From e17566f55307a2004d1da2c5b86316b166c0fda6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 28 Mar 2024 16:23:54 -1000 Subject: [PATCH 1/2] Fix `Created` field format in bill of materials MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When generating a Bill Of Materials, the SPDX specification for the [Created field] expect the date with format `YYYY-MM-DDThh:mm:ssZ`. The current implementation does the transformation to express the current time in UTC, but this has the side effect to add `+00:00` at the end of the date when formatting it. The resulting date `YYYY-MM-DDThh:mm:ss+00:00Z` does not match the SPDX specification and validation using the SPDX online tools fail because of this invalid format. Make sure to remove `tzinfo` from the date so that time zone information is not output when formatting the date, so that we can safely append a `Z` at the end to indicate UTC time-zone. Other formats for the time-zone (e.g. `+00:00`) is not allowed by the SPDX specification. Fixes: #918 [Created field]: https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#69-created-field Signed-off-by: Romain Tartière --- src/reuse/report.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/reuse/report.py b/src/reuse/report.py index 174dbd866..64ad03083 100644 --- a/src/reuse/report.py +++ b/src/reuse/report.py @@ -228,7 +228,7 @@ def bill_of_materials( out.write(f"Creator: Tool: reuse-{__version__}\n") now = datetime.datetime.now(tz=datetime.timezone.utc) - now = now.replace(microsecond=0) + now = now.replace(microsecond=0, tzinfo=None) out.write(f"Created: {now.isoformat()}Z\n") out.write( "CreatorComment: This document was created automatically" From 49ac6f4a7b27c718bf861d78832bc2ee65e07485 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 28 Mar 2024 16:56:26 -1000 Subject: [PATCH 2/2] Add test to ensure the date is properly formatted The format of the date is stricted than what is permitted by ISO 8601, so add a test with a basic pattern to make sure formatting is not broken again in the future. --- tests/test_report.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/test_report.py b/tests/test_report.py index 7fa0f6952..8ac9dff89 100644 --- a/tests/test_report.py +++ b/tests/test_report.py @@ -8,6 +8,7 @@ import os +import re import sys from importlib import import_module from textwrap import dedent @@ -451,7 +452,10 @@ def test_bill_of_materials(fake_repository, multiprocessing): project = Project.from_directory(fake_repository) report = ProjectReport.generate(project, multiprocessing=multiprocessing) # TODO: Actually do something - report.bill_of_materials() + bom = report.bill_of_materials() + created_re = re.compile(r"^Created: \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z$", + re.MULTILINE) + assert created_re.search(bom) is not None # REUSE-IgnoreEnd