File python-lib4sbom.spec of Package python-lib4sbom
#
# spec file for package python-lib4sbom
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%{?sle15_python_module_pythons}
Name: python-lib4sbom
Version: 0.9.4
Release: 0
Summary: Library to ingest and generate SBOMs
License: Apache-2.0
URL: https://github.com/anthonyharrison/lib4sbom
Source0: https://github.com/anthonyharrison/lib4sbom/archive/v%{version}.tar.gz#/lib4sbom-%{version}.tar.gz
BuildRequires: fdupes
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module wheel}
# Test requirements
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module PyYAML}
BuildRequires: %{python_module defusedxml}
BuildRequires: %{python_module semantic_version}
BuildRequires: %{python_module fastjsonschema}
BuildRequires: %{python_module jsonschema}
BuildRequires: %{python_module xmlschema}
# end of Test requirements
Requires: python-PyYAML
Requires: python-defusedxml
Requires: python-semantic_version
Requires: python-fastjsonschema
Requires: python-jsonschema
Requires: python-xmlschema
BuildArch: noarch
%python_subpackages
%description
Lib4SBOM is a library to parse and generate Software Bill of Materials (SBOMs).
It supports SBOMs created in both SPDX and CycloneDX formats.
It has been developed on the assumption that having a generic abstraction of SBOM
regardless of the underlying format will be useful to developers.
The following facilities are provided:
* Generate SPDX SBOM in TagValue, JSON and YAML formats
* Generate CycloneDX SBOM in JSON format
* Parse SPDX SBOM in TagValue, JSON, YAML, XML and RDF formats
* Parse CycloneDX SBOM in JSON and XMLformat
* Create and manipulate a SBOM file object
* Create and manipulate a SBOM package object
* Create and manipulate a SBOM dependency relationship object
* Create and manipulate a Vulnerability object
* Create and manipulate a Software Service object
* Generated SBOM can be output to a file or to the console
%prep
%autosetup -p1 -n lib4sbom-%{version}
%build
%pyproject_wheel
%install
%pyproject_install
# Do not package test, examples and tools
%{python_expand #
rm -rf %buildroot/%{$python_sitelib}/examples
rm -rf %buildroot/%{$python_sitelib}/tools
rm -rf %buildroot/%{$python_sitelib}/test
}
%python_expand %fdupes %{buildroot}%{$python_sitelib}
%check
# Lot's of broken tests, so we ignore the output for now
# %%pytest test ||:
# At least runngin tests that are implemented
test_files="test/test_document.py"
test_files+=" test/test_file.py"
test_files+=" test/test_package.py"
test_files+=" test/test_parser.py"
test_files+=" test/test_relationship.py"
test_files+=" test/test_sbom.py"
# The setted checksum is not valid, so this test fails
donttest="test_set_checksum"
# The setted type is not valid, so this test fails
donttest+=" or test_set_type"
# Assert with different capitalization
donttest+=" or test_set_supplier or test_set_supplier or test_set_originator or test_set_downloadlocation or test_set_homepage or test_set_externalreference"
# Not implemented in test_parser.py
donttest+=" or test_get_type or test_get_files or test_get_packages or test_get_relationships"
%pytest $test_files -k "not ($donttest)"
%files %{python_files}
%license LICENSE
%doc README.md
%{python_sitelib}/lib4sbom
%{python_sitelib}/lib4sbom-%{version}*info
%changelog
