Skip to content

Commit

Permalink
Add Package Purpose field
Browse files Browse the repository at this point in the history 
- Add information about "package" in the information section
- Add metadata about Package Purpose

Fixes spdx#621

Signed-off-by: Nisha K <[email protected]>
  • Loading branch information
@nishakm
Nisha K authored and nishakm committed Apr 28, 2022
1 parent 8e2ed88 commit ba088fe
Showing 1 changed file with 70 additions and 0 deletions.
70 changes: 70 additions & 0 deletions chapters/package-information.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,25 @@
# 7 Package information section
In SPDX information is used to describe packages, representing the versioned components of an object that are part of a software distribution. Packages are an abstract concept that can be used to describe any object within a software distribution.

A Package describes any unit of content that can be associated with a distribution of software. Typically, a Package is composed of one or more files. An SPDX document should provide details about the individual files comprising a software distribution, using a Package object to represent each versioned object within a distribution. Each package is identified with a classification type to aid with processing of the object described by a package element. Packages are used for objects that contain versioning information, where File is used to represent objects without versioning information, i.e. underconstruction.html.

Any of the following non-limiting examples may be (but are not required to be) represented in SPDX as a Package:

```
a tarball, zip file or other archive
a directory or sub-directory
a separately distributed piece of software which another Package or File uses or depends upon (e.g., a Python package, a Go module, ...)
a container image, and/or each image layer within a container image
a collection of one or more sub-packages
a Git repository snapshot from a particular point in time
a open-source library, i.e. OpenSSL
a javascript file
a customer script file
a index,html file
a LICENSE file
a CHANGE log
a properties file
```

## 7.1 Package name field <a name="7.1"></a>

Expand Down Expand Up @@ -1417,6 +1438,55 @@ EXAMPLE 2 RDF: Property `spdx:attributionText` in class `spdx:Package`
</Package>
```

## 7.24 Package Purpose field <a name="7.24"></a>

### 7.24.1 Description

This field provides information about the purpose of the identified package. Package Purpose is intrinsic to how the package is being used rather than the content of the package. The options to populated this field are limited to:

`APPLICATION` if the package is a software application;
`FRAMEWORK` if the package is a software framework;
`LIBRARY` if the package is a software library;
`CONTAINER` if the package refers to a container image which can be used by a container runtime application;
`OPERATING-SYSTEM` if the package refers to an operating system;
`DEVICE` if the package refers to a chipset, processor, or electronic board;
`FIRMWARE` if the package provides low level control over a device's hardware;
`SOURCE` if the package is a collection of source files;
`ARCHIVE` if the package refers to an archived collection of files (.tar, .zip, etc);
`FILE` if the package is a single file which can be independently distributed (configuration file, statically linked binary, Kubernetes deployment, etc);
`INSTALL` if the package is used to install software on disk;
`OTHER` if the package doesn't fit into the above categories.

The metadata for the Package Purpose field is shown in Table 36.

**Table 36 — Metadata for the package purpose field**

| Attribute | Value |
| --------- | ----- |
| Required | No |
| Cardinality | 0..* |
| Format | `APPLICATION` \| `FRAMEWORK` \| `LIBRARY` \| `CONTAINER` \| `OPERATING-SYSTEM` \| `DEVICE` \| `FIRMWARE` \| `SOURCE` \| `ARCHIVE` \| `FILE` \| `INSTALL \| `OTHER` \|

### 7.24.2 Intent

This field is a reasonable estimate of the package usage from the producer and consumer perspective from which both parties can draw conclusions about the context in which the package exists.

### 7.24.3 Examples

EXAMPLE 1 Tag: `PackagePurpose:`

```text
PackagePurpose: FRAMEWORK
```

EXAMPLE 2 RDF: Property `spdx:purpose` in class `spdx:Package`

```text
<Package rdf:about="cluster-api">
<packagePurpose rdf:resource="packagePurpose_container" />
</Package>
```

[Bazaar]: http://bazaar.canonical.com/
[FSF]: http://www.fsf.org/
[Git]: https://git-scm.com/
Expand Down

0 comments on commit ba088fe

Please sign in to comment.