFileSection2_1(fp, dirRoot, fileNumber)
if err != nil {
return nil, err
}
files = append(files, newFile)
fileNumber++
}
// get the verification code
code, err := utils.GetVerificationCode2_1(files, "")
if err != nil {
return nil, err
}
// now build the package section
pkg := &spdx.Package2_1{
PackageName: packageName,
PackageSPDXIdentifier: fmt.Sprintf("SPDXRef-Package-%s", packageName),
PackageDownloadLocation: "NOASSERTION",
FilesAnalyzed: true,
IsFilesAnalyzedTagPresent: true,
PackageVerificationCode: code,
PackageLicenseConcluded: "NOASSERTION",
PackageLicenseInfoFromFiles: []string{},
PackageLicenseDeclared: "NOASSERTION",
PackageCopyrightText: "NOASSERTION",
Files: files,
}
return pkg, nil
}
|
