automatic import of python-ossindex-lib

1 files changed, 233 insertions, 0 deletions

diff --git a/python-ossindex-lib.spec b/python-ossindex-lib.spec
new file mode 100644
index 0000000..0a5f6c2
--- /dev/null
+++ b/python-ossindex-lib.spec
@@ -0,0 +1,233 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-ossindex-lib
+Version:	1.1.1
+Release:	1
+Summary:	A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe.
+License:	Apache-2.0
+URL:		https://github.com/sonatype-nexus-community/ossindex-python
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/44/5c/ed269f7104c6330c4b56e27e1177066901da8f5c4010f7ccc7995a51be67/ossindex-lib-1.1.1.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-importlib-metadata
+Requires:	python3-packageurl-python
+Requires:	python3-PyYAML
+Requires:	python3-requests
+Requires:	python3-tinydb
+Requires:	python3-types-PyYAML
+Requires:	python3-types-requests
+Requires:	python3-types-setuptools
+
+%description
+This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/).
+This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies
+and assess them for vulnerabilities against the OSS Index, perhaps you should check out 
+[Jake](https://github.com/sonatype-nexus-community/jake).
+You can of course use this library in your own applications.
+## Installation
+Install from pypi.org as you would any other Python module:
+```
+pip install ossindex-lib
+```
+## Usage
+First create an instance of `OssIndex`, optionally enabling local caching
+```
+o = OssIndex()
+```
+Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask
+OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake)
+(which uses this library) and will do all the hard work for you!
+As a quick test, you could run:
+```
+o = OssIndex()
+results: List[OssIndexComponent] = o.get_component_report(packages=[
+    PackageURL.from_string(purl='pkg:pypi/pip@19.2.0')
+])
+for r in results:
+    print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities())))
+    v: Vulnerability
+    for v in r.get_vulnerabilities():
+        print('    - {}'.format(str(v)))
+```
+```
+pkg:pypi/pip@19.2.0: 1 known vulnerabilities
+    - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6>
+```
+## Logging
+This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as
+required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html).
+## Todos
+1. Support authentication against OSS Index
+## Python Support
+We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).
+However, some features may not be possible/present in older Python versions due to their lack of support.
+## Changelog
+See our [CHANGELOG](./CHANGELOG.md).
+## The Fine Print
+Remember:
+It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source
+community (read: you!)
+* Use this contribution at the risk tolerance that you have
+* Do NOT file Sonatype support tickets related to `ossindex-lib`
+* DO file issues here on GitHub, so that the community can pitch in
+Phew, that was easier than I thought. Last but not least of all - have fun!
+
+%package -n python3-ossindex-lib
+Summary:	A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe.
+Provides:	python-ossindex-lib
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-ossindex-lib
+This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/).
+This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies
+and assess them for vulnerabilities against the OSS Index, perhaps you should check out 
+[Jake](https://github.com/sonatype-nexus-community/jake).
+You can of course use this library in your own applications.
+## Installation
+Install from pypi.org as you would any other Python module:
+```
+pip install ossindex-lib
+```
+## Usage
+First create an instance of `OssIndex`, optionally enabling local caching
+```
+o = OssIndex()
+```
+Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask
+OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake)
+(which uses this library) and will do all the hard work for you!
+As a quick test, you could run:
+```
+o = OssIndex()
+results: List[OssIndexComponent] = o.get_component_report(packages=[
+    PackageURL.from_string(purl='pkg:pypi/pip@19.2.0')
+])
+for r in results:
+    print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities())))
+    v: Vulnerability
+    for v in r.get_vulnerabilities():
+        print('    - {}'.format(str(v)))
+```
+```
+pkg:pypi/pip@19.2.0: 1 known vulnerabilities
+    - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6>
+```
+## Logging
+This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as
+required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html).
+## Todos
+1. Support authentication against OSS Index
+## Python Support
+We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).
+However, some features may not be possible/present in older Python versions due to their lack of support.
+## Changelog
+See our [CHANGELOG](./CHANGELOG.md).
+## The Fine Print
+Remember:
+It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source
+community (read: you!)
+* Use this contribution at the risk tolerance that you have
+* Do NOT file Sonatype support tickets related to `ossindex-lib`
+* DO file issues here on GitHub, so that the community can pitch in
+Phew, that was easier than I thought. Last but not least of all - have fun!
+
+%package help
+Summary:	Development documents and examples for ossindex-lib
+Provides:	python3-ossindex-lib-doc
+%description help
+This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/).
+This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies
+and assess them for vulnerabilities against the OSS Index, perhaps you should check out 
+[Jake](https://github.com/sonatype-nexus-community/jake).
+You can of course use this library in your own applications.
+## Installation
+Install from pypi.org as you would any other Python module:
+```
+pip install ossindex-lib
+```
+## Usage
+First create an instance of `OssIndex`, optionally enabling local caching
+```
+o = OssIndex()
+```
+Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask
+OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake)
+(which uses this library) and will do all the hard work for you!
+As a quick test, you could run:
+```
+o = OssIndex()
+results: List[OssIndexComponent] = o.get_component_report(packages=[
+    PackageURL.from_string(purl='pkg:pypi/pip@19.2.0')
+])
+for r in results:
+    print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities())))
+    v: Vulnerability
+    for v in r.get_vulnerabilities():
+        print('    - {}'.format(str(v)))
+```
+```
+pkg:pypi/pip@19.2.0: 1 known vulnerabilities
+    - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6>
+```
+## Logging
+This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as
+required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html).
+## Todos
+1. Support authentication against OSS Index
+## Python Support
+We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/).
+However, some features may not be possible/present in older Python versions due to their lack of support.
+## Changelog
+See our [CHANGELOG](./CHANGELOG.md).
+## The Fine Print
+Remember:
+It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source
+community (read: you!)
+* Use this contribution at the risk tolerance that you have
+* Do NOT file Sonatype support tickets related to `ossindex-lib`
+* DO file issues here on GitHub, so that the community can pitch in
+Phew, that was easier than I thought. Last but not least of all - have fun!
+
+%prep
+%autosetup -n ossindex-lib-1.1.1
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-ossindex-lib -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 1.1.1-1
+- Package Spec generated