Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Created field format in bill of materials #939

Closed
wants to merge 2 commits into from
Closed

Fix Created field format in bill of materials #939

wants to merge 2 commits into from

Conversation

smortex
Copy link
Contributor

@smortex smortex commented Mar 29, 2024

When generating a Bill Of Materials, the SPDX specification for the
Created field expect the date with format YYYY-MM-DDThh:mm:ssZ.

The current implementation does the transformation to express the
current time in UTC, but this has the side effect to add +00:00 at the
end of the date when formatting it. The resulting date
YYYY-MM-DDThh:mm:ss+00:00Z does not match the SPDX specification and
validation using the SPDX online tools fail because of this invalid
format.

Make sure to remove tzinfo from the date so that time zone information
is not output when formatting the date, so that we can safely append a
Z at the end to indicate UTC time-zone.

Other formats for the time-zone (e.g. +00:00) is not allowed by the
SPDX specification.

Fixes: #918

@smortex
Fix Created field format in bill of materials
e17566f 
When generating a Bill Of Materials, the SPDX specification for the
[Created field] expect the date with format `YYYY-MM-DDThh:mm:ssZ`.

The current implementation does the transformation to express the
current time in UTC, but this has the side effect to add `+00:00` at the
end of the date when formatting it.  The resulting date
`YYYY-MM-DDThh:mm:ss+00:00Z` does not match the SPDX specification and
validation using the SPDX online tools fail because of this invalid
format.

Make sure to remove `tzinfo` from the date so that time zone information
is not output when formatting the date, so that we can safely append a
`Z` at the end to indicate UTC time-zone.

Other formats for the time-zone (e.g. `+00:00`) is not allowed by the
SPDX specification.

Fixes: fsfe#918

[Created field]: https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#69-created-field

Signed-off-by: Romain Tartière <[email protected]>
@smortex smortex force-pushed the fix-bill-of-materials-crated-field-format branch from 87841b7 to e17566f Compare March 29, 2024 02:37
@smortex
Add test to ensure the date is properly formatted
49ac6f4 
The format of the date is stricted than what is permitted by ISO 8601,
so add a test with a basic pattern to make sure formatting is not broken
again in the future.
@smortex smortex force-pushed the fix-bill-of-materials-crated-field-format branch from 2872aa9 to 49ac6f4 Compare March 29, 2024 03:03
@smortex smortex marked this pull request as ready for review March 29, 2024 03:06
@carmenbianca
Copy link
Member

Ah, I hadn't spotted this PR before merging #952. I like your test, though. I will cherrypick it.

Thanks a lot for your contribution @smortex !

@carmenbianca carmenbianca mentioned this pull request Apr 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

reuse spdx time value not valid per SPDX spec or validator
2 participants
@smortex @carmenbianca