scripts: zephyr_module: Move SPDX name normalization to writer.py

Since `writer.py` is the one writting the SPDX file, it should normalize the name field and not `walker.py` which generates the SBOM components. Signed-off-by: Thomas Gagneret <[email protected]>
zephyrproject-rtos · May 15, 2024 · afc19fe · afc19fe
1 parent 4dfcd6d
commit afc19fe
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 14 deletions.
diff --git a/scripts/west_commands/zspdx/walker.py b/scripts/west_commands/zspdx/walker.py
@@ -89,10 +89,6 @@ def _build_purl(self, url, version=None):
 
         return purl
 
-    def _normalize_module_name(self, module_name):
-        # Replace "_" by "-" since it's not allowed in spdx ID
-        return module_name.replace("_", "-")
-
     def _add_describe_relationship(self, doc, cfgpackage):
         # create DESCRIBES relationship data
         rd = RelationshipData()
@@ -285,8 +281,6 @@ def setupZephyrDocument(self, zephyr, modules):
                 log.err(f"cannot find module name in meta file; bailing")
                 return False
 
-            module_name = self._normalize_module_name(module_name)
-
             # set up zephyr sources package
             cfgPackageZephyrModule = PackageConfig()
             cfgPackageZephyrModule.name = module_name + "-sources"
@@ -351,8 +345,6 @@ def setupModulesDocument(self, modules):
                 log.err(f"cannot find module name in meta file; bailing")
                 return False
 
-            module_name = self._normalize_module_name(module_name)
-
             module_ext_ref = []
             if module_security:
                 module_ext_ref = module_security.get("external-references")

diff --git a/scripts/west_commands/zspdx/writer.py b/scripts/west_commands/zspdx/writer.py
@@ -17,20 +17,26 @@
 )
 PURL_REGEX = r"^pkg:.+(\/.+)?\/.+(@.+)?(\?.+)?(#.+)?$"
 
+def _normalize_spdx_name(name):
+    # Replace "_" by "-" since it's not allowed in spdx ID
+    return name.replace("_", "-")
+
 # Output tag-value SPDX 2.3 content for the given Relationship object.
 # Arguments:
 #   1) f: file handle for SPDX document
 #   2) rln: Relationship object being described
 def writeRelationshipSPDX(f, rln):
-    f.write(f"Relationship: {rln.refA} {rln.rlnType} {rln.refB}\n")
+    f.write(f"Relationship: {_normalize_spdx_name(rln.refA)} {rln.rlnType} {_normalize_spdx_name(rln.refB)}\n")
 
 # Output tag-value SPDX 2.3 content for the given File object.
 # Arguments:
 #   1) f: file handle for SPDX document
 #   2) bf: File object being described
 def writeFileSPDX(f, bf):
+    spdx_normalize_spdx_id = _normalize_spdx_name(bf.spdxID)
+
     f.write(f"""FileName: ./{bf.relpath}
-SPDXID: {bf.spdxID}
+SPDXID: {spdx_normalize_spdx_id}
 FileChecksum: SHA1: {bf.sha1}
 """)
     if bf.sha256 != "":
@@ -64,10 +70,13 @@ def generateDowloadUrl(url, revision):
 #   1) f: file handle for SPDX document
 #   2) pkg: Package object being described
 def writePackageSPDX(f, pkg):
-    f.write(f"""##### Package: {pkg.cfg.name}
+    spdx_normalized_name = _normalize_spdx_name(pkg.cfg.name)
+    spdx_normalize_spdx_id = _normalize_spdx_name(pkg.cfg.spdxID)
 
-PackageName: {pkg.cfg.name}
-SPDXID: {pkg.cfg.spdxID}
+    f.write(f"""##### Package: {spdx_normalized_name}
+
+PackageName: {spdx_normalized_name}
+SPDXID: {spdx_normalize_spdx_id}
 PackageLicenseConcluded: {pkg.concludedLicense}
 """)
     f.write(f"""PackageLicenseDeclared: {pkg.cfg.declaredLicense}
@@ -136,10 +145,12 @@ def writeOtherLicenseSPDX(f, lic):
 #   1) f: file handle for SPDX document
 #   2) doc: Document object being described
 def writeDocumentSPDX(f, doc):
+    spdx_normalized_name = _normalize_spdx_name(doc.cfg.name)
+
     f.write(f"""SPDXVersion: SPDX-2.3
 DataLicense: CC0-1.0
 SPDXID: SPDXRef-DOCUMENT
-DocumentName: {doc.cfg.name}
+DocumentName: {spdx_normalized_name}
 DocumentNamespace: {doc.cfg.namespace}
 Creator: Tool: Zephyr SPDX builder
 Created: {datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")}