* [ptxdist] [PATCH] spdx_sbom.py: correct creationInfo
@ 2025-06-03 14:45 Ralf Glaser
0 siblings, 0 replies; only message in thread
From: Ralf Glaser @ 2025-06-03 14:45 UTC (permalink / raw)
To: ptxdist; +Cc: Ralf Glaser
Use a timezone aware datetime object and correct "creators" information
as otherwise https://tools.spdx.org/app/validate/ will not recognize
the SPDX-SBOM as valid.
Signed-off-by: Ralf Glaser <glaser@iotmaxx.de>
---
scripts/report/spdx_sbom.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/report/spdx_sbom.py b/scripts/report/spdx_sbom.py
index 124e75614..1e3a36665 100644
--- a/scripts/report/spdx_sbom.py
+++ b/scripts/report/spdx_sbom.py
@@ -6,7 +6,7 @@
# see the README file.
#
-from datetime import datetime
+from datetime import datetime, timezone
from os import path
from shutil import copy
import hashlib
@@ -142,8 +142,8 @@ class SpdxSbomGenerator(SbomGenerator):
def build(self, data):
creationInfo = spdx.SPDXCreationInfo()
- creationInfo.created = datetime.now().isoformat()
- creationInfo.creators = [data['bsp']['vendor']]
+ creationInfo.created = datetime.now(timezone.utc).replace(microsecond=0).isoformat()
+ creationInfo.creators = [ f"Organization: {data['bsp']['vendor']}", f"Tool: ptxdist-{data['ptxdist']['version']}" ]
document = spdx.SPDXDocument()
document.creationInfo = creationInfo
document.name = data['bsp']['project']
--
2.49.0
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-06-03 14:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-03 14:45 [ptxdist] [PATCH] spdx_sbom.py: correct creationInfo Ralf Glaser
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox