Hi Ben, here’s a simple shell script creating the Package Verification Code for a given directory:
https://github.com/sschuberth/spdx/blob/master/scripts/spdx_package_verification_code.sh And here’s some Ruby code (copied together, sorry if I’m missing some context): $package_verification_code = [] scan_results['files'].each do |file| next if file['type'] == 'directory' sha1 = file['sha1'] $package_verification_code << sha1 end $package_verification_code.sort! $package_verification_code = Digest::SHA1.hexdigest($package_verification_code.join) Regards, Sebastian From: [email protected] [mailto:[email protected]] On Behalf Of Ben Boyter Sent: Wednesday, February 7, 2018 6:29 AM To: spdx-tech <[email protected]> Subject: [spdx-tech] Hello, Seeking Clarrification of 2.1 Package Verification Code Hi All, First time using the lists for me, but I have been somewhat involved with SPDX for a while now. I am in the middle of implementing at SPDX 2.1 automated parser and am seeing come clarification of the Package Verification Code logic https://spdx.org/spdx-specification-21-web-version#h.2p2csry The algorithm as listed seems incomplete. I was wondering if there was an example implementation in something like Python or otherwise that can be used as a reference? If not can there be a better spec of is listed and I will be happy to build an implementation to work with. Hoping someone has one lying around. Ben
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
