[Question] About the parameter of writeToFile method and readFile method #66
Comments
|
@shi9qiu I'm quite happy to help support the use of this library in SW360.
There are 3 implementations of this interface, but they are in different Github repos - you can add them as dependencies to your project. The 3 implementations represent 3 different serialization formats for SPDX:
I've actually used this store for some very large files without issue - it does store everything in memory, however, so I'm sure there will be a limit. I have a prototype RDF graph database implementation for very large RDF graphs. I've thought about writing an SQL based store, but haven't found the need yet. |
|
@shi9qiu If you would like an example using this library with the above mentioned store, check out the SPDX Converter utility |
|
Thank you so much for your speedy reply! We will try it. |
|
Hello, @goneall |
|
And a sample RDF large file https://github.com/eclipse/sw360/files/5984378/SPDX2_linux-4.18.tar.xz_1535128294-spdx.rdf.zip |
|
I re-checked the library spdx-tools with function Verify and it used same function createSpdxDocument for making SpdxDocument. namnp@namnp:~/tools$ java -jar target/spdx-tools-2.2.6-SNAPSHOT-jar-with-dependencies.jar Verify SPDX2_linux-4.18.tar.xz_1535128294-spdx.rdf/SPDX2_linux-4.18.tar.xz_1535128294-spdx.rdf
--------Start verify: [SPDX2_linux-4.18.tar.xz_1535128294-spdx.rdf/SPDX2_linux-4.18.tar.xz_1535128294-spdx.rdf]
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console. Set system property 'log4j2.debug' to show Log4j2 internal initialization logging.
15:55:40.523 [main] ERROR org.spdx.rdfparser.license.ListedLicenses - I/O error opening Json TOC URL, using local TOC file
spdx.org
spdx.org
spdx.org
...
--------getSpecVersion: SPDX-2.1
--------getSpecName: /srv/fossology/repository/report
This SPDX Document is valid.So, I will re-check when using function with SW360. |
|
@nam-np Were you able to re-check with SW360? I'm working on a minor release for this library and would like to work in fixes for this if needed. |
|
@goneall @nam-np We got error again. But we found a root problem. |
|
@KoukiHama Thanks for the update - I left a comment in the SW360 issue. Let me know if you'd like any help migrating from the old SPDX tools library to this one (I've done it a few times). Since the issue is an incompatibility between the old library and this library, I'm going to close out this issue since I can't think of any way to resolve it without re-introducing a security vulnerability. If you disagree or know of a way to resolve it with a change to this issue, please add a comment. |
Hello,
My team is working on enhancing the functionalities of SW360 (https://github.com/eclipse/sw360) - a software component catalog application. We plan to replace the old library used in SW360 with this library. But we are facing some problems so I come here to see if I can get some help.
We are using
writeToFilemethod (https://github.com/spdx/Spdx-Java-Library/blob/master/src/main/java/org/spdx/library/Read.java#L124) andreadFilemethod (https://github.com/spdx/Spdx-Java-Library/blob/master/src/main/java/org/spdx/library/Write.java#L97) to implement the Import/Export functions of SW360. However, these methods need one parametermodelStore, but as we understand, this interface was not implemented yet.Ref:
Spdx-Java-Library/src/main/java/org/spdx/storage/ISerializableModelStore.java
Line 31 in 42fcd5b
Could you tell me if our understanding is correct or not?
Another question is, we found this message in the README.md:
The default storage interface is an in-memory Map which should be sufficient for light weight usage of the library.Does it mean we cannot use this library to read or write the large size file?
Thank you in advance!
The text was updated successfully, but these errors were encountered: