* [ptxdist] [PATCH] spdx_sbom.py: correct creationInfo
@ 2025-06-03 14:45 Ralf Glaser
2025-06-30 16:14 ` [ptxdist] [APPLIED] " Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Ralf Glaser @ 2025-06-03 14:45 UTC (permalink / raw)
To: ptxdist; +Cc: Ralf Glaser
Use a timezone aware datetime object and correct "creators" information
as otherwise https://tools.spdx.org/app/validate/ will not recognize
the SPDX-SBOM as valid.
Signed-off-by: Ralf Glaser <glaser@iotmaxx.de>
---
scripts/report/spdx_sbom.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/report/spdx_sbom.py b/scripts/report/spdx_sbom.py
index 124e75614..1e3a36665 100644
--- a/scripts/report/spdx_sbom.py
+++ b/scripts/report/spdx_sbom.py
@@ -6,7 +6,7 @@
# see the README file.
#
-from datetime import datetime
+from datetime import datetime, timezone
from os import path
from shutil import copy
import hashlib
@@ -142,8 +142,8 @@ class SpdxSbomGenerator(SbomGenerator):
def build(self, data):
creationInfo = spdx.SPDXCreationInfo()
- creationInfo.created = datetime.now().isoformat()
- creationInfo.creators = [data['bsp']['vendor']]
+ creationInfo.created = datetime.now(timezone.utc).replace(microsecond=0).isoformat()
+ creationInfo.creators = [ f"Organization: {data['bsp']['vendor']}", f"Tool: ptxdist-{data['ptxdist']['version']}" ]
document = spdx.SPDXDocument()
document.creationInfo = creationInfo
document.name = data['bsp']['project']
--
2.49.0
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [APPLIED] spdx_sbom.py: correct creationInfo
2025-06-03 14:45 [ptxdist] [PATCH] spdx_sbom.py: correct creationInfo Ralf Glaser
@ 2025-06-30 16:14 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2025-06-30 16:14 UTC (permalink / raw)
To: ptxdist; +Cc: Ralf Glaser
Thanks, applied as 6c38ae66ad0c29ca95841f912c1d851e941d396d.
Michael
[sent from post-receive hook]
On Mon, 30 Jun 2025 18:14:41 +0200, Ralf Glaser <glaser@iotmaxx.de> wrote:
> Use a timezone aware datetime object and correct "creators" information
> as otherwise https://tools.spdx.org/app/validate/ will not recognize
> the SPDX-SBOM as valid.
>
> Signed-off-by: Ralf Glaser <glaser@iotmaxx.de>
> Message-Id: <20250603144728.30208-1-glaser@iotmaxx.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/scripts/report/spdx_sbom.py b/scripts/report/spdx_sbom.py
> index 124e756142d0..1e3a366659d6 100644
> --- a/scripts/report/spdx_sbom.py
> +++ b/scripts/report/spdx_sbom.py
> @@ -6,7 +6,7 @@
> # see the README file.
> #
>
> -from datetime import datetime
> +from datetime import datetime, timezone
> from os import path
> from shutil import copy
> import hashlib
> @@ -142,8 +142,8 @@ class SpdxSbomGenerator(SbomGenerator):
>
> def build(self, data):
> creationInfo = spdx.SPDXCreationInfo()
> - creationInfo.created = datetime.now().isoformat()
> - creationInfo.creators = [data['bsp']['vendor']]
> + creationInfo.created = datetime.now(timezone.utc).replace(microsecond=0).isoformat()
> + creationInfo.creators = [ f"Organization: {data['bsp']['vendor']}", f"Tool: ptxdist-{data['ptxdist']['version']}" ]
> document = spdx.SPDXDocument()
> document.creationInfo = creationInfo
> document.name = data['bsp']['project']
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-06-30 16:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-06-03 14:45 [ptxdist] [PATCH] spdx_sbom.py: correct creationInfo Ralf Glaser
2025-06-30 16:14 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox