Integrate bitbake parser in package scan #1243

Signed-off-by: Chin Yeung Li <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

Author: chinyeungli

setup.cfg

@@ -77,6 +77,7 @@ install_requires =
     lxml >= 4.6.3, < 5.0.0
     MarkupSafe >= 1.0
     nltk >= 3.2, !=3.6, < 4.0
+    oelint_parser
     packageurl_python >= 0.9.0
     packaging > 20
     pdfminer.six >= 20200101

src/packagedcode/__init__.py

@@ -8,6 +8,7 @@
 #
 
 from packagedcode import about
+from packagedcode import bitbake
 from packagedcode import bower
 from packagedcode import build
 from packagedcode import cargo
@@ -45,6 +46,7 @@
     models.Axis2Mar,
 
     about.AboutPackage,
+    bitbake.BitbakePackage,
     npm.NpmPackage,
     phpcomposer.PHPComposerPackage,
     haxe.HaxePackage,

src/packagedcode/bitbake.py

@@ -0,0 +1,169 @@
+#
+# Copyright (c) 2020 nexB Inc. and others. All rights reserved.
+# http://nexb.com and https://github.com/nexB/scancode-toolkit/
+# The ScanCode software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode require an acknowledgment.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# When you publish or redistribute any data created with ScanCode or any ScanCode
+# derivative work, you must accompany this data with the following acknowledgment:
+#
+#  Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+#  ScanCode should be considered or used as legal advice. Consult an Attorney
+#  for any legal advice.
+#  ScanCode is a free software code scanning tool from nexB Inc. and others.
+#  Visit https://github.com/nexB/scancode-toolkit/ for support and download.
+
+from __future__ import absolute_import
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import logging
+
+import attr
+
+from commoncode import filetype
+from packagedcode import models
+
+from oelint_parser.cls_stash import Stash
+from oelint_parser.cls_item import Variable
+
+TRACE = False
+
+logger = logging.getLogger(__name__)
+
+if TRACE:
+    import sys
+    logging.basicConfig(stream=sys.stdout)
+    logger.setLevel(logging.DEBUG)
+
+@attr.s()
+class BitbakePackage(models.Package):
+    metafiles = ('*.bb',)
+    default_type = 'bitbake'
+
+    @classmethod
+    def recognize(cls, location):
+        yield parse(location)
+
+    @classmethod
+    def get_package_root(cls, manifest_resource, codebase):
+        return manifest_resource.parent(codebase)
+
+
+def is_bb_file(location):
+    return (filetype.is_file(location)
+            and location.lower().endswith(('.bb',)))
+
+def parse(location):
+    """
+    Return a Package object from an ABOUT file or None.
+    """
+    if not is_bb_file(location):
+        return
+
+    _stash = Stash()
+    # add any bitbake like file
+    _stash.AddFile(location)
+    
+    # Resolves proper cross file dependencies
+    _stash.Finalize()
+
+    # get all variables of the name PV from all files
+    package_dict = {}
+    for item in _stash.GetItemsFor():
+        try:
+            # Create a package dictionary with VarName as the key and
+            # VarValueStripped as the value
+            name = item.VarName
+            value = item.VarValueStripped
+            try:
+                if package_dict[name]:
+                    package_dict[name] += '\n' + value
+            except:
+                package_dict[name] = value
+        except:
+            # Continue to see if there is any VarName value until the end of
+            # the file
+            continue
+
+    return build_package(package_dict)
+
+
+def build_package(package_dict):
+    """
+    Return a Package built from `package_dict` obtained from the .bb files.
+    """
+    # Initialization
+    name = None
+    version = None
+    description = None
+    homepage_url = None
+    download_url = None
+    sha1 = None
+    md5 = None
+    sha256 = None
+    sha512 = None
+    declared_license = None
+    dependencies = None
+    if 'PN' in package_dict:
+        name = package_dict['PN']
+    if 'PV' in package_dict:
+        version = package_dict['PV']
+    if 'DESCRIPTION' in package_dict:
+        description = package_dict['DESCRIPTION']
+    if 'HOMEPAGE' in package_dict:
+        homepage_url = package_dict['HOMEPAGE']
+    if 'PREMIRRORS' in package_dict:
+        download_url = package_dict['PREMIRRORS']
+    #The item.VarName for SRC_URI[*] from the parser are SRC_URI
+    #Therefore, I cannot differentiate md5,sha1, or src file location reference
+    # Entered an issue ticket: https://github.com/priv-kweihmann/oelint-parser/issues/3
+    """
+    if 'SRC_URI[sha1sum]' in package_dict:
+        sha1 = package_dict['SRC_URI[sha1sum]']
+    if 'SRC_URI[md5sum]' in package_dict:
+        md5 = package_dict['SRC_URI[md5sum]']
+    if 'SRC_URI[sha256sum]' in package_dict:
+        sha256 = package_dict['SRC_URI[sha256sum]']
+    if 'SRC_URI[sha512sum]' in package_dict:
+        sha512 = package_dict['SRC_URI[sha512sum]']
+    """
+    if 'LICENSE' in package_dict:
+        declared_license = package_dict['LICENSE']
+    if 'DEPENDS' in package_dict:
+        if dependencies:
+            dependencies += '\n' + package_dict['DEPENDS']
+        else:
+            dependencies = package_dict['DEPENDS']
+    # There are some RDEPENDS_* fields such as "RDEPENDS_${PN}" which I need to
+    # check with the substring
+    for d in package_dict:
+        if 'RDEPENDS' in d:
+            if dependencies:
+                dependencies += '\n' + package_dict[d]
+            else:
+                dependencies = package_dict[d]
+
+    return BitbakePackage(
+        type='bitbake',
+        name=name,
+        version=version,
+        description=description,
+        homepage_url=homepage_url,
+        download_url=download_url,
+        sha1=sha1,
+        md5=md5,
+        sha256=sha256,
+        sha512=sha512,
+        declared_license=declared_license,
+        dependencies=dependencies
+    )

tests/packagedcode/data/bitbake/initramfs-live-install-testfs_1.0.bb

@@ -0,0 +1,16 @@
+SUMMARY = "Live image install script with a second rootfs/kernel"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+SRC_URI = "file://init-install-testfs.sh"
+
+RDEPENDS_${PN} = "grub parted e2fsprogs-mke2fs"
+
+S = "${WORKDIR}"
+
+do_install() {
+        install -m 0755 ${WORKDIR}/init-install-testfs.sh ${D}/install.sh
+}
+
+INHIBIT_DEFAULT_DEPS = "1"
+FILES_${PN} = " /install.sh "
+COMPATIBLE_HOST = "(i.86|x86_64).*-linux"

tests/packagedcode/data/bitbake/initramfs-live-install-testfs_1.0.bb-expected

@@ -0,0 +1,35 @@
+{
+  "type": "bitbake",
+  "namespace": null,
+  "name": null,
+  "version": null,
+  "qualifiers": {},
+  "subpath": null,
+  "primary_language": null,
+  "description": null,
+  "release_date": null,
+  "parties": [],
+  "keywords": [],
+  "homepage_url": null,
+  "download_url": null,
+  "size": null,
+  "sha1": null,
+  "md5": null,
+  "sha256": null,
+  "sha512": null,
+  "bug_tracking_url": null,
+  "code_view_url": null,
+  "vcs_url": null,
+  "copyright": null,
+  "license_expression": "mit",
+  "declared_license": "MIT",
+  "notice_text": null,
+  "root_path": null,
+  "dependencies": "grub parted e2fsprogs-mke2fs",
+  "contains_source_code": null,
+  "source_packages": [],
+  "purl": null,
+  "repository_homepage_url": null,
+  "repository_download_url": null,
+  "api_data_url": null
+}

tests/packagedcode/data/bitbake/netbase_6.1.bb

@@ -0,0 +1,20 @@
+SUMMARY = "Basic TCP/IP networking support"
+DESCRIPTION = "This package provides the necessary infrastructure for basic TCP/IP based networking"
+HOMEPAGE = "http://packages.debian.org/netbase"
+SECTION = "base"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
+PE = "1"
+
+SRC_URI = "${DEBIAN_MIRROR}/main/n/${BPN}/${BPN}_${PV}.tar.xz"
+
+SRC_URI[md5sum] = "e5871a3a5c8390557b8033cf19316a55"
+SRC_URI[sha256sum] = "084d743bd84d4d9380bac4c71c51e57406dce44f5a69289bb823c903e9b035d8"
+
+UPSTREAM_CHECK_URI = "${DEBIAN_MIRROR}/main/n/netbase/"
+do_install () {
+	install -d ${D}/${mandir}/man8 ${D}${sysconfdir}
+	install -m 0644 ${S}/etc/rpc ${D}${sysconfdir}/rpc
+	install -m 0644 ${S}/etc/protocols ${D}${sysconfdir}/protocols
+	install -m 0644 ${S}/etc/services ${D}${sysconfdir}/services
+}

tests/packagedcode/data/bitbake/netbase_6.1.bb-expected

@@ -0,0 +1,35 @@
+{
+  "type": "bitbake",
+  "namespace": null,
+  "name": null,
+  "version": null,
+  "qualifiers": {},
+  "subpath": null,
+  "primary_language": null,
+  "description": "This package provides the necessary infrastructure for basic TCP/IP based networking",
+  "release_date": null,
+  "parties": [],
+  "keywords": [],
+  "homepage_url": "http://packages.debian.org/netbase",
+  "download_url": null,
+  "size": null,
+  "sha1": null,
+  "md5": null,
+  "sha256": null,
+  "sha512": null,
+  "bug_tracking_url": null,
+  "code_view_url": null,
+  "vcs_url": null,
+  "copyright": null,
+  "license_expression": "gpl-2.0",
+  "declared_license": "GPLv2",
+  "notice_text": null,
+  "root_path": null,
+  "dependencies": null,
+  "contains_source_code": null,
+  "source_packages": [],
+  "purl": null,
+  "repository_homepage_url": null,
+  "repository_download_url": null,
+  "api_data_url": null
+}

tests/packagedcode/test_bitbake.py

@@ -0,0 +1,49 @@
+#
+# Copyright (c) 2020 nexB Inc. and others. All rights reserved.
+# http://nexb.com and https://github.com/nexB/scancode-toolkit/
+# The ScanCode software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode require an acknowledgment.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# When you publish or redistribute any data created with ScanCode or any ScanCode
+# derivative work, you must accompany this data with the following acknowledgment:
+#
+#  Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+#  OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+#  ScanCode should be considered or used as legal advice. Consult an Attorney
+#  for any legal advice.
+#  ScanCode is a free software code scanning tool from nexB Inc. and others.
+#  Visit https://github.com/nexB/scancode-toolkit/ for support and download.
+
+from __future__ import absolute_import
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import os.path
+
+from packagedcode import bitbake
+
+from packages_test_utils import PackageTester
+
+
+class TestBitbake(PackageTester):
+    test_data_dir = os.path.join(os.path.dirname(__file__), 'data')
+
+    def test_parse_bitbake(self):
+        test_file = self.get_test_loc('bitbake/netbase_6.1.bb')
+        package = bitbake.parse(test_file)
+        expected_loc = self.get_test_loc('bitbake/netbase_6.1.bb-expected')
+        self.check_package(package, expected_loc, regen=False)
+
+    def test_parse_bitbake_dependencies(self):
+        test_file = self.get_test_loc('bitbake/initramfs-live-install-testfs_1.0.bb')
+        package = bitbake.parse(test_file)
+        expected_loc = self.get_test_loc('bitbake/initramfs-live-install-testfs_1.0.bb-expected')
+        self.check_package(package, expected_loc, regen=False)