Started by an SCM change Started by user Helio Chissini de Castro Rebuilds build #170 Running as Helio Chissini de Castro Obtained Jenkinsfile from git https://github.com/eclipse/sw360.website.git [Pipeline] Start of Pipeline [Pipeline] echo [WARNING] label option is deprecated. To use a static pod template, use the 'inheritFrom' option. [Pipeline] podTemplate [Pipeline] { [Pipeline] node Created Pod: kubernetes sw360/hugo-agent-3gxj7-gtxjz Still waiting to schedule task ‘hugo-agent-3gxj7-gtxjz’ is offline Agent hugo-agent-3gxj7-gtxjz is provisioned from template hugo-agent-3gxj7 --- apiVersion: "v1" kind: "Pod" metadata: annotations: buildUrl: "http://jenkins-ui.sw360.svc.cluster.local/sw360/job/sw360.website/171/" runUrl: "job/sw360.website/171/" labels: run: "hugo" jenkins: "slave" jenkins/label-digest: "7ac110df4066c009b519c7b03c365692b5eeb4d5" jenkins/label: "hugo-agent" name: "hugo-agent-3gxj7-gtxjz" namespace: "sw360" spec: containers: - env: - name: "JENKINS_SECRET" value: "********" - name: "JENKINS_TUNNEL" value: "jenkins-discovery.sw360.svc.cluster.local:50000" - name: "JENKINS_AGENT_NAME" value: "hugo-agent-3gxj7-gtxjz" - name: "JENKINS_NAME" value: "hugo-agent-3gxj7-gtxjz" - name: "JENKINS_AGENT_WORKDIR" value: "/home/jenkins/agent" - name: "JENKINS_URL" value: "http://jenkins-ui.sw360.svc.cluster.local/sw360/" - name: "HOME" value: "/home/jenkins" image: "docker.io/eclipsecbi/jiro-agent-basic:remoting-3160.vd76b_9ddd10cc" name: "jnlp" resources: requests: memory: "256Mi" cpu: "100m" volumeMounts: - mountPath: "/home/jenkins/.ssh" name: "volume-known-hosts" - mountPath: "/home/jenkins/agent" name: "workspace-volume" readOnly: false - command: - "cat" image: "klakegg/hugo:0.111.3-ext-ubuntu" name: "hugo" tty: true volumeMounts: - mountPath: "/home/jenkins/agent" name: "workspace-volume" readOnly: false nodeSelector: kubernetes.io/os: "linux" restartPolicy: "Never" volumes: - emptyDir: medium: "" name: "workspace-volume" - configMap: name: "known-hosts" name: "volume-known-hosts" Running on hugo-agent-3gxj7-gtxjz in /home/jenkins/agent/workspace/sw360.website [Pipeline] { [Pipeline] dir Running in /home/jenkins/agent/workspace/sw360.website/hugo [Pipeline] { [Pipeline] stage [Pipeline] { (Declarative: Checkout SCM) [Pipeline] checkout The recommended git tool is: git No credentials specified Cloning the remote Git repository Cloning repository https://github.com/eclipse/sw360.website.git > git init /home/jenkins/agent/workspace/sw360.website/hugo # timeout=10 Fetching upstream changes from https://github.com/eclipse/sw360.website.git > git --version # timeout=10 > git --version # 'git version 2.20.1' > git fetch --tags --force --progress -- https://github.com/eclipse/sw360.website.git +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/eclipse/sw360.website.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch Checking out Revision 1664da97c854a192372a73c78b8ba65679c2b4d6 (origin/main) > git rev-parse origin/main^{commit} # timeout=10 > git config core.sparsecheckout # timeout=10 > git checkout -f 1664da97c854a192372a73c78b8ba65679c2b4d6 # timeout=10 Commit message: "fix(logos): Adjust correct company logos" > git rev-list --no-walk 1664da97c854a192372a73c78b8ba65679c2b4d6 # timeout=10 [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // dir [Pipeline] withEnv [Pipeline] { [Pipeline] withEnv [Pipeline] { [Pipeline] stage [Pipeline] { (Checkout www repo) [Pipeline] dir Running in /home/jenkins/agent/workspace/sw360.website/www [Pipeline] { [Pipeline] sshagent [ssh-agent] Using credentials sw360-bot (GitHub bot (SSH)) [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine) $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-PuhdOATAF9EJ/agent.133 SSH_AGENT_PID=135 Running ssh-add (command line suppressed) Identity added: /home/jenkins/agent/workspace/sw360.website/www@tmp/private_key_13698418689753389590.key (sw360-bot@eclipse.org) [ssh-agent] Started. [Pipeline] { [Pipeline] sh + git clone git@github.com:eclipse-sw360/sw360.website.published.git . Cloning into '.'... Checking out files: 22% (113/493) Checking out files: 23% (114/493) Checking out files: 24% (119/493) Checking out files: 25% (124/493) Checking out files: 26% (129/493) Checking out files: 27% (134/493) Checking out files: 28% (139/493) Checking out files: 29% (143/493) Checking out files: 30% (148/493) Checking out files: 31% (153/493) Checking out files: 32% (158/493) Checking out files: 33% (163/493) Checking out files: 34% (168/493) Checking out files: 35% (173/493) Checking out files: 36% (178/493) Checking out files: 37% (183/493) Checking out files: 38% (188/493) Checking out files: 39% (193/493) Checking out files: 40% (198/493) Checking out files: 41% (203/493) Checking out files: 42% (208/493) Checking out files: 43% (212/493) Checking out files: 44% (217/493) Checking out files: 45% (222/493) Checking out files: 46% (227/493) Checking out files: 47% (232/493) Checking out files: 48% (237/493) Checking out files: 49% (242/493) Checking out files: 50% (247/493) Checking out files: 51% (252/493) Checking out files: 52% (257/493) Checking out files: 53% (262/493) Checking out files: 54% (267/493) Checking out files: 55% (272/493) Checking out files: 56% (277/493) Checking out files: 57% (282/493) Checking out files: 58% (286/493) Checking out files: 59% (291/493) Checking out files: 60% (296/493) Checking out files: 61% (301/493) Checking out files: 62% (306/493) Checking out files: 63% (311/493) Checking out files: 64% (316/493) Checking out files: 65% (321/493) Checking out files: 66% (326/493) Checking out files: 67% (331/493) Checking out files: 68% (336/493) Checking out files: 69% (341/493) Checking out files: 70% (346/493) Checking out files: 71% (351/493) Checking out files: 72% (355/493) Checking out files: 72% (357/493) Checking out files: 73% (360/493) Checking out files: 74% (365/493) Checking out files: 75% (370/493) Checking out files: 76% (375/493) Checking out files: 76% (378/493) Checking out files: 77% (380/493) Checking out files: 78% (385/493) Checking out files: 79% (390/493) Checking out files: 80% (395/493) Checking out files: 81% (400/493) Checking out files: 82% (405/493) Checking out files: 83% (410/493) Checking out files: 84% (415/493) Checking out files: 85% (420/493) Checking out files: 86% (424/493) Checking out files: 87% (429/493) Checking out files: 88% (434/493) Checking out files: 88% (438/493) Checking out files: 89% (439/493) Checking out files: 90% (444/493) Checking out files: 91% (449/493) Checking out files: 92% (454/493) Checking out files: 93% (459/493) Checking out files: 94% (464/493) Checking out files: 95% (469/493) Checking out files: 96% (474/493) Checking out files: 96% (478/493) Checking out files: 97% (479/493) Checking out files: 98% (484/493) Checking out files: 99% (489/493) Checking out files: 100% (493/493) Checking out files: 100% (493/493), done. + git checkout main Already on 'main' Your branch is up to date with 'origin/main'. [Pipeline] } $ ssh-agent -k unset SSH_AUTH_SOCK; unset SSH_AGENT_PID; echo Agent pid 135 killed; [ssh-agent] Stopped. [Pipeline] // sshagent [Pipeline] } [Pipeline] // dir [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Build main website with Hugo) [Pipeline] container [Pipeline] { [Pipeline] dir Running in /home/jenkins/agent/workspace/sw360.website/hugo [Pipeline] { [Pipeline] sh + mkdir -p themes/docsy [Pipeline] sh + hugo --minify -b https://www.eclipse.org/sw360/ hugo: downloading modules … hugo: collected modules in 71092 ms Start building sites … hugo v0.111.3-5d4eb5154e1fed125ca8e9b5a0315c4180dab192+extended linux/amd64 BuildDate=2023-03-12T11:40:50Z VendorInfo=hugoguru | EN -------------------+------ Pages | 101 Paginator pages | 0 Non-page files | 0 Static files | 385 Processed images | 0 Aliases | 0 Sitemaps | 1 Cleaned | 0 Total in 96994 ms [Pipeline] } [Pipeline] // dir [Pipeline] } [Pipeline] // container [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Build staging website with Hugo) Stage "Build staging website with Hugo" skipped due to when conditional [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Push www) [Pipeline] sh + rm -rf www/404.html www/about www/css www/docs www/favicons www/img www/index.html www/index.xml www/js www/presentations www/robots.txt www/screenshots www/scss www/sitemap.xml www/webfonts + cp -Rvf hugo/public/404.html hugo/public/about hugo/public/css hugo/public/docs hugo/public/favicons hugo/public/img hugo/public/index.html hugo/public/index.xml hugo/public/js hugo/public/presentations hugo/public/robots.txt hugo/public/screenshots hugo/public/scss hugo/public/sitemap.xml hugo/public/webfonts www/ 'hugo/public/404.html' -> 'www/404.html' 'hugo/public/about' -> 'www/about' 'hugo/public/about/index.html' -> 'www/about/index.html' 'hugo/public/css' -> 'www/css' 'hugo/public/css/prism.css' -> 'www/css/prism.css' 'hugo/public/css/swagger-ui.css' -> 'www/css/swagger-ui.css' 'hugo/public/docs' -> 'www/docs' 'hugo/public/docs/index.html' -> 'www/docs/index.html' 'hugo/public/docs/index.xml' -> 'www/docs/index.xml' 'hugo/public/docs/administrationguide' -> 'www/docs/administrationguide' 'hugo/public/docs/administrationguide/index.html' -> 'www/docs/administrationguide/index.html' 'hugo/public/docs/administrationguide/index.xml' -> 'www/docs/administrationguide/index.xml' 'hugo/public/docs/administrationguide/user-scheduling-cve-search-by-admins' -> 'www/docs/administrationguide/user-scheduling-cve-search-by-admins' 'hugo/public/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html' -> 'www/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html' 'hugo/public/docs/administrationguide/user-data-model-enumerations' -> 'www/docs/administrationguide/user-data-model-enumerations' 'hugo/public/docs/administrationguide/user-data-model-enumerations/index.html' -> 'www/docs/administrationguide/user-data-model-enumerations/index.html' 'hugo/public/docs/administrationguide/user-management-roles' -> 'www/docs/administrationguide/user-management-roles' 'hugo/public/docs/administrationguide/user-management-roles/index.html' -> 'www/docs/administrationguide/user-management-roles/index.html' 'hugo/public/docs/administrationguide/vulnerabilitymanagement' -> 'www/docs/administrationguide/vulnerabilitymanagement' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/index.html' -> 'www/docs/administrationguide/vulnerabilitymanagement/index.html' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/index.xml' -> 'www/docs/administrationguide/vulnerabilitymanagement/index.xml' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project' -> 'www/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html' -> 'www/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/vulnerabilities' -> 'www/docs/administrationguide/vulnerabilitymanagement/vulnerabilities' 'hugo/public/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html' -> 'www/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html' 'hugo/public/docs/administrationguide/menu' -> 'www/docs/administrationguide/menu' 'hugo/public/docs/administrationguide/menu/index.html' -> 'www/docs/administrationguide/menu/index.html' 'hugo/public/docs/administrationguide/properties' -> 'www/docs/administrationguide/properties' 'hugo/public/docs/administrationguide/properties/index.html' -> 'www/docs/administrationguide/properties/index.html' 'hugo/public/docs/deployment' -> 'www/docs/deployment' 'hugo/public/docs/deployment/index.html' -> 'www/docs/deployment/index.html' 'hugo/public/docs/deployment/index.xml' -> 'www/docs/deployment/index.xml' 'hugo/public/docs/deployment/deploy-authorization-concept' -> 'www/docs/deployment/deploy-authorization-concept' 'hugo/public/docs/deployment/deploy-authorization-concept/index.html' -> 'www/docs/deployment/deploy-authorization-concept/index.html' 'hugo/public/docs/deployment/deploy-configuration-country-codes' -> 'www/docs/deployment/deploy-configuration-country-codes' 'hugo/public/docs/deployment/deploy-configuration-country-codes/index.html' -> 'www/docs/deployment/deploy-configuration-country-codes/index.html' 'hugo/public/docs/deployment/deploy-configuration-files' -> 'www/docs/deployment/deploy-configuration-files' 'hugo/public/docs/deployment/deploy-configuration-files/index.html' -> 'www/docs/deployment/deploy-configuration-files/index.html' 'hugo/public/docs/deployment/deploy-export-and-import' -> 'www/docs/deployment/deploy-export-and-import' 'hugo/public/docs/deployment/deploy-export-and-import/index.html' -> 'www/docs/deployment/deploy-export-and-import/index.html' 'hugo/public/docs/deployment/baremetal' -> 'www/docs/deployment/baremetal' 'hugo/public/docs/deployment/baremetal/index.html' -> 'www/docs/deployment/baremetal/index.html' 'hugo/public/docs/deployment/baremetal/index.xml' -> 'www/docs/deployment/baremetal/index.xml' 'hugo/public/docs/deployment/baremetal/deploy-natively' -> 'www/docs/deployment/baremetal/deploy-natively' 'hugo/public/docs/deployment/baremetal/deploy-natively/index.html' -> 'www/docs/deployment/baremetal/deploy-natively/index.html' 'hugo/public/docs/deployment/deploy-specialdeployment' -> 'www/docs/deployment/deploy-specialdeployment' 'hugo/public/docs/deployment/deploy-specialdeployment/index.html' -> 'www/docs/deployment/deploy-specialdeployment/index.html' 'hugo/public/docs/deployment/deploy-initial-setup18' -> 'www/docs/deployment/deploy-initial-setup18' 'hugo/public/docs/deployment/deploy-initial-setup18/index.html' -> 'www/docs/deployment/deploy-initial-setup18/index.html' 'hugo/public/docs/deployment/deploy-requirements' -> 'www/docs/deployment/deploy-requirements' 'hugo/public/docs/deployment/deploy-requirements/index.html' -> 'www/docs/deployment/deploy-requirements/index.html' 'hugo/public/docs/deployment/deploy-cve-search' -> 'www/docs/deployment/deploy-cve-search' 'hugo/public/docs/deployment/deploy-cve-search/index.html' -> 'www/docs/deployment/deploy-cve-search/index.html' 'hugo/public/docs/deployment/legacy' -> 'www/docs/deployment/legacy' 'hugo/public/docs/deployment/legacy/deploy-natively-11' -> 'www/docs/deployment/legacy/deploy-natively-11' 'hugo/public/docs/deployment/legacy/deploy-natively-11/index.html' -> 'www/docs/deployment/legacy/deploy-natively-11/index.html' 'hugo/public/docs/deployment/legacy/deploy-liferay7.3' -> 'www/docs/deployment/legacy/deploy-liferay7.3' 'hugo/public/docs/deployment/legacy/deploy-liferay7.3/index.html' -> 'www/docs/deployment/legacy/deploy-liferay7.3/index.html' 'hugo/public/docs/deployment/legacy/deploy-liferay7' -> 'www/docs/deployment/legacy/deploy-liferay7' 'hugo/public/docs/deployment/legacy/deploy-liferay7/index.html' -> 'www/docs/deployment/legacy/deploy-liferay7/index.html' 'hugo/public/docs/deployment/legacy/deploy-liferay' -> 'www/docs/deployment/legacy/deploy-liferay' 'hugo/public/docs/deployment/legacy/deploy-liferay/index.html' -> 'www/docs/deployment/legacy/deploy-liferay/index.html' 'hugo/public/docs/deployment/legacy/index.html' -> 'www/docs/deployment/legacy/index.html' 'hugo/public/docs/deployment/legacy/index.xml' -> 'www/docs/deployment/legacy/index.xml' 'hugo/public/docs/deployment/legacy/nativeinstall' -> 'www/docs/deployment/legacy/nativeinstall' 'hugo/public/docs/deployment/legacy/nativeinstall/index.html' -> 'www/docs/deployment/legacy/nativeinstall/index.html' 'hugo/public/docs/deployment/legacy/nativeinstall/index.xml' -> 'www/docs/deployment/legacy/nativeinstall/index.xml' 'hugo/public/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0' -> 'www/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0' 'hugo/public/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html' -> 'www/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html' 'hugo/public/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0' -> 'www/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0' 'hugo/public/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html' -> 'www/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html' 'hugo/public/docs/deployment/deploy-secure-deployment' -> 'www/docs/deployment/deploy-secure-deployment' 'hugo/public/docs/deployment/deploy-secure-deployment/index.html' -> 'www/docs/deployment/deploy-secure-deployment/index.html' 'hugo/public/docs/deployment/upgrading' -> 'www/docs/deployment/upgrading' 'hugo/public/docs/deployment/upgrading/index.html' -> 'www/docs/deployment/upgrading/index.html' 'hugo/public/docs/deployment/upgrading/index.xml' -> 'www/docs/deployment/upgrading/index.xml' 'hugo/public/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0' -> 'www/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0' 'hugo/public/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html' -> 'www/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_15_to_16' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_15_to_16' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_16_to_17' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_16_to_17' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html' 'hugo/public/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11' -> 'www/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11' 'hugo/public/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html' -> 'www/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_17_to_18' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_17_to_18' 'hugo/public/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html' -> 'www/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html' 'hugo/public/docs/development' -> 'www/docs/development' 'hugo/public/docs/development/index.html' -> 'www/docs/development/index.html' 'hugo/public/docs/development/index.xml' -> 'www/docs/development/index.xml' 'hugo/public/docs/development/dev-adding-a-new-portlet-backend' -> 'www/docs/development/dev-adding-a-new-portlet-backend' 'hugo/public/docs/development/dev-adding-a-new-portlet-backend/index.html' -> 'www/docs/development/dev-adding-a-new-portlet-backend/index.html' 'hugo/public/docs/development/dev-database-migration-using-costco' -> 'www/docs/development/dev-database-migration-using-costco' 'hugo/public/docs/development/dev-database-migration-using-costco/index.html' -> 'www/docs/development/dev-database-migration-using-costco/index.html' 'hugo/public/docs/development/dev-branches' -> 'www/docs/development/dev-branches' 'hugo/public/docs/development/dev-branches/index.html' -> 'www/docs/development/dev-branches/index.html' 'hugo/public/docs/development/dev-fossology-integration' -> 'www/docs/development/dev-fossology-integration' 'hugo/public/docs/development/dev-fossology-integration/index.html' -> 'www/docs/development/dev-fossology-integration/index.html' 'hugo/public/docs/development/dev-adding-a-new-portlet-frontend' -> 'www/docs/development/dev-adding-a-new-portlet-frontend' 'hugo/public/docs/development/dev-adding-a-new-portlet-frontend/index.html' -> 'www/docs/development/dev-adding-a-new-portlet-frontend/index.html' 'hugo/public/docs/development/dev-dod-and-style' -> 'www/docs/development/dev-dod-and-style' 'hugo/public/docs/development/dev-dod-and-style/index.html' -> 'www/docs/development/dev-dod-and-style/index.html' 'hugo/public/docs/development/dev-adding-new-fields-to-existing-classes' -> 'www/docs/development/dev-adding-new-fields-to-existing-classes' 'hugo/public/docs/development/dev-adding-new-fields-to-existing-classes/index.html' -> 'www/docs/development/dev-adding-new-fields-to-existing-classes/index.html' 'hugo/public/docs/development/dev-filtering-in-portlets' -> 'www/docs/development/dev-filtering-in-portlets' 'hugo/public/docs/development/dev-filtering-in-portlets/index.html' -> 'www/docs/development/dev-filtering-in-portlets/index.html' 'hugo/public/docs/development/dev-liferay-friendly-url' -> 'www/docs/development/dev-liferay-friendly-url' 'hugo/public/docs/development/dev-liferay-friendly-url/index.html' -> 'www/docs/development/dev-liferay-friendly-url/index.html' 'hugo/public/docs/development/dev-role-authorisation-model' -> 'www/docs/development/dev-role-authorisation-model' 'hugo/public/docs/development/dev-role-authorisation-model/index.html' -> 'www/docs/development/dev-role-authorisation-model/index.html' 'hugo/public/docs/development/dev-semantic-commits' -> 'www/docs/development/dev-semantic-commits' 'hugo/public/docs/development/dev-semantic-commits/index.html' -> 'www/docs/development/dev-semantic-commits/index.html' 'hugo/public/docs/development/dev-using-requirejs-for-javascript-modules' -> 'www/docs/development/dev-using-requirejs-for-javascript-modules' 'hugo/public/docs/development/dev-using-requirejs-for-javascript-modules/index.html' -> 'www/docs/development/dev-using-requirejs-for-javascript-modules/index.html' 'hugo/public/docs/development/dev-external-documents-with-couchdb' -> 'www/docs/development/dev-external-documents-with-couchdb' 'hugo/public/docs/development/dev-external-documents-with-couchdb/index.html' -> 'www/docs/development/dev-external-documents-with-couchdb/index.html' 'hugo/public/docs/development/dev-moderation-requests' -> 'www/docs/development/dev-moderation-requests' 'hugo/public/docs/development/dev-moderation-requests/index.html' -> 'www/docs/development/dev-moderation-requests/index.html' 'hugo/public/docs/development/dev-releasing-sw360' -> 'www/docs/development/dev-releasing-sw360' 'hugo/public/docs/development/dev-releasing-sw360/index.html' -> 'www/docs/development/dev-releasing-sw360/index.html' 'hugo/public/docs/development/dev-testing-frameworks' -> 'www/docs/development/dev-testing-frameworks' 'hugo/public/docs/development/dev-testing-frameworks/index.html' -> 'www/docs/development/dev-testing-frameworks/index.html' 'hugo/public/docs/development/restapi' -> 'www/docs/development/restapi' 'hugo/public/docs/development/restapi/index.html' -> 'www/docs/development/restapi/index.html' 'hugo/public/docs/development/restapi/index.xml' -> 'www/docs/development/restapi/index.xml' 'hugo/public/docs/development/restapi/access' -> 'www/docs/development/restapi/access' 'hugo/public/docs/development/restapi/access/index.html' -> 'www/docs/development/restapi/access/index.html' 'hugo/public/docs/development/restapi/dev-rest-api' -> 'www/docs/development/restapi/dev-rest-api' 'hugo/public/docs/development/restapi/dev-rest-api/index.html' -> 'www/docs/development/restapi/dev-rest-api/index.html' 'hugo/public/docs/development/testcases' -> 'www/docs/development/testcases' 'hugo/public/docs/development/testcases/index.html' -> 'www/docs/development/testcases/index.html' 'hugo/public/docs/development/testcases/index.xml' -> 'www/docs/development/testcases/index.xml' 'hugo/public/docs/development/testcases/test-cases-licenses' -> 'www/docs/development/testcases/test-cases-licenses' 'hugo/public/docs/development/testcases/test-cases-licenses/index.html' -> 'www/docs/development/testcases/test-cases-licenses/index.html' 'hugo/public/docs/development/testcases/test-cases-moderations' -> 'www/docs/development/testcases/test-cases-moderations' 'hugo/public/docs/development/testcases/test-cases-moderations/index.html' -> 'www/docs/development/testcases/test-cases-moderations/index.html' 'hugo/public/docs/development/testcases/test-cases-components' -> 'www/docs/development/testcases/test-cases-components' 'hugo/public/docs/development/testcases/test-cases-components/index.html' -> 'www/docs/development/testcases/test-cases-components/index.html' 'hugo/public/docs/development/testcases/test-cases-projects' -> 'www/docs/development/testcases/test-cases-projects' 'hugo/public/docs/development/testcases/test-cases-projects/index.html' -> 'www/docs/development/testcases/test-cases-projects/index.html' 'hugo/public/docs/development/dev-troubleshooting' -> 'www/docs/development/dev-troubleshooting' 'hugo/public/docs/development/dev-troubleshooting/index.html' -> 'www/docs/development/dev-troubleshooting/index.html' 'hugo/public/docs/userguide' -> 'www/docs/userguide' 'hugo/public/docs/userguide/index.html' -> 'www/docs/userguide/index.html' 'hugo/public/docs/userguide/index.xml' -> 'www/docs/userguide/index.xml' 'hugo/public/docs/userguide/faq' -> 'www/docs/userguide/faq' 'hugo/public/docs/userguide/faq/index.html' -> 'www/docs/userguide/faq/index.html' 'hugo/public/docs/userguide/preferrences' -> 'www/docs/userguide/preferrences' 'hugo/public/docs/userguide/preferrences/index.html' -> 'www/docs/userguide/preferrences/index.html' 'hugo/public/docs/userguide/dependency_network' -> 'www/docs/userguide/dependency_network' 'hugo/public/docs/userguide/dependency_network/index.html' -> 'www/docs/userguide/dependency_network/index.html' 'hugo/public/docs/userguide/licenses' -> 'www/docs/userguide/licenses' 'hugo/public/docs/userguide/licenses/index.html' -> 'www/docs/userguide/licenses/index.html' 'hugo/public/docs/userguide/login' -> 'www/docs/userguide/login' 'hugo/public/docs/userguide/login/index.html' -> 'www/docs/userguide/login/index.html' 'hugo/public/docs/userguide/search' -> 'www/docs/userguide/search' 'hugo/public/docs/userguide/search/index.html' -> 'www/docs/userguide/search/index.html' 'hugo/public/docs/userguide/spdx_document' -> 'www/docs/userguide/spdx_document' 'hugo/public/docs/userguide/spdx_document/index.html' -> 'www/docs/userguide/spdx_document/index.html' 'hugo/public/docs/userguide/bestpractices' -> 'www/docs/userguide/bestpractices' 'hugo/public/docs/userguide/bestpractices/index.html' -> 'www/docs/userguide/bestpractices/index.html' 'hugo/public/docs/userguide/bestpractices/index.xml' -> 'www/docs/userguide/bestpractices/index.xml' 'hugo/public/docs/userguide/bestpractices/component-naming' -> 'www/docs/userguide/bestpractices/component-naming' 'hugo/public/docs/userguide/bestpractices/component-naming/index.html' -> 'www/docs/userguide/bestpractices/component-naming/index.html' 'hugo/public/docs/userguide/bestpractices/user-attachment-file-types' -> 'www/docs/userguide/bestpractices/user-attachment-file-types' 'hugo/public/docs/userguide/bestpractices/user-attachment-file-types/index.html' -> 'www/docs/userguide/bestpractices/user-attachment-file-types/index.html' 'hugo/public/docs/userguide/bestpractices/good-record-creation-structure' -> 'www/docs/userguide/bestpractices/good-record-creation-structure' 'hugo/public/docs/userguide/bestpractices/good-record-creation-structure/index.html' -> 'www/docs/userguide/bestpractices/good-record-creation-structure/index.html' 'hugo/public/docs/userguide/bestpractices/workflows' -> 'www/docs/userguide/bestpractices/workflows' 'hugo/public/docs/userguide/bestpractices/workflows/index.html' -> 'www/docs/userguide/bestpractices/workflows/index.html' 'hugo/public/docs/userguide/bestpractices/license-naming' -> 'www/docs/userguide/bestpractices/license-naming' 'hugo/public/docs/userguide/bestpractices/license-naming/index.html' -> 'www/docs/userguide/bestpractices/license-naming/index.html' 'hugo/public/docs/userguide/components' -> 'www/docs/userguide/components' 'hugo/public/docs/userguide/components/index.html' -> 'www/docs/userguide/components/index.html' 'hugo/public/docs/userguide/requests' -> 'www/docs/userguide/requests' 'hugo/public/docs/userguide/requests/index.html' -> 'www/docs/userguide/requests/index.html' 'hugo/public/docs/userguide/project' -> 'www/docs/userguide/project' 'hugo/public/docs/userguide/project/index.html' -> 'www/docs/userguide/project/index.html' 'hugo/public/docs/userguide/sw360-homepage' -> 'www/docs/userguide/sw360-homepage' 'hugo/public/docs/userguide/sw360-homepage/index.html' -> 'www/docs/userguide/sw360-homepage/index.html' 'hugo/public/favicons' -> 'www/favicons' 'hugo/public/favicons/android-144x144.png' -> 'www/favicons/android-144x144.png' 'hugo/public/favicons/android-192x192.png' -> 'www/favicons/android-192x192.png' 'hugo/public/favicons/android-36x36.png' -> 'www/favicons/android-36x36.png' 'hugo/public/favicons/android-48x48.png' -> 'www/favicons/android-48x48.png' 'hugo/public/favicons/android-72x72.png' -> 'www/favicons/android-72x72.png' 'hugo/public/favicons/android-96x96.png' -> 'www/favicons/android-96x96.png' 'hugo/public/favicons/android-chrome-192x192.png' -> 'www/favicons/android-chrome-192x192.png' 'hugo/public/favicons/android-chrome-512x512.png' -> 'www/favicons/android-chrome-512x512.png' 'hugo/public/favicons/android-chrome-maskable-192x192.png' -> 'www/favicons/android-chrome-maskable-192x192.png' 'hugo/public/favicons/android-chrome-maskable-512x512.png' -> 'www/favicons/android-chrome-maskable-512x512.png' 'hugo/public/favicons/apple-touch-icon-120x120.png' -> 'www/favicons/apple-touch-icon-120x120.png' 'hugo/public/favicons/apple-touch-icon-152x152.png' -> 'www/favicons/apple-touch-icon-152x152.png' 'hugo/public/favicons/apple-touch-icon-167x167.png' -> 'www/favicons/apple-touch-icon-167x167.png' 'hugo/public/favicons/apple-touch-icon-180x180.png' -> 'www/favicons/apple-touch-icon-180x180.png' 'hugo/public/favicons/apple-touch-icon-60x60.png' -> 'www/favicons/apple-touch-icon-60x60.png' 'hugo/public/favicons/apple-touch-icon-76x76.png' -> 'www/favicons/apple-touch-icon-76x76.png' 'hugo/public/favicons/apple-touch-icon.png' -> 'www/favicons/apple-touch-icon.png' 'hugo/public/favicons/coast-228x228.png' -> 'www/favicons/coast-228x228.png' 'hugo/public/favicons/favicon-1024.png' -> 'www/favicons/favicon-1024.png' 'hugo/public/favicons/favicon-128x128.png' -> 'www/favicons/favicon-128x128.png' 'hugo/public/favicons/favicon-16x16.png' -> 'www/favicons/favicon-16x16.png' 'hugo/public/favicons/favicon-256.png' -> 'www/favicons/favicon-256.png' 'hugo/public/favicons/favicon-256x256.png' -> 'www/favicons/favicon-256x256.png' 'hugo/public/favicons/favicon-32x32.png' -> 'www/favicons/favicon-32x32.png' 'hugo/public/favicons/favicon-48x48.png' -> 'www/favicons/favicon-48x48.png' 'hugo/public/favicons/favicon-64x64.png' -> 'www/favicons/favicon-64x64.png' 'hugo/public/favicons/favicon-96x96.png' -> 'www/favicons/favicon-96x96.png' 'hugo/public/favicons/favicon.ico' -> 'www/favicons/favicon.ico' 'hugo/public/favicons/msapplication-icon-144x144.png' -> 'www/favicons/msapplication-icon-144x144.png' 'hugo/public/favicons/mstile-150x150.png' -> 'www/favicons/mstile-150x150.png' 'hugo/public/favicons/pwa-192x192.png' -> 'www/favicons/pwa-192x192.png' 'hugo/public/favicons/pwa-512x512.png' -> 'www/favicons/pwa-512x512.png' 'hugo/public/favicons/tile150x150.png' -> 'www/favicons/tile150x150.png' 'hugo/public/favicons/tile310x150.png' -> 'www/favicons/tile310x150.png' 'hugo/public/favicons/tile310x310.png' -> 'www/favicons/tile310x310.png' 'hugo/public/favicons/tile70x70.png' -> 'www/favicons/tile70x70.png' 'hugo/public/img' -> 'www/img' 'hugo/public/img/favicon.ico' -> 'www/img/favicon.ico' 'hugo/public/img/featured-background.jpg' -> 'www/img/featured-background.jpg' 'hugo/public/img/ImagesBasic' -> 'www/img/ImagesBasic' 'hugo/public/img/ImagesBasic/AddAttachment.png' -> 'www/img/ImagesBasic/AddAttachment.png' 'hugo/public/img/ImagesBasic/AddReleaseButton.png' -> 'www/img/ImagesBasic/AddReleaseButton.png' 'hugo/public/img/ImagesBasic/AddReleaseScreenWithoutData1.png' -> 'www/img/ImagesBasic/AddReleaseScreenWithoutData1.png' 'hugo/public/img/ImagesBasic/AddReleaseScreenWithoutData2.png' -> 'www/img/ImagesBasic/AddReleaseScreenWithoutData2.png' 'hugo/public/img/ImagesBasic/Additional_data_1.png' -> 'www/img/ImagesBasic/Additional_data_1.png' 'hugo/public/img/ImagesBasic/Additional_data_2.png' -> 'www/img/ImagesBasic/Additional_data_2.png' 'hugo/public/img/ImagesBasic/Addproject4.png' -> 'www/img/ImagesBasic/Addproject4.png' 'hugo/public/img/ImagesBasic/Addproject_5.png' -> 'www/img/ImagesBasic/Addproject_5.png' 'hugo/public/img/ImagesBasic/Attachment_2.png' -> 'www/img/ImagesBasic/Attachment_2.png' 'hugo/public/img/ImagesBasic/ClearingRequest.png' -> 'www/img/ImagesBasic/ClearingRequest.png' 'hugo/public/img/ImagesBasic/Clearing_Information.png' -> 'www/img/ImagesBasic/Clearing_Information.png' 'hugo/public/img/ImagesBasic/ComponentList.png' -> 'www/img/ImagesBasic/ComponentList.png' 'hugo/public/img/ImagesBasic/Copy_Duplicate.png' -> 'www/img/ImagesBasic/Copy_Duplicate.png' 'hugo/public/img/ImagesBasic/Create_clearing_request.png' -> 'www/img/ImagesBasic/Create_clearing_request.png' 'hugo/public/img/ImagesBasic/Delete_Trash.png' -> 'www/img/ImagesBasic/Delete_Trash.png' 'hugo/public/img/ImagesBasic/Deleteproject1.png' -> 'www/img/ImagesBasic/Deleteproject1.png' 'hugo/public/img/ImagesBasic/EditProject_Attachments.png' -> 'www/img/ImagesBasic/EditProject_Attachments.png' 'hugo/public/img/ImagesBasic/Edit_Pen.png' -> 'www/img/ImagesBasic/Edit_Pen.png' 'hugo/public/img/ImagesBasic/Export-Spreadsheet.png' -> 'www/img/ImagesBasic/Export-Spreadsheet.png' 'hugo/public/img/ImagesBasic/Export_spreadsheet.png' -> 'www/img/ImagesBasic/Export_spreadsheet.png' 'hugo/public/img/ImagesBasic/Generate_license_info.png' -> 'www/img/ImagesBasic/Generate_license_info.png' 'hugo/public/img/ImagesBasic/Generate_license_info_2 .png' -> 'www/img/ImagesBasic/Generate_license_info_2 .png' 'hugo/public/img/ImagesBasic/Generate_license_info_3.png' -> 'www/img/ImagesBasic/Generate_license_info_3.png' 'hugo/public/img/ImagesBasic/Home_Page.png' -> 'www/img/ImagesBasic/Home_Page.png' 'hugo/public/img/ImagesBasic/ImportSBOM.png' -> 'www/img/ImagesBasic/ImportSBOM.png' 'hugo/public/img/ImagesBasic/LicenseClearing_1.png' -> 'www/img/ImagesBasic/LicenseClearing_1.png' 'hugo/public/img/ImagesBasic/License_Clearing_request.png' -> 'www/img/ImagesBasic/License_Clearing_request.png' 'hugo/public/img/ImagesBasic/Link_release_1.png' -> 'www/img/ImagesBasic/Link_release_1.png' 'hugo/public/img/ImagesBasic/Link_release_2.png' -> 'www/img/ImagesBasic/Link_release_2.png' 'hugo/public/img/ImagesBasic/Link_release_3.png' -> 'www/img/ImagesBasic/Link_release_3.png' 'hugo/public/img/ImagesBasic/Linked-projects_1.png' -> 'www/img/ImagesBasic/Linked-projects_1.png' 'hugo/public/img/ImagesBasic/Linked-projects_2.png' -> 'www/img/ImagesBasic/Linked-projects_2.png' 'hugo/public/img/ImagesBasic/Linked-projects_3.png' -> 'www/img/ImagesBasic/Linked-projects_3.png' 'hugo/public/img/ImagesBasic/Linking_project.png' -> 'www/img/ImagesBasic/Linking_project.png' 'hugo/public/img/ImagesBasic/Loginpage.png' -> 'www/img/ImagesBasic/Loginpage.png' 'hugo/public/img/ImagesBasic/ProjectAdministration.png' -> 'www/img/ImagesBasic/ProjectAdministration.png' 'hugo/public/img/ImagesBasic/ProjectExternalURL1.png' -> 'www/img/ImagesBasic/ProjectExternalURL1.png' 'hugo/public/img/ImagesBasic/ProjectExternalURL2.png' -> 'www/img/ImagesBasic/ProjectExternalURL2.png' 'hugo/public/img/ImagesBasic/ProjectGeneralInfo (1).png' -> 'www/img/ImagesBasic/ProjectGeneralInfo (1).png' 'hugo/public/img/ImagesBasic/ProjectLifecycle.png' -> 'www/img/ImagesBasic/ProjectLifecycle.png' 'hugo/public/img/ImagesBasic/ProjectLinkedreleasesandprojects.png' -> 'www/img/ImagesBasic/ProjectLinkedreleasesandprojects.png' 'hugo/public/img/ImagesBasic/ProjectRoles.png' -> 'www/img/ImagesBasic/ProjectRoles.png' 'hugo/public/img/ImagesBasic/Project_external_ID_1.png' -> 'www/img/ImagesBasic/Project_external_ID_1.png' 'hugo/public/img/ImagesBasic/Project_external_ID_2.png' -> 'www/img/ImagesBasic/Project_external_ID_2.png' 'hugo/public/img/ImagesBasic/Projectpage.png' -> 'www/img/ImagesBasic/Projectpage.png' 'hugo/public/img/ImagesBasic/ReleaseClearingDetails.png' -> 'www/img/ImagesBasic/ReleaseClearingDetails.png' 'hugo/public/img/ImagesBasic/SVM_Tracking.png' -> 'www/img/ImagesBasic/SVM_Tracking.png' 'hugo/public/img/ImagesBasic/SVM_Tracking_2.png' -> 'www/img/ImagesBasic/SVM_Tracking_2.png' 'hugo/public/img/ImagesBasic/SearchVendor.png' -> 'www/img/ImagesBasic/SearchVendor.png' 'hugo/public/img/ImagesBasic/Search_Page.png' -> 'www/img/ImagesBasic/Search_Page.png' 'hugo/public/img/ImagesBasic/SignIn.png' -> 'www/img/ImagesBasic/SignIn.png' 'hugo/public/img/ImagesBasic/SortIcon.png' -> 'www/img/ImagesBasic/SortIcon.png' 'hugo/public/img/ImagesBasic/Source_code_1.png' -> 'www/img/ImagesBasic/Source_code_1.png' 'hugo/public/img/ImagesBasic/Source_code_2.png' -> 'www/img/ImagesBasic/Source_code_2.png' 'hugo/public/img/ImagesBasic/ViewComponent.png' -> 'www/img/ImagesBasic/ViewComponent.png' 'hugo/public/img/ImagesBasic/View_Clearing_Request_2.png' -> 'www/img/ImagesBasic/View_Clearing_Request_2.png' 'hugo/public/img/ImagesBasic/View_Clearing_request.png' -> 'www/img/ImagesBasic/View_Clearing_request.png' 'hugo/public/img/ImagesBasic/add_release.png' -> 'www/img/ImagesBasic/add_release.png' 'hugo/public/img/ImagesBasic/additionalroles1.png' -> 'www/img/ImagesBasic/additionalroles1.png' 'hugo/public/img/ImagesBasic/additionalroles2.png' -> 'www/img/ImagesBasic/additionalroles2.png' 'hugo/public/img/ImagesBasic/admin_menu.png' -> 'www/img/ImagesBasic/admin_menu.png' 'hugo/public/img/ImagesBasic/clearing_detail.png' -> 'www/img/ImagesBasic/clearing_detail.png' 'hugo/public/img/ImagesBasic/comp_pg2.png' -> 'www/img/ImagesBasic/comp_pg2.png' 'hugo/public/img/ImagesBasic/comp_view.png' -> 'www/img/ImagesBasic/comp_view.png' 'hugo/public/img/ImagesBasic/create_comp.png' -> 'www/img/ImagesBasic/create_comp.png' 'hugo/public/img/ImagesBasic/create_proj.png' -> 'www/img/ImagesBasic/create_proj.png' 'hugo/public/img/ImagesBasic/create_release_new.png' -> 'www/img/ImagesBasic/create_release_new.png' 'hugo/public/img/ImagesBasic/dual_license.png' -> 'www/img/ImagesBasic/dual_license.png' 'hugo/public/img/ImagesBasic/duo.png' -> 'www/img/ImagesBasic/duo.png' 'hugo/public/img/ImagesBasic/general-search.png' -> 'www/img/ImagesBasic/general-search.png' 'hugo/public/img/ImagesBasic/homepage.png' -> 'www/img/ImagesBasic/homepage.png' 'hugo/public/img/ImagesBasic/navigationbar-search.png' -> 'www/img/ImagesBasic/navigationbar-search.png' 'hugo/public/img/ImagesBasic/new_attachment.png' -> 'www/img/ImagesBasic/new_attachment.png' 'hugo/public/img/ImagesBasic/new_comp.png' -> 'www/img/ImagesBasic/new_comp.png' 'hugo/public/img/ImagesBasic/new_comp_view.png' -> 'www/img/ImagesBasic/new_comp_view.png' 'hugo/public/img/ImagesBasic/new_proj.png' -> 'www/img/ImagesBasic/new_proj.png' 'hugo/public/img/ImagesBasic/proj_pg2.png' -> 'www/img/ImagesBasic/proj_pg2.png' 'hugo/public/img/ImagesBasic/release_list.png' -> 'www/img/ImagesBasic/release_list.png' 'hugo/public/img/ImagesBasic/start_page.png' -> 'www/img/ImagesBasic/start_page.png' 'hugo/public/img/ImagesBasic/sw360_specific_search.png' -> 'www/img/ImagesBasic/sw360_specific_search.png' 'hugo/public/img/ImagesBasic/Componentpage' -> 'www/img/ImagesBasic/Componentpage' 'hugo/public/img/ImagesBasic/Componentpage/Assesment_Summary_Info.png' -> 'www/img/ImagesBasic/Componentpage/Assesment_Summary_Info.png' 'hugo/public/img/ImagesBasic/Componentpage/Changelog1.png' -> 'www/img/ImagesBasic/Componentpage/Changelog1.png' 'hugo/public/img/ImagesBasic/Componentpage/Changelog2.png' -> 'www/img/ImagesBasic/Componentpage/Changelog2.png' 'hugo/public/img/ImagesBasic/Componentpage/ComponentAdditionalroles.png' -> 'www/img/ImagesBasic/Componentpage/ComponentAdditionalroles.png' 'hugo/public/img/ImagesBasic/Componentpage/ComponentExternalIds.png' -> 'www/img/ImagesBasic/Componentpage/ComponentExternalIds.png' 'hugo/public/img/ImagesBasic/Componentpage/ComponentPage.png' -> 'www/img/ImagesBasic/Componentpage/ComponentPage.png' 'hugo/public/img/ImagesBasic/Componentpage/ComponentSPDXattachment.png' -> 'www/img/ImagesBasic/Componentpage/ComponentSPDXattachment.png' 'hugo/public/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png' -> 'www/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_Additional_Role2.png' -> 'www/img/ImagesBasic/Componentpage/Component_Additional_Role2.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_Assesment_summary_info1.png' -> 'www/img/ImagesBasic/Componentpage/Component_Assesment_summary_info1.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_Attachments.png' -> 'www/img/ImagesBasic/Componentpage/Component_Attachments.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_ChangeLog.png' -> 'www/img/ImagesBasic/Componentpage/Component_ChangeLog.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_General_Info.png' -> 'www/img/ImagesBasic/Componentpage/Component_General_Info.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_Roles.png' -> 'www/img/ImagesBasic/Componentpage/Component_Roles.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png' -> 'www/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_2.png' -> 'www/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_2.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_Vulnerability.png' -> 'www/img/ImagesBasic/Componentpage/Component_Vulnerability.png' 'hugo/public/img/ImagesBasic/Componentpage/Component_release_vulnerability.png' -> 'www/img/ImagesBasic/Componentpage/Component_release_vulnerability.png' 'hugo/public/img/ImagesBasic/Componentpage/Componentadditionaldata.png' -> 'www/img/ImagesBasic/Componentpage/Componentadditionaldata.png' 'hugo/public/img/ImagesBasic/Componentpage/Componentreleases.png' -> 'www/img/ImagesBasic/Componentpage/Componentreleases.png' 'hugo/public/img/ImagesBasic/Componentpage/Componentreleasesummary.png' -> 'www/img/ImagesBasic/Componentpage/Componentreleasesummary.png' 'hugo/public/img/ImagesBasic/Componentpage/Create_Release1.png' -> 'www/img/ImagesBasic/Componentpage/Create_Release1.png' 'hugo/public/img/ImagesBasic/Componentpage/Create_Release2.png' -> 'www/img/ImagesBasic/Componentpage/Create_Release2.png' 'hugo/public/img/ImagesBasic/Componentpage/Create_Release3.png' -> 'www/img/ImagesBasic/Componentpage/Create_Release3.png' 'hugo/public/img/ImagesBasic/Componentpage/Editcomponent.png' -> 'www/img/ImagesBasic/Componentpage/Editcomponent.png' 'hugo/public/img/ImagesBasic/Componentpage/Merge_1.png' -> 'www/img/ImagesBasic/Componentpage/Merge_1.png' 'hugo/public/img/ImagesBasic/Componentpage/Merge_2.png' -> 'www/img/ImagesBasic/Componentpage/Merge_2.png' 'hugo/public/img/ImagesBasic/Componentpage/Merge_Icon_1.png' -> 'www/img/ImagesBasic/Componentpage/Merge_Icon_1.png' 'hugo/public/img/ImagesBasic/Componentpage/Merge_Icon_2.png' -> 'www/img/ImagesBasic/Componentpage/Merge_Icon_2.png' 'hugo/public/img/ImagesBasic/Componentpage/Merge_Icon_3.png' -> 'www/img/ImagesBasic/Componentpage/Merge_Icon_3.png' 'hugo/public/img/ImagesBasic/Componentpage/Release_Clearing_Details.png' -> 'www/img/ImagesBasic/Componentpage/Release_Clearing_Details.png' 'hugo/public/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png' -> 'www/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png' 'hugo/public/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png' -> 'www/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png' 'hugo/public/img/ImagesBasic/Componentpage/Release_ECC_Details.png' -> 'www/img/ImagesBasic/Componentpage/Release_ECC_Details.png' 'hugo/public/img/ImagesBasic/Componentpage/Releaserepository.png' -> 'www/img/ImagesBasic/Componentpage/Releaserepository.png' 'hugo/public/img/ImagesBasic/Componentpage/Split_1.png' -> 'www/img/ImagesBasic/Componentpage/Split_1.png' 'hugo/public/img/ImagesBasic/Componentpage/Split_2.png' -> 'www/img/ImagesBasic/Componentpage/Split_2.png' 'hugo/public/img/ImagesBasic/Componentpage/Split_Icon_1.png' -> 'www/img/ImagesBasic/Componentpage/Split_Icon_1.png' 'hugo/public/img/ImagesBasic/Componentpage/View_Component.png' -> 'www/img/ImagesBasic/Componentpage/View_Component.png' 'hugo/public/img/ImagesBasic/LicensePage' -> 'www/img/ImagesBasic/LicensePage' 'hugo/public/img/ImagesBasic/LicensePage/Checked.png' -> 'www/img/ImagesBasic/LicensePage/Checked.png' 'hugo/public/img/ImagesBasic/LicensePage/Create_License.png' -> 'www/img/ImagesBasic/LicensePage/Create_License.png' 'hugo/public/img/ImagesBasic/LicensePage/Edit_License.png' -> 'www/img/ImagesBasic/LicensePage/Edit_License.png' 'hugo/public/img/ImagesBasic/LicensePage/License_Page.png' -> 'www/img/ImagesBasic/LicensePage/License_Page.png' 'hugo/public/img/ImagesBasic/LicensePage/Linked_Obligations.png' -> 'www/img/ImagesBasic/LicensePage/Linked_Obligations.png' 'hugo/public/img/ImagesBasic/LicensePage/Linked_Obligations_2.png' -> 'www/img/ImagesBasic/LicensePage/Linked_Obligations_2.png' 'hugo/public/img/ImagesBasic/LicensePage/Unchecked.png' -> 'www/img/ImagesBasic/LicensePage/Unchecked.png' 'hugo/public/img/ImagesBasic/LicensePage/View_License.png' -> 'www/img/ImagesBasic/LicensePage/View_License.png' 'hugo/public/img/ImagesBasic/Preferences Page' -> 'www/img/ImagesBasic/Preferences Page' 'hugo/public/img/ImagesBasic/Preferences Page/Edit_email_preferences.png' -> 'www/img/ImagesBasic/Preferences Page/Edit_email_preferences.png' 'hugo/public/img/ImagesBasic/Preferences Page/Preferences_Page.png' -> 'www/img/ImagesBasic/Preferences Page/Preferences_Page.png' 'hugo/public/img/ImagesBasic/Preferences Page/REST_API_TOKENS.png' -> 'www/img/ImagesBasic/Preferences Page/REST_API_TOKENS.png' 'hugo/public/img/ImagesBasic/Project_Page' -> 'www/img/ImagesBasic/Project_Page' 'hugo/public/img/ImagesBasic/Project_Page/Additional_data_1.png' -> 'www/img/ImagesBasic/Project_Page/Additional_data_1.png' 'hugo/public/img/ImagesBasic/Project_Page/Additional_data_2.png' -> 'www/img/ImagesBasic/Project_Page/Additional_data_2.png' 'hugo/public/img/ImagesBasic/Project_Page/Addproject4.png' -> 'www/img/ImagesBasic/Project_Page/Addproject4.png' 'hugo/public/img/ImagesBasic/Project_Page/Addproject_5.png' -> 'www/img/ImagesBasic/Project_Page/Addproject_5.png' 'hugo/public/img/ImagesBasic/Project_Page/Attachment_2.png' -> 'www/img/ImagesBasic/Project_Page/Attachment_2.png' 'hugo/public/img/ImagesBasic/Project_Page/ClearingRequest.png' -> 'www/img/ImagesBasic/Project_Page/ClearingRequest.png' 'hugo/public/img/ImagesBasic/Project_Page/Clearing_Information.png' -> 'www/img/ImagesBasic/Project_Page/Clearing_Information.png' 'hugo/public/img/ImagesBasic/Project_Page/Copy_Duplicate.png' -> 'www/img/ImagesBasic/Project_Page/Copy_Duplicate.png' 'hugo/public/img/ImagesBasic/Project_Page/Create_clearing_request.png' -> 'www/img/ImagesBasic/Project_Page/Create_clearing_request.png' 'hugo/public/img/ImagesBasic/Project_Page/Delete_Trash.png' -> 'www/img/ImagesBasic/Project_Page/Delete_Trash.png' 'hugo/public/img/ImagesBasic/Project_Page/Deleteproject1.png' -> 'www/img/ImagesBasic/Project_Page/Deleteproject1.png' 'hugo/public/img/ImagesBasic/Project_Page/EditProject_Attachments.png' -> 'www/img/ImagesBasic/Project_Page/EditProject_Attachments.png' 'hugo/public/img/ImagesBasic/Project_Page/Edit_Pen.png' -> 'www/img/ImagesBasic/Project_Page/Edit_Pen.png' 'hugo/public/img/ImagesBasic/Project_Page/Export_spreadsheet.png' -> 'www/img/ImagesBasic/Project_Page/Export_spreadsheet.png' 'hugo/public/img/ImagesBasic/Project_Page/Generate_license_info.png' -> 'www/img/ImagesBasic/Project_Page/Generate_license_info.png' 'hugo/public/img/ImagesBasic/Project_Page/Generate_license_info_2 .png' -> 'www/img/ImagesBasic/Project_Page/Generate_license_info_2 .png' 'hugo/public/img/ImagesBasic/Project_Page/Generate_license_info_3.png' -> 'www/img/ImagesBasic/Project_Page/Generate_license_info_3.png' 'hugo/public/img/ImagesBasic/Project_Page/ImportSBOM.png' -> 'www/img/ImagesBasic/Project_Page/ImportSBOM.png' 'hugo/public/img/ImagesBasic/Project_Page/LicenseClearing_1.png' -> 'www/img/ImagesBasic/Project_Page/LicenseClearing_1.png' 'hugo/public/img/ImagesBasic/Project_Page/License_Clearing_request.png' -> 'www/img/ImagesBasic/Project_Page/License_Clearing_request.png' 'hugo/public/img/ImagesBasic/Project_Page/Link_release_1.png' -> 'www/img/ImagesBasic/Project_Page/Link_release_1.png' 'hugo/public/img/ImagesBasic/Project_Page/Link_release_2.png' -> 'www/img/ImagesBasic/Project_Page/Link_release_2.png' 'hugo/public/img/ImagesBasic/Project_Page/Link_release_3.png' -> 'www/img/ImagesBasic/Project_Page/Link_release_3.png' 'hugo/public/img/ImagesBasic/Project_Page/Linked-projects_1.png' -> 'www/img/ImagesBasic/Project_Page/Linked-projects_1.png' 'hugo/public/img/ImagesBasic/Project_Page/Linked-projects_2.png' -> 'www/img/ImagesBasic/Project_Page/Linked-projects_2.png' 'hugo/public/img/ImagesBasic/Project_Page/Linked-projects_3.png' -> 'www/img/ImagesBasic/Project_Page/Linked-projects_3.png' 'hugo/public/img/ImagesBasic/Project_Page/Linking_project.png' -> 'www/img/ImagesBasic/Project_Page/Linking_project.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectAdministration.png' -> 'www/img/ImagesBasic/Project_Page/ProjectAdministration.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectExternalURL1.png' -> 'www/img/ImagesBasic/Project_Page/ProjectExternalURL1.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectExternalURL2.png' -> 'www/img/ImagesBasic/Project_Page/ProjectExternalURL2.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectGeneralInfo (1).png' -> 'www/img/ImagesBasic/Project_Page/ProjectGeneralInfo (1).png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectLifecycle.png' -> 'www/img/ImagesBasic/Project_Page/ProjectLifecycle.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png' -> 'www/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png' 'hugo/public/img/ImagesBasic/Project_Page/ProjectRoles.png' -> 'www/img/ImagesBasic/Project_Page/ProjectRoles.png' 'hugo/public/img/ImagesBasic/Project_Page/Project_external_ID_1.png' -> 'www/img/ImagesBasic/Project_Page/Project_external_ID_1.png' 'hugo/public/img/ImagesBasic/Project_Page/Project_external_ID_2.png' -> 'www/img/ImagesBasic/Project_Page/Project_external_ID_2.png' 'hugo/public/img/ImagesBasic/Project_Page/Projectpage.png' -> 'www/img/ImagesBasic/Project_Page/Projectpage.png' 'hugo/public/img/ImagesBasic/Project_Page/SVM_Tracking.png' -> 'www/img/ImagesBasic/Project_Page/SVM_Tracking.png' 'hugo/public/img/ImagesBasic/Project_Page/SVM_Tracking_2.png' -> 'www/img/ImagesBasic/Project_Page/SVM_Tracking_2.png' 'hugo/public/img/ImagesBasic/Project_Page/SortIcon.png' -> 'www/img/ImagesBasic/Project_Page/SortIcon.png' 'hugo/public/img/ImagesBasic/Project_Page/Source_code_1.png' -> 'www/img/ImagesBasic/Project_Page/Source_code_1.png' 'hugo/public/img/ImagesBasic/Project_Page/Source_code_2.png' -> 'www/img/ImagesBasic/Project_Page/Source_code_2.png' 'hugo/public/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png' -> 'www/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png' 'hugo/public/img/ImagesBasic/Project_Page/View_Clearing_request.png' -> 'www/img/ImagesBasic/Project_Page/View_Clearing_request.png' 'hugo/public/img/ImagesBasic/Project_Page/additionalroles1.png' -> 'www/img/ImagesBasic/Project_Page/additionalroles1.png' 'hugo/public/img/ImagesBasic/Project_Page/additionalroles2.png' -> 'www/img/ImagesBasic/Project_Page/additionalroles2.png' 'hugo/public/img/ImagesBasic/Request_Page' -> 'www/img/ImagesBasic/Request_Page' 'hugo/public/img/ImagesBasic/Request_Page/Clearing_Requests.png' -> 'www/img/ImagesBasic/Request_Page/Clearing_Requests.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png' -> 'www/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png' -> 'www/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_clearing_request_3.png' -> 'www/img/ImagesBasic/Request_Page/Edit_clearing_request_3.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_moderation_request.png' -> 'www/img/ImagesBasic/Request_Page/Edit_moderation_request.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png' -> 'www/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png' 'hugo/public/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png' -> 'www/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png' 'hugo/public/img/ImagesBasic/Request_Page/Moderation_Requests.png' -> 'www/img/ImagesBasic/Request_Page/Moderation_Requests.png' 'hugo/public/img/ImagesBasic/Request_Page/Request_Page.png' -> 'www/img/ImagesBasic/Request_Page/Request_Page.png' 'hugo/public/img/ImagesBasic/VulnerabiblitiesPage' -> 'www/img/ImagesBasic/VulnerabiblitiesPage' 'hugo/public/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png' -> 'www/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png' 'hugo/public/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png' -> 'www/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png' 'hugo/public/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png' -> 'www/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png' 'hugo/public/img/SW360RESTfulAPIImages' -> 'www/img/SW360RESTfulAPIImages' 'hugo/public/img/SW360RESTfulAPIImages/Preferences-AccessToke.png' -> 'www/img/SW360RESTfulAPIImages/Preferences-AccessToke.png' 'hugo/public/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png' -> 'www/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png' 'hugo/public/img/SW360RESTfulAPIImages/techtokenreadexample.png' -> 'www/img/SW360RESTfulAPIImages/techtokenreadexample.png' 'hugo/public/img/SW360RESTfulAPIImages/techtokenreadwriteexample.png' -> 'www/img/SW360RESTfulAPIImages/techtokenreadwriteexample.png' 'hugo/public/img/banners' -> 'www/img/banners' 'hugo/public/img/banners/banner-1.jpg' -> 'www/img/banners/banner-1.jpg' 'hugo/public/img/carousel' -> 'www/img/carousel' 'hugo/public/img/carousel/sw360-slide-01.jpg' -> 'www/img/carousel/sw360-slide-01.jpg' 'hugo/public/img/carousel/sw360-slide-02.jpg' -> 'www/img/carousel/sw360-slide-02.jpg' 'hugo/public/img/carousel/sw360-slide-03.jpg' -> 'www/img/carousel/sw360-slide-03.jpg' 'hugo/public/img/clients' -> 'www/img/clients' 'hugo/public/img/clients/Cariad.png' -> 'www/img/clients/Cariad.png' 'hugo/public/img/clients/Eclipse.png' -> 'www/img/clients/Eclipse.png' 'hugo/public/img/clients/Siemens.png' -> 'www/img/clients/Siemens.png' 'hugo/public/img/couchdb' -> 'www/img/couchdb' 'hugo/public/img/couchdb/ConfigDomainCouchdb.jpg' -> 'www/img/couchdb/ConfigDomainCouchdb.jpg' 'hugo/public/img/couchdb/ConfigIPCouchdb.jpg' -> 'www/img/couchdb/ConfigIPCouchdb.jpg' 'hugo/public/img/couchdb/ConfigTypeCouchdb.jpg' -> 'www/img/couchdb/ConfigTypeCouchdb.jpg' 'hugo/public/img/couchdb/RepeatPassword.jpg' -> 'www/img/couchdb/RepeatPassword.jpg' 'hugo/public/img/couchdb/SetupMagicCookie.jpg' -> 'www/img/couchdb/SetupMagicCookie.jpg' 'hugo/public/img/couchdb/SetupPassword.jpg' -> 'www/img/couchdb/SetupPassword.jpg' 'hugo/public/img/couchdb/StatusStartCouchdb.jpg' -> 'www/img/couchdb/StatusStartCouchdb.jpg' 'hugo/public/img/couchdb/StatusStopCouchdb.jpg' -> 'www/img/couchdb/StatusStopCouchdb.jpg' 'hugo/public/img/logos' -> 'www/img/logos' 'hugo/public/img/logos/logo_full.svg' -> 'www/img/logos/logo_full.svg' 'hugo/public/img/sw360screenshots' -> 'www/img/sw360screenshots' 'hugo/public/img/sw360screenshots/ReIndexSearch.png' -> 'www/img/sw360screenshots/ReIndexSearch.png' 'hugo/public/img/sw360screenshots/sw360screenshot-components01.png' -> 'www/img/sw360screenshots/sw360screenshot-components01.png' 'hugo/public/img/sw360screenshots/sw360screenshot-components02.png' -> 'www/img/sw360screenshots/sw360screenshot-components02.png' 'hugo/public/img/sw360screenshots/sw360screenshot-components03.png' -> 'www/img/sw360screenshots/sw360screenshot-components03.png' 'hugo/public/img/sw360screenshots/sw360screenshot-components04.png' -> 'www/img/sw360screenshots/sw360screenshot-components04.png' 'hugo/public/img/sw360screenshots/sw360screenshot-ecc.png' -> 'www/img/sw360screenshots/sw360screenshot-ecc.png' 'hugo/public/img/sw360screenshots/sw360screenshot-home.png' -> 'www/img/sw360screenshots/sw360screenshot-home.png' 'hugo/public/img/sw360screenshots/sw360screenshot-preferences01.png' -> 'www/img/sw360screenshots/sw360screenshot-preferences01.png' 'hugo/public/img/sw360screenshots/sw360screenshot-preferences02.png' -> 'www/img/sw360screenshots/sw360screenshot-preferences02.png' 'hugo/public/img/sw360screenshots/sw360screenshot-projectlist.png' -> 'www/img/sw360screenshots/sw360screenshot-projectlist.png' 'hugo/public/img/sw360screenshots/sw360screenshot-projects01.png' -> 'www/img/sw360screenshots/sw360screenshot-projects01.png' 'hugo/public/img/sw360screenshots/sw360screenshot-projects02.png' -> 'www/img/sw360screenshots/sw360screenshot-projects02.png' 'hugo/public/img/sw360screenshots/sw360screenshot-projects03.png' -> 'www/img/sw360screenshots/sw360screenshot-projects03.png' 'hugo/public/img/sw360screenshots/sw360screenshot-projects04.png' -> 'www/img/sw360screenshots/sw360screenshot-projects04.png' 'hugo/public/img/sw360screenshots/sw360screenshot-search.png' -> 'www/img/sw360screenshots/sw360screenshot-search.png' 'hugo/public/img/sw360screenshots/dependency_network' -> 'www/img/sw360screenshots/dependency_network' 'hugo/public/img/sw360screenshots/dependency_network/Add_root_release_button.png' -> 'www/img/sw360screenshots/dependency_network/Add_root_release_button.png' 'hugo/public/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png' -> 'www/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png' 'hugo/public/img/sw360screenshots/dependency_network/Check_diff_button.png' -> 'www/img/sw360screenshots/dependency_network/Check_diff_button.png' 'hugo/public/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png' -> 'www/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png' 'hugo/public/img/sw360screenshots/dependency_network/Select_version_box.png' -> 'www/img/sw360screenshots/dependency_network/Select_version_box.png' 'hugo/public/img/sw360screenshots/dependency_network/new_edit_GUI.png' -> 'www/img/sw360screenshots/dependency_network/new_edit_GUI.png' 'hugo/public/img/sw360screenshots/deploy73' -> 'www/img/sw360screenshots/deploy73' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.39.14.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.39.14.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png' 'hugo/public/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png' -> 'www/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.23.37.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.23.37.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.01.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.01.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png' 'hugo/public/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png' -> 'www/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png' 'hugo/public/img/sw360screenshots/deploy73/2021-06-20_21.40.27.png' -> 'www/img/sw360screenshots/deploy73/2021-06-20_21.40.27.png' 'hugo/public/img/sw360screenshots/deploy73/2021-06-20_21.41.14.png' -> 'www/img/sw360screenshots/deploy73/2021-06-20_21.41.14.png' 'hugo/public/img/sw360screenshots/deploy74' -> 'www/img/sw360screenshots/deploy74' 'hugo/public/img/sw360screenshots/deploy74/1.png' -> 'www/img/sw360screenshots/deploy74/1.png' 'hugo/public/img/sw360screenshots/deploy74/10.png' -> 'www/img/sw360screenshots/deploy74/10.png' 'hugo/public/img/sw360screenshots/deploy74/11.png' -> 'www/img/sw360screenshots/deploy74/11.png' 'hugo/public/img/sw360screenshots/deploy74/12.png' -> 'www/img/sw360screenshots/deploy74/12.png' 'hugo/public/img/sw360screenshots/deploy74/13.png' -> 'www/img/sw360screenshots/deploy74/13.png' 'hugo/public/img/sw360screenshots/deploy74/14.png' -> 'www/img/sw360screenshots/deploy74/14.png' 'hugo/public/img/sw360screenshots/deploy74/15.png' -> 'www/img/sw360screenshots/deploy74/15.png' 'hugo/public/img/sw360screenshots/deploy74/16.png' -> 'www/img/sw360screenshots/deploy74/16.png' 'hugo/public/img/sw360screenshots/deploy74/17.png' -> 'www/img/sw360screenshots/deploy74/17.png' 'hugo/public/img/sw360screenshots/deploy74/18.png' -> 'www/img/sw360screenshots/deploy74/18.png' 'hugo/public/img/sw360screenshots/deploy74/19.png' -> 'www/img/sw360screenshots/deploy74/19.png' 'hugo/public/img/sw360screenshots/deploy74/2.png' -> 'www/img/sw360screenshots/deploy74/2.png' 'hugo/public/img/sw360screenshots/deploy74/20.png' -> 'www/img/sw360screenshots/deploy74/20.png' 'hugo/public/img/sw360screenshots/deploy74/21.png' -> 'www/img/sw360screenshots/deploy74/21.png' 'hugo/public/img/sw360screenshots/deploy74/22.png' -> 'www/img/sw360screenshots/deploy74/22.png' 'hugo/public/img/sw360screenshots/deploy74/23.png' -> 'www/img/sw360screenshots/deploy74/23.png' 'hugo/public/img/sw360screenshots/deploy74/24.png' -> 'www/img/sw360screenshots/deploy74/24.png' 'hugo/public/img/sw360screenshots/deploy74/25.png' -> 'www/img/sw360screenshots/deploy74/25.png' 'hugo/public/img/sw360screenshots/deploy74/26.png' -> 'www/img/sw360screenshots/deploy74/26.png' 'hugo/public/img/sw360screenshots/deploy74/3.png' -> 'www/img/sw360screenshots/deploy74/3.png' 'hugo/public/img/sw360screenshots/deploy74/4.png' -> 'www/img/sw360screenshots/deploy74/4.png' 'hugo/public/img/sw360screenshots/deploy74/5.png' -> 'www/img/sw360screenshots/deploy74/5.png' 'hugo/public/img/sw360screenshots/deploy74/6.png' -> 'www/img/sw360screenshots/deploy74/6.png' 'hugo/public/img/sw360screenshots/deploy74/7.png' -> 'www/img/sw360screenshots/deploy74/7.png' 'hugo/public/img/sw360screenshots/deploy74/8.png' -> 'www/img/sw360screenshots/deploy74/8.png' 'hugo/public/img/sw360screenshots/deploy74/9.png' -> 'www/img/sw360screenshots/deploy74/9.png' 'hugo/public/img/sw360screenshots/spdx_document' -> 'www/img/sw360screenshots/spdx_document' 'hugo/public/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png' -> 'www/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png' 'hugo/public/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png' -> 'www/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png' 'hugo/public/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png' -> 'www/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png' 'hugo/public/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png' -> 'www/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png' 'hugo/public/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_(3.12.0).png' -> 'www/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_(3.12.0).png' 'hugo/public/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_(8.8).png' -> 'www/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_(8.8).png' 'hugo/public/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc(2.11.1).png' -> 'www/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc(2.11.1).png' 'hugo/public/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_(3.12.0).png' -> 'www/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_(3.12.0).png' 'hugo/public/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_(8.8).png' -> 'www/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_(8.8).png' 'hugo/public/img/workflow' -> 'www/img/workflow' 'hugo/public/img/workflow/workflow-add-project.png' -> 'www/img/workflow/workflow-add-project.png' 'hugo/public/img/workflow/workflow-clearing.png' -> 'www/img/workflow/workflow-clearing.png' 'hugo/public/img/workflow/workflow-moderation.png' -> 'www/img/workflow/workflow-moderation.png' 'hugo/public/img/workflow/worklfow-adding-component-and-release-to-a-project.png' -> 'www/img/workflow/worklfow-adding-component-and-release-to-a-project.png' 'hugo/public/index.html' -> 'www/index.html' 'hugo/public/index.xml' -> 'www/index.xml' 'hugo/public/js' -> 'www/js' 'hugo/public/js/deflate.js' -> 'www/js/deflate.js' 'hugo/public/js/prism.js' -> 'www/js/prism.js' 'hugo/public/js/swagger-ui-bundle.js' -> 'www/js/swagger-ui-bundle.js' 'hugo/public/js/swagger-ui-standalone-preset.js' -> 'www/js/swagger-ui-standalone-preset.js' 'hugo/public/js/tabpane-persist.js' -> 'www/js/tabpane-persist.js' 'hugo/public/js/main.js' -> 'www/js/main.js' 'hugo/public/presentations' -> 'www/presentations' 'hugo/public/presentations/index.html' -> 'www/presentations/index.html' 'hugo/public/presentations/index.xml' -> 'www/presentations/index.xml' 'hugo/public/robots.txt' -> 'www/robots.txt' 'hugo/public/screenshots' -> 'www/screenshots' 'hugo/public/screenshots/index.html' -> 'www/screenshots/index.html' 'hugo/public/scss' -> 'www/scss' 'hugo/public/scss/main.css.map' -> 'www/scss/main.css.map' 'hugo/public/scss/main.css' -> 'www/scss/main.css' 'hugo/public/sitemap.xml' -> 'www/sitemap.xml' 'hugo/public/webfonts' -> 'www/webfonts' 'hugo/public/webfonts/fa-brands-400.eot' -> 'www/webfonts/fa-brands-400.eot' 'hugo/public/webfonts/fa-brands-400.svg' -> 'www/webfonts/fa-brands-400.svg' 'hugo/public/webfonts/fa-brands-400.ttf' -> 'www/webfonts/fa-brands-400.ttf' 'hugo/public/webfonts/fa-brands-400.woff' -> 'www/webfonts/fa-brands-400.woff' 'hugo/public/webfonts/fa-brands-400.woff2' -> 'www/webfonts/fa-brands-400.woff2' 'hugo/public/webfonts/fa-regular-400.eot' -> 'www/webfonts/fa-regular-400.eot' 'hugo/public/webfonts/fa-regular-400.svg' -> 'www/webfonts/fa-regular-400.svg' 'hugo/public/webfonts/fa-regular-400.ttf' -> 'www/webfonts/fa-regular-400.ttf' 'hugo/public/webfonts/fa-regular-400.woff' -> 'www/webfonts/fa-regular-400.woff' 'hugo/public/webfonts/fa-regular-400.woff2' -> 'www/webfonts/fa-regular-400.woff2' 'hugo/public/webfonts/fa-solid-900.eot' -> 'www/webfonts/fa-solid-900.eot' 'hugo/public/webfonts/fa-solid-900.svg' -> 'www/webfonts/fa-solid-900.svg' 'hugo/public/webfonts/fa-solid-900.ttf' -> 'www/webfonts/fa-solid-900.ttf' 'hugo/public/webfonts/fa-solid-900.woff' -> 'www/webfonts/fa-solid-900.woff' 'hugo/public/webfonts/fa-solid-900.woff2' -> 'www/webfonts/fa-solid-900.woff2' [Pipeline] dir Running in /home/jenkins/agent/workspace/sw360.website/www [Pipeline] { [Pipeline] sshagent [ssh-agent] Using credentials sw360-bot (GitHub bot (SSH)) [ssh-agent] Looking for ssh-agent implementation... [ssh-agent] Exec ssh-agent (binary ssh-agent on a remote machine) $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-skvVaMRACp4b/agent.196 SSH_AGENT_PID=198 Running ssh-add (command line suppressed) Identity added: /home/jenkins/agent/workspace/sw360.website/www@tmp/private_key_967357189528025015.key (sw360-bot@eclipse.org) [ssh-agent] Started. [Pipeline] { [Pipeline] sh + git add -A + git diff --cached --exit-code diff --git a/404.html b/404.html index 7d76970..6d2a67a 100644 --- a/404.html +++ b/404.html @@ -1,309 +1,6 @@ - - - - - - - - - - - - - - - - - - - - -404 Page not found | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
- -
-
-

Not found

-

Oops! This page doesn't exist. Try going back to our home page.

-
-
- -
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +404 Page not found | Eclipse SW360 +

Not found

Oops! This page doesn't exist. Try going back to our home page.

+ + + \ No newline at end of file diff --git a/about/index.html b/about/index.html index 07f5cfb..7ae61bd 100644 --- a/about/index.html +++ b/about/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -About Eclipse SW360 | Eclipse SW360 -About Eclipse SW360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
- - - - - - - - - - - - - -
-
-
-
-
- - -
- -
-

About Eclipse SW360

- - -
-
-
-
-
- -
- -
-
-
-

In most cases, software today is not built from scratch, but rather assembled from various prepackaged third-party software components. As a result, organizations face the following challenges:

-
    -
  • Verifying various aspects of compliance when using third-party software components: license compliance, ECC checks, IP assessments, etc.
    • -
  • Sharing knowledge about software components and their qualities. For example, which software components should be recommended, which should be phased out based on which criteria?
    • -
  • Providing a broad overview of the components used: An organization and its supply chain management must have information about which assets are integrated into which products or solutions.
    • -
-

These three main use cases target different roles in an organization: quality managers, software developers, legal counsels, software architects, R&D managers etc. However, all these use cases share a common need for a central hub that manages insights into software components.

-

SW360 is an open source software project licensed under the EPL-2.0 that provides both a web application and a repository to collect, organize and make available information about software components. It establishes a central hub for software components in an organization. SW360 allows for

-
    -
  • tracking components used by a project/product,
    • -
  • assessing security vulnerabilities,
    • -
  • maintaining license obligations,
    • -
  • enforcing policies, and
    • -
  • generating legal documents.
    • -
-

For example, SW360 can trigger a clearing process in the open source compliance tool FOSSology and import the resulting clearing reporting. Data is either stored in SW360’s database or on the fly imported from external sources. In future we plan to have federations of SW360 instances that share selected information. Besides its web-based UI, all functionality of SW360 is available through an API that allows an integration into existing devops tools.

-
-
-
- - - -
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file + About Eclipse SW360 …"> +

About Eclipse SW360

In most cases, software today is not built from scratch, but rather assembled from various prepackaged third-party software components. As a result, organizations face the following challenges:

  • Verifying various aspects of compliance when using third-party software components: license compliance, ECC checks, IP assessments, etc.
  • Sharing knowledge about software components and their qualities. For example, which software components should be recommended, which should be phased out based on which criteria?
  • Providing a broad overview of the components used: An organization and its supply chain management must have information about which assets are integrated into which products or solutions.

These three main use cases target different roles in an organization: quality managers, software developers, legal counsels, software architects, R&D managers etc. However, all these use cases share a common need for a central hub that manages insights into software components.

SW360 is an open source software project licensed under the EPL-2.0 that provides both a web application and a repository to collect, organize and make available information about software components. It establishes a central hub for software components in an organization. SW360 allows for

  • tracking components used by a project/product,
  • assessing security vulnerabilities,
  • maintaining license obligations,
  • enforcing policies, and
  • generating legal documents.

For example, SW360 can trigger a clearing process in the open source compliance tool FOSSology and import the resulting clearing reporting. Data is either stored in SW360’s database or on the fly imported from external sources. In future we plan to have federations of SW360 instances that share selected information. Besides its web-based UI, all functionality of SW360 is available through an API that allows an integration into existing devops tools.

+ + + \ No newline at end of file diff --git a/docs/administrationguide/index.html b/docs/administrationguide/index.html index 6a03417..7f04d6b 100644 --- a/docs/administrationguide/index.html +++ b/docs/administrationguide/index.html @@ -1,818 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Administration Guides | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Administration Guides

-
SW360 Administration Guides
-
- - - - - - - - - - - - - -
- -
- - - - - - - - -
- - -
-
- Administrator Menu -
-

-
- - -
-
- User Management Roles -
-

-
- - -
-
- CVE-Search Scheduling -
-

How to schedule the CVE-Search Service

-
- - -
-
- Enumerations -
-

SW360 enumeration values for the internal thrift API

-
- - -
-
- Properties -
-

-
- - -
-
- Vulnerability Management -
-

SW360 Vulnerability Portlet

-
- - -
- - - -
- Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e) -
- -
- -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Administration Guides | Eclipse SW360 +

Administration Guides

SW360 Administration Guides
Administrator Menu

User Management Roles

CVE-Search Scheduling

How to schedule the CVE-Search Service

Enumerations

SW360 enumeration values for the internal thrift API

Properties

Vulnerability Management

SW360 Vulnerability Portlet

Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/index.xml b/docs/administrationguide/index.xml index b2b3b6e..abfbd43 100644 --- a/docs/administrationguide/index.xml +++ b/docs/administrationguide/index.xml @@ -1,874 +1,778 @@ - - - Eclipse SW360 – Administration Guides - https://www.eclipse.org/sw360/docs/administrationguide/ - Recent content in Administration Guides on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Administrator Menu - https://www.eclipse.org/sw360/docs/administrationguide/menu/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/menu/ - - - - <p>The <strong>admin menu</strong> consists of the following items:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/admin_menu.png"/> -</figure> - -<ul> -<li> -<p><strong>User</strong>: Displays the list of <strong>Liferay Users</strong>. One can also download or upload new users in this section</p> -</li> -<li> -<p><strong>Vendors</strong>: Displays the list of the <strong>Vendors</strong> that can be managed by the admin</p> -</li> -<li> -<p><strong>Bulk License Edit</strong>: List of licenses can be edited together in this section</p> -</li> -<li> -<p><strong>Licenses</strong>: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section</p> -</li> -<li> -<p><strong>Obligations</strong>: To manage different types of Obligations on the basis of obligation level and obligation type</p> -</li> -<li> -<p><strong>Schedule</strong>: To schedule tasks such as CVE Search</p> -</li> -<li> -<p><strong>Fosology</strong>: Connection to the Fossology server</p> -</li> -<li> -<p><strong>Import and Export</strong>: Can Import and Export <strong>Component</strong>, <strong>Release</strong> and <strong>License</strong> information</p> -</li> -<li> -<p><strong>Attachment Cleanup</strong>: To cleanup attachment database</p> -</li> -<li> -<p><strong>Database Sanitization</strong>: Helps in searching for duplicate identifiers</p> -</li> -</ul> - - - - - - Docs: User Management Roles - https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ - - - - <p>Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;</p> -<ul> -<li>The creator of the record</li> -<li>The moderators for a record</li> -<li>The clearing admins of the same group in SW360.</li> -</ul> -<p>Then, the proposed changes can be approved by them.</p> -<h2 id="general-sw360-roles-and-access">General SW360 Roles and Access</h2> -<p>There are two main types of roles. The first type are general roles on the system that apply in the default case:</p> -<ol> -<li><strong>User</strong> - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.</li> -<li><strong>Clearing Expert</strong> - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.</li> -<li><strong>Clearing Admin</strong> - A clearing admin has the rights to work on the projects of the own group and to edit licenses.</li> -<li><strong>ECC Admin</strong> - The only users who can edit (or approve as moderation request) ECC classifications.</li> -<li><strong>Secuirty Admin</strong> - The only users to edit relevance for security vulnerabilities.</li> -<li><strong>SW360 Admin</strong> - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.</li> -</ol> -<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> -<ol> -<li><strong>Creator</strong> - A creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item.</li> -<li><strong>Moderator</strong> - A creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> -<li><strong>Contributor</strong> (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.</li> -<li><strong>Project Owner</strong> - A user who owns the project.</li> -<li><strong>Lead Architect</strong> (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> -<li><strong>Project Responsible</strong> (Project) - Is a contributor, just named differently to identify the responsible person.</li> -<li><strong>Security Responsible</strong> - Users responsible for the security of the project.</li> -</ol> - - - - - - Docs: CVE-Search Scheduling - https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ - - - - <p>SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.</p> -<p>In what follows the synchronization between SW360 and the external CVE provider is described.</p> -<p><code>CveSearch-updates</code> can either be scheduled automatically when launching the <code>schedule-service</code> (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an <code>SW360 admin</code>. -It is automatically scheduled with the start of the scheduling service, if in the <code>/resources/sw360.properties</code> file of the <code>schedule-service</code> in the backend, <code>cvesearchService</code> is mentioned in the <code>autostart</code>-property:</p> -<p><code>autostart = cvesearchService</code></p> -<p>According to the default settings, cveSearch is <em>not</em> auto-started with the scheduling service.</p> -<p>For manually scheduling the CVE search service, open the <code>Schedule Portlet</code> of the <code>Admin</code> menu. Note that the <code>Admin</code> menu is only visible to <code>SW360 admins</code>.</p> -<p><img src="./images/UCAdminScheduling/01_adminMenu.png" alt=""></p> -<p>In the <code>Schedule Portlet</code> of the <code>Admin</code> menu, a user with <code>admin</code> rights can turn on or off automatic updates of the cve-search service manually. -In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the <code>Schedule CveSearch Updates</code>-button is inactive, whereas the <code>Cancel Scheduled CveSearch Updates</code>-button is active and vice versa:</p> -<p><img src="./images/UCAdminScheduling/scheduleAdminPortlet.png" alt=""></p> -<p>The <code>offset</code> (first run of the update) and the <code>interval</code> between updates can also be adjusted in the <code>/resources/sw360.properties</code> file of the <code>src-schedule</code> service. -The corresponding properties are <code>schedule.cvesearch.firstOffset.seconds</code> and <code>schedule.cvesearch.interval.seconds</code>. -The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. -The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> -<p><code>schedule.cvesearch.firstOffset.seconds = 0</code></p> -<p><code>schedule.cvesearch.interval.seconds = 86400</code></p> -<p>With automatic scheduling the next synchronization moment according to the <code>offset</code> and the <code>interval</code> is computed. This will be the first moment when a <code>cveSearch-update</code> is run. -There is nothing like an <code>initial run</code> when autostarting of manually scheduling the <code>CveSearch-updates</code>. -Moreover, the configuration, i.e. <code>offset</code>, <code>interval</code> and <code>next synchronization</code> (where the latter is a consequence of <code>offset</code> and <code> interval</code>) are shown in the portlet:</p> -<p><img src="./images/UCAdminScheduling/scheduleAdminPortletProperties.png" alt=""></p> -<h2 id="setup-of-a-local-instance">Setup of a local instance</h2> -<p>It is recommended to set up and use a local instance instead of the public cve-search instance. -The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.</p> - - - - - - Docs: Enumerations - https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ - - - - <p>SW360 thrift API is comprised of the following methods:</p> -<ul> -<li>attachments</li> -<li>codescoop</li> -<li>components</li> -<li>cvesearch</li> -<li>fossology</li> -<li>importstatus</li> -<li>licenseinfo</li> -<li>licenses</li> -<li>moderation</li> -<li>projectimport</li> -<li>projects</li> -<li>schedule</li> -<li>search</li> -<li>sw360</li> -<li>users</li> -<li>vendors</li> -<li>vulnerabilities</li> -</ul> -<p>Reference: <a href="https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift">https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift</a></p> -<h2 id="attachments">Attachments</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift</a></p> -<h3 id="attachmenttype">AttachmentType</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>DOCUMENT</td> -<td>justa document</td> -</tr> -<tr> -<td>SOURCE</td> -<td>original course code</td> -</tr> -<tr> -<td>DESIGN</td> -<td>design document</td> -</tr> -<tr> -<td>REQUIREMENT</td> -<td>requirements document</td> -</tr> -<tr> -<td>CLEARING_REPORT</td> -<td>OSS licensing reporting</td> -</tr> -<tr> -<td>COMPONENT_LICENSE_INFO_XML</td> -<td>XML document with licenseing information - e.g. SPDX</td> -</tr> -<tr> -<td>COMPONENT_LICENSE_INFO_COMBINED</td> -<td>XML document with licensing information covering multiple componnts at once - e.g. SPDX</td> -</tr> -<tr> -<td>SCAN_RESULT_REPORT</td> -<td>Output what a scanner for licenses has found</td> -</tr> -<tr> -<td>SCAN_RESULT_REPORT_XML</td> -<td>Output what a scanner for licenses has found this time in XML</td> -</tr> -<tr> -<td>SOURCE_SELF</td> -<td>Self assembled source code distribution</td> -</tr> -<tr> -<td>BINARY</td> -<td>Binary of component from vendor</td> -</tr> -<tr> -<td>BINARY_SELF</td> -<td>Self built binary</td> -</tr> -<tr> -<td>DECISION_REPORT</td> -<td>documenting importing decisions for using this item</td> -</tr> -<tr> -<td>LEGAL_EVALUATION</td> -<td>Some legal evaluation created for this item</td> -</tr> -<tr> -<td>LICENSE_AGREEMENT</td> -<td>A ruling license agreement for this item, note that this could be for commercial software for example</td> -</tr> -<tr> -<td>SCREENSHOT</td> -<td>Screenshot, usually screenshot of the Website with licensing information</td> -</tr> -<tr> -<td>OTHER</td> -<td>anything that dos not match to the given above</td> -</tr> -</tbody> -</table> -<h3 id="checkstatus">CheckStatus</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>NOTCHECKED</td> -<td>Default value after upload.</td> -</tr> -<tr> -<td>ACCEPTED</td> -<td>Reviewed and confirmed attachment.</td> -</tr> -<tr> -<td>REJECTED</td> -<td>Document or attachment cannot be used.</td> -</tr> -</tbody> -</table> -<h2 id="codescoop-thrift-file">CodeScoop Thrift File</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift</a></p> -<h2 id="components">Components</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift</a></p> -<h2 id="cvesearch">cvesearch</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift</a></p> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>NEW</td> -<td>&hellip;</td> -</tr> -<tr> -<td>UPDATED</td> -<td>New information for a notification message, so it is updated</td> -</tr> -<tr> -<td>OLD</td> -<td>&hellip;</td> -</tr> -<tr> -<td>FAILED</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="fossology">Fossology</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="importstatus">Importstatus</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="license-info">License Info</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h3 id="licenseinforequeststatus">LicenseInfoRequestStatus</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>SUCCESS</td> -<td>&hellip;</td> -</tr> -<tr> -<td>NO_APPLICABLE_SOURCE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>FAILURE</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h3 id="outputformatvariant">OutputFormatVariant</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>REPORT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>DISCLOSURE</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="licenses">Licenses</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="moderation">Moderation</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift</a></p> -<h3 id="documenttype">DocumentType</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>COMPONENT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>RELEASE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>PROJECT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>LICENSE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>USER</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="project-import">Project Import</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="projects">Projects</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift</a></p> -<h3 id="project-state">Project State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>ACTIVE</td> -<td><em>well</em></td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td><em>well</em></td> -</tr> -<tr> -<td>UNKNOWN</td> -<td><em>well</em></td> -</tr> -</tbody> -</table> -<h3 id="project-type">Project Type</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>CUSTOMER</td> -<td>Project that delivers artifacts to customer outside organisation</td> -</tr> -<tr> -<td>INTERNAL</td> -<td>Project that provides artifacts or service for internal use</td> -</tr> -<tr> -<td>PRODUCT</td> -<td>Just that it is a product instead of a project</td> -</tr> -<tr> -<td>SERVICE</td> -<td>Project that provides services to customer outside organisation</td> -</tr> -<tr> -<td>INNER_SOURCE</td> -<td>Inner source project, meaning that everyone inside org can use it</td> -</tr> -</tbody> -</table> -<h3 id="project-relationship">Project Relationship</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>UNKNOWN</td> -<td><em>unknown</em></td> -</tr> -<tr> -<td>REFERRED</td> -<td>Sister project</td> -</tr> -<tr> -<td>CONTAINED</td> -<td>Sub project</td> -</tr> -<tr> -<td>DUPLICATE</td> -<td><em>duplicate</em></td> -</tr> -</tbody> -</table> -<h3 id="project-clearing-state">Project Clearing State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>not started</td> -</tr> -<tr> -<td>IN_PROGRESS</td> -<td>&hellip;</td> -</tr> -<tr> -<td>CLOSED</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="schedule">Schedule</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="search">Search</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="general-sw360-thrift">General SW360 Thrift</h2> -<h3 id="software-mainline-states">Software Mainline States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>Not decided so far</td> -</tr> -<tr> -<td>MAINLINE</td> -<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> -</tr> -<tr> -<td>SPECIFIC</td> -<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td>The software has issues, please consider removing it soon, if in use.</td> -</tr> -<tr> -<td>DENIED</td> -<td>Software which is not allowed for use. For example, software that does not have licensing.</td> -</tr> -</tbody> -</table> -<h2 id="general-sw360-thrift-1">General SW360 Thrift</h2> -<h3 id="software-mainline-states-1">Software Mainline States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>Not decided so far</td> -</tr> -<tr> -<td>MAINLINE</td> -<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> -</tr> -<tr> -<td>SPECIFIC</td> -<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td>The software has issues, please consider removing it soon, if in use.</td> -</tr> -<tr> -<td>DENIED</td> -<td>Software which is not allowed for use. For example, software that does not have licensing.</td> -</tr> -</tbody> -</table> -<h3 id="moderation-states">Moderation States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>PENDING</td> -<td>Not opened so far.</td> -</tr> -<tr> -<td>APPROVED</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.</td> -</tr> -<tr> -<td>REJECTED</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.</td> -</tr> -<tr> -<td>INPROGRESS</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.</td> -</tr> -</tbody> -</table> -<h3 id="visibility">Visibility</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>PRIVATE</td> -<td>Only visible by creator (and admin which applies to all visibility levels).</td> -</tr> -<tr> -<td>ME_AND_MODERATORS</td> -<td>Visible by creator and moderators.</td> -</tr> -<tr> -<td>BUISNESSUNIT_AND_MODERATORS</td> -<td>All users of the same group and the moderators.</td> -</tr> -<tr> -<td>EVERYONE</td> -<td>Every user who is logged into the system.</td> -</tr> -</tbody> -</table> -<h3 id="verification-state">Verification State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>NOT_CHECKED</td> -<td>No one has yet looked at this and verified it.</td> -</tr> -<tr> -<td>CHECKED</td> -<td>It is verified.</td> -</tr> -<tr> -<td>INCORRECT</td> -<td>It was decided that the verification should be rejected.</td> -</tr> -</tbody> -</table> -<h3 id="release-relationship">Release Relationship</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -<th>Clearing releav nt</th> -</tr> -</thead> -<tbody> -<tr> -<td>CONTAINED</td> -<td>If you just do not know whether it is dynamically linked.</td> -<td>Yes</td> -</tr> -<tr> -<td>REFERRED</td> -<td>Referencing a stand alone used other part.</td> -<td>No</td> -</tr> -<tr> -<td>UNKNOWN</td> -<td>If you just do not know.</td> -<td>Yes</td> -</tr> -<tr> -<td>DYNAMICALLY_LINKED</td> -<td>Software dynamically linked - as the name says.</td> -<td>Yes</td> -</tr> -<tr> -<td>STATICALLY_LINKED</td> -<td>Software statically linked - as the name says.</td> -<td>Yes</td> -</tr> -<tr> -<td>SIDE_BY_SIDE</td> -<td>Not decided so far.</td> -<td>Yes</td> -</tr> -<tr> -<td>STANDALONE</td> -<td>Software is given as standalone delivery, ie. not technically connected.</td> -<td>Yes</td> -</tr> -<tr> -<td>INTERNAL_USE</td> -<td>Used for creating or building or ? the product or projects but not delivered.</td> -<td>Yes</td> -</tr> -<tr> -<td>OPTIONAL</td> -<td>Is not mandatory part of the installation.</td> -<td>Yes</td> -</tr> -<tr> -<td>TO_BE_REPLACED</td> -<td>Is there but should be moved out.</td> -<td>Yes</td> -</tr> -</tbody> -</table> -<h2 id="users">Users</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift</a></p> -<h2 id="vendors">Vendors</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="vulnerabilities">Vulnerabilities</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift</a></p> -<p><em>No enumerations provided</em></p> - - - - - - Docs: Properties - https://www.eclipse.org/sw360/docs/administrationguide/properties/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/properties/ - - - - <p><strong>Frontend Properties</strong>: All the sw360 frontend properties are mentioned in <a href="https://github.com/eclipse/sw360/blob/master/frontend/sw360-portlet/src/main/resources/sw360.properties">sw360.properties</a> file. +Eclipse SW360 – Administration Guideshttps://www.eclipse.org/sw360/docs/administrationguide/Recent content in Administration Guides on Eclipse SW360Hugo -- gohugo.ioDocs: Administrator Menuhttps://www.eclipse.org/sw360/docs/administrationguide/menu/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/menu/ +<p>The <strong>admin menu</strong> consists of the following items:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/admin_menu.png"/> +</figure> +<ul> +<li> +<p><strong>User</strong>: Displays the list of <strong>Liferay Users</strong>. One can also download or upload new users in this section</p> +</li> +<li> +<p><strong>Vendors</strong>: Displays the list of the <strong>Vendors</strong> that can be managed by the admin</p> +</li> +<li> +<p><strong>Bulk License Edit</strong>: List of licenses can be edited together in this section</p> +</li> +<li> +<p><strong>Licenses</strong>: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section</p> +</li> +<li> +<p><strong>Obligations</strong>: To manage different types of Obligations on the basis of obligation level and obligation type</p> +</li> +<li> +<p><strong>Schedule</strong>: To schedule tasks such as CVE Search</p> +</li> +<li> +<p><strong>Fosology</strong>: Connection to the Fossology server</p> +</li> +<li> +<p><strong>Import and Export</strong>: Can Import and Export <strong>Component</strong>, <strong>Release</strong> and <strong>License</strong> information</p> +</li> +<li> +<p><strong>Attachment Cleanup</strong>: To cleanup attachment database</p> +</li> +<li> +<p><strong>Database Sanitization</strong>: Helps in searching for duplicate identifiers</p> +</li> +</ul>Docs: User Management Roleshttps://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ +<p>Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;</p> +<ul> +<li>The creator of the record</li> +<li>The moderators for a record</li> +<li>The clearing admins of the same group in SW360.</li> +</ul> +<p>Then, the proposed changes can be approved by them.</p> +<h2 id="general-sw360-roles-and-access">General SW360 Roles and Access</h2> +<p>There are two main types of roles. The first type are general roles on the system that apply in the default case:</p> +<ol> +<li><strong>User</strong> - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.</li> +<li><strong>Clearing Expert</strong> - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.</li> +<li><strong>Clearing Admin</strong> - A clearing admin has the rights to work on the projects of the own group and to edit licenses.</li> +<li><strong>ECC Admin</strong> - The only users who can edit (or approve as moderation request) ECC classifications.</li> +<li><strong>Secuirty Admin</strong> - The only users to edit relevance for security vulnerabilities.</li> +<li><strong>SW360 Admin</strong> - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.</li> +</ol> +<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> +<ol> +<li><strong>Creator</strong> - A creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item.</li> +<li><strong>Moderator</strong> - A creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> +<li><strong>Contributor</strong> (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.</li> +<li><strong>Project Owner</strong> - A user who owns the project.</li> +<li><strong>Lead Architect</strong> (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> +<li><strong>Project Responsible</strong> (Project) - Is a contributor, just named differently to identify the responsible person.</li> +<li><strong>Security Responsible</strong> - Users responsible for the security of the project.</li> +</ol>Docs: CVE-Search Schedulinghttps://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ +<p>SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.</p> +<p>In what follows the synchronization between SW360 and the external CVE provider is described.</p> +<p><code>CveSearch-updates</code> can either be scheduled automatically when launching the <code>schedule-service</code> (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an <code>SW360 admin</code>. +It is automatically scheduled with the start of the scheduling service, if in the <code>/resources/sw360.properties</code> file of the <code>schedule-service</code> in the backend, <code>cvesearchService</code> is mentioned in the <code>autostart</code>-property:</p> +<p><code>autostart = cvesearchService</code></p> +<p>According to the default settings, cveSearch is <em>not</em> auto-started with the scheduling service.</p> +<p>For manually scheduling the CVE search service, open the <code>Schedule Portlet</code> of the <code>Admin</code> menu. Note that the <code>Admin</code> menu is only visible to <code>SW360 admins</code>.</p> +<p><img src="./images/UCAdminScheduling/01_adminMenu.png" alt=""></p> +<p>In the <code>Schedule Portlet</code> of the <code>Admin</code> menu, a user with <code>admin</code> rights can turn on or off automatic updates of the cve-search service manually. +In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the <code>Schedule CveSearch Updates</code>-button is inactive, whereas the <code>Cancel Scheduled CveSearch Updates</code>-button is active and vice versa:</p> +<p><img src="./images/UCAdminScheduling/scheduleAdminPortlet.png" alt=""></p> +<p>The <code>offset</code> (first run of the update) and the <code>interval</code> between updates can also be adjusted in the <code>/resources/sw360.properties</code> file of the <code>src-schedule</code> service. +The corresponding properties are <code>schedule.cvesearch.firstOffset.seconds</code> and <code>schedule.cvesearch.interval.seconds</code>. +The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. +The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> +<p><code>schedule.cvesearch.firstOffset.seconds = 0</code></p> +<p><code>schedule.cvesearch.interval.seconds = 86400</code></p> +<p>With automatic scheduling the next synchronization moment according to the <code>offset</code> and the <code>interval</code> is computed. This will be the first moment when a <code>cveSearch-update</code> is run. +There is nothing like an <code>initial run</code> when autostarting of manually scheduling the <code>CveSearch-updates</code>. +Moreover, the configuration, i.e. <code>offset</code>, <code>interval</code> and <code>next synchronization</code> (where the latter is a consequence of <code>offset</code> and <code> interval</code>) are shown in the portlet:</p> +<p><img src="./images/UCAdminScheduling/scheduleAdminPortletProperties.png" alt=""></p> +<h2 id="setup-of-a-local-instance">Setup of a local instance</h2> +<p>It is recommended to set up and use a local instance instead of the public cve-search instance. +The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.</p>Docs: Enumerationshttps://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ +<p>SW360 thrift API is comprised of the following methods:</p> +<ul> +<li>attachments</li> +<li>codescoop</li> +<li>components</li> +<li>cvesearch</li> +<li>fossology</li> +<li>importstatus</li> +<li>licenseinfo</li> +<li>licenses</li> +<li>moderation</li> +<li>projectimport</li> +<li>projects</li> +<li>schedule</li> +<li>search</li> +<li>sw360</li> +<li>users</li> +<li>vendors</li> +<li>vulnerabilities</li> +</ul> +<p>Reference: <a href="https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift">https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift</a></p> +<h2 id="attachments">Attachments</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift</a></p> +<h3 id="attachmenttype">AttachmentType</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>DOCUMENT</td> +<td>justa document</td> +</tr> +<tr> +<td>SOURCE</td> +<td>original course code</td> +</tr> +<tr> +<td>DESIGN</td> +<td>design document</td> +</tr> +<tr> +<td>REQUIREMENT</td> +<td>requirements document</td> +</tr> +<tr> +<td>CLEARING_REPORT</td> +<td>OSS licensing reporting</td> +</tr> +<tr> +<td>COMPONENT_LICENSE_INFO_XML</td> +<td>XML document with licenseing information - e.g. SPDX</td> +</tr> +<tr> +<td>COMPONENT_LICENSE_INFO_COMBINED</td> +<td>XML document with licensing information covering multiple componnts at once - e.g. SPDX</td> +</tr> +<tr> +<td>SCAN_RESULT_REPORT</td> +<td>Output what a scanner for licenses has found</td> +</tr> +<tr> +<td>SCAN_RESULT_REPORT_XML</td> +<td>Output what a scanner for licenses has found this time in XML</td> +</tr> +<tr> +<td>SOURCE_SELF</td> +<td>Self assembled source code distribution</td> +</tr> +<tr> +<td>BINARY</td> +<td>Binary of component from vendor</td> +</tr> +<tr> +<td>BINARY_SELF</td> +<td>Self built binary</td> +</tr> +<tr> +<td>DECISION_REPORT</td> +<td>documenting importing decisions for using this item</td> +</tr> +<tr> +<td>LEGAL_EVALUATION</td> +<td>Some legal evaluation created for this item</td> +</tr> +<tr> +<td>LICENSE_AGREEMENT</td> +<td>A ruling license agreement for this item, note that this could be for commercial software for example</td> +</tr> +<tr> +<td>SCREENSHOT</td> +<td>Screenshot, usually screenshot of the Website with licensing information</td> +</tr> +<tr> +<td>OTHER</td> +<td>anything that dos not match to the given above</td> +</tr> +</tbody> +</table> +<h3 id="checkstatus">CheckStatus</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>NOTCHECKED</td> +<td>Default value after upload.</td> +</tr> +<tr> +<td>ACCEPTED</td> +<td>Reviewed and confirmed attachment.</td> +</tr> +<tr> +<td>REJECTED</td> +<td>Document or attachment cannot be used.</td> +</tr> +</tbody> +</table> +<h2 id="codescoop-thrift-file">CodeScoop Thrift File</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift</a></p> +<h2 id="components">Components</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift</a></p> +<h2 id="cvesearch">cvesearch</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift</a></p> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>NEW</td> +<td>&hellip;</td> +</tr> +<tr> +<td>UPDATED</td> +<td>New information for a notification message, so it is updated</td> +</tr> +<tr> +<td>OLD</td> +<td>&hellip;</td> +</tr> +<tr> +<td>FAILED</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="fossology">Fossology</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="importstatus">Importstatus</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="license-info">License Info</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h3 id="licenseinforequeststatus">LicenseInfoRequestStatus</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>SUCCESS</td> +<td>&hellip;</td> +</tr> +<tr> +<td>NO_APPLICABLE_SOURCE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>FAILURE</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h3 id="outputformatvariant">OutputFormatVariant</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>REPORT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>DISCLOSURE</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="licenses">Licenses</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="moderation">Moderation</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift</a></p> +<h3 id="documenttype">DocumentType</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>COMPONENT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>RELEASE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>PROJECT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>LICENSE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>USER</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="project-import">Project Import</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="projects">Projects</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift</a></p> +<h3 id="project-state">Project State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>ACTIVE</td> +<td><em>well</em></td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td><em>well</em></td> +</tr> +<tr> +<td>UNKNOWN</td> +<td><em>well</em></td> +</tr> +</tbody> +</table> +<h3 id="project-type">Project Type</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>CUSTOMER</td> +<td>Project that delivers artifacts to customer outside organisation</td> +</tr> +<tr> +<td>INTERNAL</td> +<td>Project that provides artifacts or service for internal use</td> +</tr> +<tr> +<td>PRODUCT</td> +<td>Just that it is a product instead of a project</td> +</tr> +<tr> +<td>SERVICE</td> +<td>Project that provides services to customer outside organisation</td> +</tr> +<tr> +<td>INNER_SOURCE</td> +<td>Inner source project, meaning that everyone inside org can use it</td> +</tr> +</tbody> +</table> +<h3 id="project-relationship">Project Relationship</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>UNKNOWN</td> +<td><em>unknown</em></td> +</tr> +<tr> +<td>REFERRED</td> +<td>Sister project</td> +</tr> +<tr> +<td>CONTAINED</td> +<td>Sub project</td> +</tr> +<tr> +<td>DUPLICATE</td> +<td><em>duplicate</em></td> +</tr> +</tbody> +</table> +<h3 id="project-clearing-state">Project Clearing State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>not started</td> +</tr> +<tr> +<td>IN_PROGRESS</td> +<td>&hellip;</td> +</tr> +<tr> +<td>CLOSED</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="schedule">Schedule</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="search">Search</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="general-sw360-thrift">General SW360 Thrift</h2> +<h3 id="software-mainline-states">Software Mainline States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>Not decided so far</td> +</tr> +<tr> +<td>MAINLINE</td> +<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> +</tr> +<tr> +<td>SPECIFIC</td> +<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td>The software has issues, please consider removing it soon, if in use.</td> +</tr> +<tr> +<td>DENIED</td> +<td>Software which is not allowed for use. For example, software that does not have licensing.</td> +</tr> +</tbody> +</table> +<h2 id="general-sw360-thrift-1">General SW360 Thrift</h2> +<h3 id="software-mainline-states-1">Software Mainline States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>Not decided so far</td> +</tr> +<tr> +<td>MAINLINE</td> +<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> +</tr> +<tr> +<td>SPECIFIC</td> +<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td>The software has issues, please consider removing it soon, if in use.</td> +</tr> +<tr> +<td>DENIED</td> +<td>Software which is not allowed for use. For example, software that does not have licensing.</td> +</tr> +</tbody> +</table> +<h3 id="moderation-states">Moderation States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>PENDING</td> +<td>Not opened so far.</td> +</tr> +<tr> +<td>APPROVED</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.</td> +</tr> +<tr> +<td>REJECTED</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.</td> +</tr> +<tr> +<td>INPROGRESS</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.</td> +</tr> +</tbody> +</table> +<h3 id="visibility">Visibility</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>PRIVATE</td> +<td>Only visible by creator (and admin which applies to all visibility levels).</td> +</tr> +<tr> +<td>ME_AND_MODERATORS</td> +<td>Visible by creator and moderators.</td> +</tr> +<tr> +<td>BUISNESSUNIT_AND_MODERATORS</td> +<td>All users of the same group and the moderators.</td> +</tr> +<tr> +<td>EVERYONE</td> +<td>Every user who is logged into the system.</td> +</tr> +</tbody> +</table> +<h3 id="verification-state">Verification State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>NOT_CHECKED</td> +<td>No one has yet looked at this and verified it.</td> +</tr> +<tr> +<td>CHECKED</td> +<td>It is verified.</td> +</tr> +<tr> +<td>INCORRECT</td> +<td>It was decided that the verification should be rejected.</td> +</tr> +</tbody> +</table> +<h3 id="release-relationship">Release Relationship</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +<th>Clearing releav nt</th> +</tr> +</thead> +<tbody> +<tr> +<td>CONTAINED</td> +<td>If you just do not know whether it is dynamically linked.</td> +<td>Yes</td> +</tr> +<tr> +<td>REFERRED</td> +<td>Referencing a stand alone used other part.</td> +<td>No</td> +</tr> +<tr> +<td>UNKNOWN</td> +<td>If you just do not know.</td> +<td>Yes</td> +</tr> +<tr> +<td>DYNAMICALLY_LINKED</td> +<td>Software dynamically linked - as the name says.</td> +<td>Yes</td> +</tr> +<tr> +<td>STATICALLY_LINKED</td> +<td>Software statically linked - as the name says.</td> +<td>Yes</td> +</tr> +<tr> +<td>SIDE_BY_SIDE</td> +<td>Not decided so far.</td> +<td>Yes</td> +</tr> +<tr> +<td>STANDALONE</td> +<td>Software is given as standalone delivery, ie. not technically connected.</td> +<td>Yes</td> +</tr> +<tr> +<td>INTERNAL_USE</td> +<td>Used for creating or building or ? the product or projects but not delivered.</td> +<td>Yes</td> +</tr> +<tr> +<td>OPTIONAL</td> +<td>Is not mandatory part of the installation.</td> +<td>Yes</td> +</tr> +<tr> +<td>TO_BE_REPLACED</td> +<td>Is there but should be moved out.</td> +<td>Yes</td> +</tr> +</tbody> +</table> +<h2 id="users">Users</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift</a></p> +<h2 id="vendors">Vendors</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="vulnerabilities">Vulnerabilities</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift</a></p> +<p><em>No enumerations provided</em></p>Docs: Propertieshttps://www.eclipse.org/sw360/docs/administrationguide/properties/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/properties/ +<p><strong>Frontend Properties</strong>: All the sw360 frontend properties are mentioned in <a href="https://github.com/eclipse/sw360/blob/master/frontend/sw360-portlet/src/main/resources/sw360.properties">sw360.properties</a> file. For example; -<a href="https://github.com/eclipse/sw360/wiki/">https://github.com/eclipse/sw360/wiki/</a></p> -<ul> -<li> -<p>Different categories for components,</p> -<p>component.categories=[ &ldquo;framework&rdquo;, &ldquo;SDK&rdquo;, &ldquo;big-data&rdquo;, &ldquo;build-management&rdquo;, &ldquo;cloud&rdquo;, &ldquo;content&rdquo;, &ldquo;database&rdquo;, &ldquo;graphics&rdquo;, &ldquo;http&rdquo;, &ldquo;javaee&rdquo;, &ldquo;library&rdquo;, &ldquo;mail&rdquo;, &ldquo;mobile&rdquo;, &ldquo;network-client&rdquo;, &ldquo;network-server&rdquo;, &ldquo;osgi&rdquo;, &ldquo;security&rdquo;, &ldquo;testing&rdquo;, &ldquo;virtual-machine&rdquo;, &ldquo;web-framework&rdquo;, &ldquo;xml&rdquo;]</p> -</li> -<li> -<p>Dropdown for project type,</p> -<p>project.type=[ &ldquo;Customer Project&rdquo;, &ldquo;Internal Project&rdquo;, &ldquo;Product&rdquo;, &ldquo;Service&rdquo;, &ldquo;Inner Source&rdquo; ]</p> -</li> -<li> -<p>API Token generation,</p> -<p>rest.apitoken.generator.enable=false</p> -</li> -<li> -<p>Activation of portlets and components</p> -</li> -</ul> -<p><strong>Backend Properties</strong>: This, <a href="https://github.com/eclipse/sw360/blob/master/backend/src-common/src/main/resources/sw360.properties">sw360.properties</a> file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.</p> -<p>You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.</p> - - - - - - Docs: Vulnerability Management - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/ - - - - <p>In the <code>vulnerability portlet</code>, you can view the vulnerabilites that are currently present in SW360 in more detail, independent of the release or project they apply to. Clicking on the top level entry <code>Vulnerabilities</code>, a table listing all vulnerabilities is shown:</p> -<p><img src="./images/vulnerabilityView.png" alt=""></p> -<p>Clicking on a vulnerability entry in the table, the details view of this vulnerability is shown.</p> -<p><img src="./images/vulnerabilityDetail.png" alt=""></p> -<p>The details view is also linked from the <code>vulnerabilities view</code> in the <code>project portlet</code> and <code>component and release portlet</code>, respectively.</p> -<h1 id="vulnerability-verification-for-releases">Vulnerability Verification for Releases</h1> -<p>Vulnerabilities automatically imported into SW360 - e.g. via the CVE search connection of SW360 - can be applicable for a release or not. The latter can happen, because release data in SW360 is incorrect or not complete. Then the CVE search service uses a more general search pattern yielding a lot of vulnerabilities, only some of which actually apply to the release. Therefore, in SW360 a vulnerability can be marked for a given release with one of the following <code>verification states</code>:</p> -<ol> -<li>NOT CHECKED</li> -<li>CHECKED</li> -<li>INCORRECT</li> -</ol> -<p>Only <code>admins</code> can mark a vulnerability or change the <code>verification state</code> and enter a comment to give reasons for the change. The verification state and the meta-information (when and by whom the verification state was changed and the comment) are stored as <code>VerificationStateInfo</code> at the appropriate <code>ReleaseVulnerabilityRelation</code>.</p> -<p>The <code>verification state</code> is displayed in the detail mode of a <code>release</code>, at <code>vulnerabilities</code> in the column <code>Verification</code> of the <code>vulnerability table</code>. User without <code>admin</code>-rights can only see the vulnerabilities that are <code>NOT CHECKED</code> or <code>CHECKED</code> together with a tooltip containing the meta-info. The <code>INCORRECT</code> vulnerabilities are hidden from users without admin rights in the release detail view and also in the component detail view and in the project detail view.</p> -<p>Admins see in the same table a dropdown menu, where they can adjust the state. An admin is shown all vulnerabilities belonging to a project, component or release, also those that are marked as <code>INCORRECT</code>.</p> -<p><img src="./images/releaseVulnerabilities.png" alt=""></p> -<h1 id="vulnerability-rating-for-projects">Vulnerability Rating for Projects</h1> -<p>In the detail view of a <code>project</code>, in the category <code>Vulnerabilites</code>, the vulnerabilities belonging to the linked releases of the project are shown. Such a vulnerability in the context of a certain project can be assigned one of the following <code>Ratings</code>:</p> -<ol> -<li>NOT CHECKED</li> -<li>IRRELEVANT</li> -<li>RESOLVED</li> -<li>APPLICABLE</li> -</ol> -<p>Those ratings are shown in the vulnerability table of the project details view. A user that has writing permission for the project can change the rating via a drop-down menu. If he changes the value, he is asked to enter a comment. The <code>VulnerabilityRating</code> together with the meta-data (who has changed the rating, date of change of the rating and comment) is stored in one database object <code>ProjectVulnerabilityRating</code> per project.</p> -<p>A user that has no writing permission on the project is shown the <code>Vulnerability Rating</code> in the table without the possibility to change the value.</p> -<p>The number of vulnerabilities for a project with rating <code>NOT CHECKED</code> is displayed in the bullet of the <code>Vulnerability</code> tab of the <code>project detail</code> view. The bullet is red if there are vulnerabilities with status <code>NOT CHECKED</code> for the project. In the example 7 of the 10 existing vulnerabilities are <code>NOT CHECKED</code>.</p> -<p><img src="./images/VulnerabilitiesBullet.png" alt=""></p> -<p><img src="./images/projectVulnerabilities.png" alt=""></p> -<h1 id="change-history-for-vulnerability-ratings-and-verifications">Change History for Vulnerability Ratings and Verifications</h1> -<p>The complete list of status changes for vulnerability ratings in the project portlet and for vulnerability verifications in the component portlet is shown when hovering with the mouse over the vulnerability rating/verification in the table. This is shown for the project vulnerability table in the picture below.</p> -<p><img src="./images/modifiedHistoryLayoutProjectVulnerabilities.png" alt=""></p> -<p>#CVE-Search</p> -<h2 id="automatic-update-of-vulnerabilities">Automatic update of vulnerabilities</h2> -<p>See this <a href="https://github.com/eclipse/sw360/wiki/Doc-Use-Case:-Scheduling-CVE-Search-by-Admins">use case</a>.</p> -<h2 id="heuristics">Heuristics</h2> -<p>All heuristics start by looking at the cpe. If the cpe is valid, i.e. start with the string &ldquo;cpe:&rdquo; and are longer then 10 chars, this is used for the search. If the search fails it falls back to the other search levels.</p> -<p>There are at the moment two different heuristics implemented which define how and in which order to search the cveSearch DB.</p> -<p>They can actually be combined, i.e. one could be the fallback of the other.</p> -<h3 id="guessing-heuristic-the-new-one">Guessing heuristic (the new one)</h3> -<p>The matching of vendor- and product-names is improved by using a lists of actual vendors resp. actual products of an vendor.</p> -<p>From the information given for a release, which is expected to be either of the form</p> -<ol> -<li>vendor=<code>&quot;VENDOR_NAME&quot;</code>, name=<code>&quot;PRODUCT_NAME&quot;</code> and a version or</li> -<li>vendor=<code>&quot;&quot;</code>, name=<code>&quot;VENDOR_NAME PRODUCT_NAME&quot;</code> and a version (as generated by the bdpimport).</li> -</ol> -<p>we try to find the best matches from the vendors list and then for these ones the best matches in their respective product lists. -The first run includes the version, and if no matching product with the correct version is found, a second run is made without the version restriction.</p> -<h5 id="modified-levenshtein-distance">Modified Levenshtein distance</h5> -<p>For the definition which matches are good we use a variation of the Levenshtein distance with some asymmetric modifications. In the following we will call the left side <strong>needle</strong> and the right side <strong>haystack</strong>. The <strong>needles</strong> will come from the lists and the <strong>haystack</strong> will be (parts of) the raw information extracted from the release. The defining rules are</p> -<ol> -<li>Our Levenshtein distance is equal to the regular Levenshtein distance, if the <strong>haystack</strong> does not contain any spaces.</li> -<li>Skipping a <strong>prefix ending with a space</strong> or of the <strong>haystack</strong> does not cost anything, i.e. does not increase the distance</li> -<li>Skipping a <strong>postfix starting with a space</strong> of the <strong>haystack</strong> does not cost anything, i.e. does not increase the distance</li> -<li>If either the <strong>needle</strong> or the <strong>haystack</strong> is empty, the distance is <code>Integer.MAX_VALUE</code></li> -</ol> -<p>This means that the string <code>&quot;needle&quot;</code> has</p> -<ul> -<li>distance 0 to itself, i.e. <code>&quot;needle&quot;</code></li> -<li>distance 0 to itself plus a postfix separated by a space, e.g. <code>&quot;needle postfix&quot;</code></li> -<li>distance 0 to itself plus a prefix separated by a space, e.g. <code>&quot;prefix needle&quot;</code></li> -<li>distance 2 to something which has regular distance of 2 surrounded by a prefix and a postfix which are separated by spaces, e.g. <code>&quot;prefix nedles postfix&quot;</code></li> -</ul> -<h5 id="configuration">Configuration</h5> -<p>The finetuning parameters can be configured by setting the following properties in <code>/etc/sw360/sw360.properties</code> or in the <code>configuration.yml</code></p> -<pre><code>cvesearch.default.vendor.threshold=1 +<a href="https://github.com/eclipse/sw360/wiki/">https://github.com/eclipse/sw360/wiki/</a></p> +<ul> +<li> +<p>Different categories for components,</p> +<p>component.categories=[ &ldquo;framework&rdquo;, &ldquo;SDK&rdquo;, &ldquo;big-data&rdquo;, &ldquo;build-management&rdquo;, &ldquo;cloud&rdquo;, &ldquo;content&rdquo;, &ldquo;database&rdquo;, &ldquo;graphics&rdquo;, &ldquo;http&rdquo;, &ldquo;javaee&rdquo;, &ldquo;library&rdquo;, &ldquo;mail&rdquo;, &ldquo;mobile&rdquo;, &ldquo;network-client&rdquo;, &ldquo;network-server&rdquo;, &ldquo;osgi&rdquo;, &ldquo;security&rdquo;, &ldquo;testing&rdquo;, &ldquo;virtual-machine&rdquo;, &ldquo;web-framework&rdquo;, &ldquo;xml&rdquo;]</p> +</li> +<li> +<p>Dropdown for project type,</p> +<p>project.type=[ &ldquo;Customer Project&rdquo;, &ldquo;Internal Project&rdquo;, &ldquo;Product&rdquo;, &ldquo;Service&rdquo;, &ldquo;Inner Source&rdquo; ]</p> +</li> +<li> +<p>API Token generation,</p> +<p>rest.apitoken.generator.enable=false</p> +</li> +<li> +<p>Activation of portlets and components</p> +</li> +</ul> +<p><strong>Backend Properties</strong>: This, <a href="https://github.com/eclipse/sw360/blob/master/backend/src-common/src/main/resources/sw360.properties">sw360.properties</a> file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.</p> +<p>You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.</p>Docs: Vulnerability Managementhttps://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/ +<p>In the <code>vulnerability portlet</code>, you can view the vulnerabilites that are currently present in SW360 in more detail, independent of the release or project they apply to. Clicking on the top level entry <code>Vulnerabilities</code>, a table listing all vulnerabilities is shown:</p> +<p><img src="./images/vulnerabilityView.png" alt=""></p> +<p>Clicking on a vulnerability entry in the table, the details view of this vulnerability is shown.</p> +<p><img src="./images/vulnerabilityDetail.png" alt=""></p> +<p>The details view is also linked from the <code>vulnerabilities view</code> in the <code>project portlet</code> and <code>component and release portlet</code>, respectively.</p> +<h1 id="vulnerability-verification-for-releases">Vulnerability Verification for Releases</h1> +<p>Vulnerabilities automatically imported into SW360 - e.g. via the CVE search connection of SW360 - can be applicable for a release or not. The latter can happen, because release data in SW360 is incorrect or not complete. Then the CVE search service uses a more general search pattern yielding a lot of vulnerabilities, only some of which actually apply to the release. Therefore, in SW360 a vulnerability can be marked for a given release with one of the following <code>verification states</code>:</p> +<ol> +<li>NOT CHECKED</li> +<li>CHECKED</li> +<li>INCORRECT</li> +</ol> +<p>Only <code>admins</code> can mark a vulnerability or change the <code>verification state</code> and enter a comment to give reasons for the change. The verification state and the meta-information (when and by whom the verification state was changed and the comment) are stored as <code>VerificationStateInfo</code> at the appropriate <code>ReleaseVulnerabilityRelation</code>.</p> +<p>The <code>verification state</code> is displayed in the detail mode of a <code>release</code>, at <code>vulnerabilities</code> in the column <code>Verification</code> of the <code>vulnerability table</code>. User without <code>admin</code>-rights can only see the vulnerabilities that are <code>NOT CHECKED</code> or <code>CHECKED</code> together with a tooltip containing the meta-info. The <code>INCORRECT</code> vulnerabilities are hidden from users without admin rights in the release detail view and also in the component detail view and in the project detail view.</p> +<p>Admins see in the same table a dropdown menu, where they can adjust the state. An admin is shown all vulnerabilities belonging to a project, component or release, also those that are marked as <code>INCORRECT</code>.</p> +<p><img src="./images/releaseVulnerabilities.png" alt=""></p> +<h1 id="vulnerability-rating-for-projects">Vulnerability Rating for Projects</h1> +<p>In the detail view of a <code>project</code>, in the category <code>Vulnerabilites</code>, the vulnerabilities belonging to the linked releases of the project are shown. Such a vulnerability in the context of a certain project can be assigned one of the following <code>Ratings</code>:</p> +<ol> +<li>NOT CHECKED</li> +<li>IRRELEVANT</li> +<li>RESOLVED</li> +<li>APPLICABLE</li> +</ol> +<p>Those ratings are shown in the vulnerability table of the project details view. A user that has writing permission for the project can change the rating via a drop-down menu. If he changes the value, he is asked to enter a comment. The <code>VulnerabilityRating</code> together with the meta-data (who has changed the rating, date of change of the rating and comment) is stored in one database object <code>ProjectVulnerabilityRating</code> per project.</p> +<p>A user that has no writing permission on the project is shown the <code>Vulnerability Rating</code> in the table without the possibility to change the value.</p> +<p>The number of vulnerabilities for a project with rating <code>NOT CHECKED</code> is displayed in the bullet of the <code>Vulnerability</code> tab of the <code>project detail</code> view. The bullet is red if there are vulnerabilities with status <code>NOT CHECKED</code> for the project. In the example 7 of the 10 existing vulnerabilities are <code>NOT CHECKED</code>.</p> +<p><img src="./images/VulnerabilitiesBullet.png" alt=""></p> +<p><img src="./images/projectVulnerabilities.png" alt=""></p> +<h1 id="change-history-for-vulnerability-ratings-and-verifications">Change History for Vulnerability Ratings and Verifications</h1> +<p>The complete list of status changes for vulnerability ratings in the project portlet and for vulnerability verifications in the component portlet is shown when hovering with the mouse over the vulnerability rating/verification in the table. This is shown for the project vulnerability table in the picture below.</p> +<p><img src="./images/modifiedHistoryLayoutProjectVulnerabilities.png" alt=""></p> +<p>#CVE-Search</p> +<h2 id="automatic-update-of-vulnerabilities">Automatic update of vulnerabilities</h2> +<p>See this <a href="https://github.com/eclipse/sw360/wiki/Doc-Use-Case:-Scheduling-CVE-Search-by-Admins">use case</a>.</p> +<h2 id="heuristics">Heuristics</h2> +<p>All heuristics start by looking at the cpe. If the cpe is valid, i.e. start with the string &ldquo;cpe:&rdquo; and are longer then 10 chars, this is used for the search. If the search fails it falls back to the other search levels.</p> +<p>There are at the moment two different heuristics implemented which define how and in which order to search the cveSearch DB.</p> +<p>They can actually be combined, i.e. one could be the fallback of the other.</p> +<h3 id="guessing-heuristic-the-new-one">Guessing heuristic (the new one)</h3> +<p>The matching of vendor- and product-names is improved by using a lists of actual vendors resp. actual products of an vendor.</p> +<p>From the information given for a release, which is expected to be either of the form</p> +<ol> +<li>vendor=<code>&quot;VENDOR_NAME&quot;</code>, name=<code>&quot;PRODUCT_NAME&quot;</code> and a version or</li> +<li>vendor=<code>&quot;&quot;</code>, name=<code>&quot;VENDOR_NAME PRODUCT_NAME&quot;</code> and a version (as generated by the bdpimport).</li> +</ol> +<p>we try to find the best matches from the vendors list and then for these ones the best matches in their respective product lists. +The first run includes the version, and if no matching product with the correct version is found, a second run is made without the version restriction.</p> +<h5 id="modified-levenshtein-distance">Modified Levenshtein distance</h5> +<p>For the definition which matches are good we use a variation of the Levenshtein distance with some asymmetric modifications. In the following we will call the left side <strong>needle</strong> and the right side <strong>haystack</strong>. The <strong>needles</strong> will come from the lists and the <strong>haystack</strong> will be (parts of) the raw information extracted from the release. The defining rules are</p> +<ol> +<li>Our Levenshtein distance is equal to the regular Levenshtein distance, if the <strong>haystack</strong> does not contain any spaces.</li> +<li>Skipping a <strong>prefix ending with a space</strong> or of the <strong>haystack</strong> does not cost anything, i.e. does not increase the distance</li> +<li>Skipping a <strong>postfix starting with a space</strong> of the <strong>haystack</strong> does not cost anything, i.e. does not increase the distance</li> +<li>If either the <strong>needle</strong> or the <strong>haystack</strong> is empty, the distance is <code>Integer.MAX_VALUE</code></li> +</ol> +<p>This means that the string <code>&quot;needle&quot;</code> has</p> +<ul> +<li>distance 0 to itself, i.e. <code>&quot;needle&quot;</code></li> +<li>distance 0 to itself plus a postfix separated by a space, e.g. <code>&quot;needle postfix&quot;</code></li> +<li>distance 0 to itself plus a prefix separated by a space, e.g. <code>&quot;prefix needle&quot;</code></li> +<li>distance 2 to something which has regular distance of 2 surrounded by a prefix and a postfix which are separated by spaces, e.g. <code>&quot;prefix nedles postfix&quot;</code></li> +</ul> +<h5 id="configuration">Configuration</h5> +<p>The finetuning parameters can be configured by setting the following properties in <code>/etc/sw360/sw360.properties</code> or in the <code>configuration.yml</code></p> +<pre><code>cvesearch.default.vendor.threshold=1 cvesearch.default.product.threshold=0 cvesearch.default.cutoff=6 -</code></pre> -<h5 id="finetuning">Finetuning</h5> -<p>There are three variables which can be used for finetuning of the algorithm</p> -<ul> -<li><code>cutoff</code> (defaults to <code>Integer.MAX_VALUE</code>, i.e. no cutoff)</li> -<li><code>vendorThreshold</code> (defaults to <code>0</code>, i.e. no vendor threshold)</li> -<li><code>productThreshold</code> (defaults to <code>0</code>, i.e. no product threshold)</li> -</ul> -<h4 id="cons">Cons</h4> -<ul> -<li>is not able to find anything if no vendor but a unique product is given</li> -<li>many search queries</li> -<li>it will always try find the best match, e.g. also very bad matches, if cutoff is to large</li> -</ul> -<h3 id="display-how-a-vulnerability-was-found">Display How a Vulnerability was Found</h3> -<p>In the <code>vulnerability tables</code> of the <code>projects portlet</code> and the <code>component and release portlet</code> you can see, whether a vulnerability was found directly by the <code>CPE</code> or by <code>heuristics</code>. In the latter case, also the distance (and therefore the quality of the match with <code>0 = best possible match</code>) is displayed.</p> -<p><img src="./images/matchedBy.png" alt=""></p> -<p>In addition, below the <code>vulnerability tables</code> of the <code>projects portlet</code> and the <code>component and release portlet</code>, you can see the number of directly linked releases that was found by <code>CPE</code> or <code>heuristic</code>, respectively:</p> -<p><img src="./images/projectVulnerabilitiesWithStatisticsHighlighted.png" alt=""></p> -<h3 id="example-1-vendorapachenamemavenversion304">Example 1: <code>{vendor=&quot;Apache&quot;,name=&quot;Maven&quot;,version=&quot;3.0.4&quot;}</code></h3> -<h4 id="basic-heuristic">Basic heuristic</h4> -<p>This heuristic builds in the first step the correct needle -<code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code> and finds the cpe <code>cpe:2.3:a:apache:maven:3.0.4</code></p> -<h4 id="guessing-heuristic">Guessing heuristic</h4> -<p>The heuristic guesses the vendor <code>apache</code> and the product <code>maven</code>. Together with the version this results in the same cpe-needle <code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code>.</p> -<h3 id="example-2-vendornameapache-mavenversion304">Example 2: <code>{vendor=&quot;&quot;,name=&quot;Apache Maven&quot;,version=&quot;3.0.4&quot;}</code></h3> -<h4 id="basic-heuristic-1">Basic heuristic</h4> -<p>The first levels of this heuristic fails until the sixth level which does not use the vendor. The resulting needle is then <code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code> and finds the cpe <code>cpe:2.3:a:apache:maven:3.0.4</code></p> -<h4 id="guessing-heuristic-1">Guessing heuristic</h4> -<p>The heuristic guesses the vendor <code>apache</code> since it is a substring of <code>apache maven</code> and thus has distance <code>0</code>, the same is true for the productname <code>maven</code> which results in the same cpe-needle as above.</p> - - - - - - +</code></pre> +<h5 id="finetuning">Finetuning</h5> +<p>There are three variables which can be used for finetuning of the algorithm</p> +<ul> +<li><code>cutoff</code> (defaults to <code>Integer.MAX_VALUE</code>, i.e. no cutoff)</li> +<li><code>vendorThreshold</code> (defaults to <code>0</code>, i.e. no vendor threshold)</li> +<li><code>productThreshold</code> (defaults to <code>0</code>, i.e. no product threshold)</li> +</ul> +<h4 id="cons">Cons</h4> +<ul> +<li>is not able to find anything if no vendor but a unique product is given</li> +<li>many search queries</li> +<li>it will always try find the best match, e.g. also very bad matches, if cutoff is to large</li> +</ul> +<h3 id="display-how-a-vulnerability-was-found">Display How a Vulnerability was Found</h3> +<p>In the <code>vulnerability tables</code> of the <code>projects portlet</code> and the <code>component and release portlet</code> you can see, whether a vulnerability was found directly by the <code>CPE</code> or by <code>heuristics</code>. In the latter case, also the distance (and therefore the quality of the match with <code>0 = best possible match</code>) is displayed.</p> +<p><img src="./images/matchedBy.png" alt=""></p> +<p>In addition, below the <code>vulnerability tables</code> of the <code>projects portlet</code> and the <code>component and release portlet</code>, you can see the number of directly linked releases that was found by <code>CPE</code> or <code>heuristic</code>, respectively:</p> +<p><img src="./images/projectVulnerabilitiesWithStatisticsHighlighted.png" alt=""></p> +<h3 id="example-1-vendorapachenamemavenversion304">Example 1: <code>{vendor=&quot;Apache&quot;,name=&quot;Maven&quot;,version=&quot;3.0.4&quot;}</code></h3> +<h4 id="basic-heuristic">Basic heuristic</h4> +<p>This heuristic builds in the first step the correct needle +<code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code> and finds the cpe <code>cpe:2.3:a:apache:maven:3.0.4</code></p> +<h4 id="guessing-heuristic">Guessing heuristic</h4> +<p>The heuristic guesses the vendor <code>apache</code> and the product <code>maven</code>. Together with the version this results in the same cpe-needle <code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code>.</p> +<h3 id="example-2-vendornameapache-mavenversion304">Example 2: <code>{vendor=&quot;&quot;,name=&quot;Apache Maven&quot;,version=&quot;3.0.4&quot;}</code></h3> +<h4 id="basic-heuristic-1">Basic heuristic</h4> +<p>The first levels of this heuristic fails until the sixth level which does not use the vendor. The resulting needle is then <code>cpe:2.3:.:.*apache.*maven.*3.0.4.*</code> and finds the cpe <code>cpe:2.3:a:apache:maven:3.0.4</code></p> +<h4 id="guessing-heuristic-1">Guessing heuristic</h4> +<p>The heuristic guesses the vendor <code>apache</code> since it is a substring of <code>apache maven</code> and thus has distance <code>0</code>, the same is true for the productname <code>maven</code> which results in the same cpe-needle as above.</p> \ No newline at end of file diff --git a/docs/administrationguide/menu/index.html b/docs/administrationguide/menu/index.html index 7870e8e..99a785e 100644 --- a/docs/administrationguide/menu/index.html +++ b/docs/administrationguide/menu/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -Administrator Menu | Eclipse SW360 -Administrator Menu | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Administrator Menu

- -
- - - - - - - - - - - - - -
-

The admin menu consists of the following items:

- -
- -
- -
    -
  • -

    User: Displays the list of Liferay Users. One can also download or upload new users in this section

    -
    • -
  • -

    Vendors: Displays the list of the Vendors that can be managed by the admin

    -
    • -
  • -

    Bulk License Edit: List of licenses can be edited together in this section

    -
    • -
  • -

    Licenses: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section

    -
    • -
  • -

    Obligations: To manage different types of Obligations on the basis of obligation level and obligation type

    -
    • -
  • -

    Schedule: To schedule tasks such as CVE Search

    -
    • -
  • -

    Fosology: Connection to the Fossology server

    -
    • -
  • -

    Import and Export: Can Import and Export Component, Release and License information

    -
    • -
  • -

    Attachment Cleanup: To cleanup attachment database

    -
    • -
  • -

    Database Sanitization: Helps in searching for duplicate identifiers

    -
    • -
- - - -
- Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Licenses: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section"> +

Administrator Menu

The admin menu consists of the following items:

  • User: Displays the list of Liferay Users. One can also download or upload new users in this section

  • Vendors: Displays the list of the Vendors that can be managed by the admin

  • Bulk License Edit: List of licenses can be edited together in this section

  • Licenses: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section

  • Obligations: To manage different types of Obligations on the basis of obligation level and obligation type

  • Schedule: To schedule tasks such as CVE Search

  • Fosology: Connection to the Fossology server

  • Import and Export: Can Import and Export Component, Release and License information

  • Attachment Cleanup: To cleanup attachment database

  • Database Sanitization: Helps in searching for duplicate identifiers

Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/properties/index.html b/docs/administrationguide/properties/index.html index 1af46b6..e01edb1 100644 --- a/docs/administrationguide/properties/index.html +++ b/docs/administrationguide/properties/index.html @@ -1,29 +1,6 @@ - - - - - - - - - - - - - - - - - - - - -Properties | Eclipse SW360 -Properties | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Properties

- -
- - - - - - - - - - - - - -
-

Frontend Properties: All the sw360 frontend properties are mentioned in sw360.properties file. +Backend Properties: This, sw360.properties file contains the sw360 backend properties."> +

Properties

Frontend Properties: All the sw360 frontend properties are mentioned in sw360.properties file. For example; -https://github.com/eclipse/sw360/wiki/

-
    -
  • -

    Different categories for components,

    -

    component.categories=[ “framework”, “SDK”, “big-data”, “build-management”, “cloud”, “content”, “database”, “graphics”, “http”, “javaee”, “library”, “mail”, “mobile”, “network-client”, “network-server”, “osgi”, “security”, “testing”, “virtual-machine”, “web-framework”, “xml”]

    -
    • -
  • -

    Dropdown for project type,

    -

    project.type=[ “Customer Project”, “Internal Project”, “Product”, “Service”, “Inner Source” ]

    -
    • -
  • -

    API Token generation,

    -

    rest.apitoken.generator.enable=false

    -
    • -
  • -

    Activation of portlets and components

    -
    • -
-

Backend Properties: This, sw360.properties file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.

-

You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.

- - - -
- Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +https://github.com/eclipse/sw360/wiki/

  • Different categories for components,

    component.categories=[ “framework”, “SDK”, “big-data”, “build-management”, “cloud”, “content”, “database”, “graphics”, “http”, “javaee”, “library”, “mail”, “mobile”, “network-client”, “network-server”, “osgi”, “security”, “testing”, “virtual-machine”, “web-framework”, “xml”]

  • Dropdown for project type,

    project.type=[ “Customer Project”, “Internal Project”, “Product”, “Service”, “Inner Source” ]

  • API Token generation,

    rest.apitoken.generator.enable=false

  • Activation of portlets and components

Backend Properties: This, sw360.properties file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.

You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.

Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/user-data-model-enumerations/index.html b/docs/administrationguide/user-data-model-enumerations/index.html index 4ed9d49..6c81364 100644 --- a/docs/administrationguide/user-data-model-enumerations/index.html +++ b/docs/administrationguide/user-data-model-enumerations/index.html @@ -1,1389 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -Enumerations | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Enumerations

-
SW360 enumeration values for the internal thrift API
-
- - - - - - - - - - - - - -
-

SW360 thrift API is comprised of the following methods:

-
    -
  • attachments
    • -
  • codescoop
    • -
  • components
    • -
  • cvesearch
    • -
  • fossology
    • -
  • importstatus
    • -
  • licenseinfo
    • -
  • licenses
    • -
  • moderation
    • -
  • projectimport
    • -
  • projects
    • -
  • schedule
    • -
  • search
    • -
  • sw360
    • -
  • users
    • -
  • vendors
    • -
  • vulnerabilities
    • -
-

Reference: https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift

-

Attachments

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift

-

AttachmentType

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription.
DOCUMENTjusta document
SOURCEoriginal course code
DESIGNdesign document
REQUIREMENTrequirements document
CLEARING_REPORTOSS licensing reporting
COMPONENT_LICENSE_INFO_XMLXML document with licenseing information - e.g. SPDX
COMPONENT_LICENSE_INFO_COMBINEDXML document with licensing information covering multiple componnts at once - e.g. SPDX
SCAN_RESULT_REPORTOutput what a scanner for licenses has found
SCAN_RESULT_REPORT_XMLOutput what a scanner for licenses has found this time in XML
SOURCE_SELFSelf assembled source code distribution
BINARYBinary of component from vendor
BINARY_SELFSelf built binary
DECISION_REPORTdocumenting importing decisions for using this item
LEGAL_EVALUATIONSome legal evaluation created for this item
LICENSE_AGREEMENTA ruling license agreement for this item, note that this could be for commercial software for example
SCREENSHOTScreenshot, usually screenshot of the Website with licensing information
OTHERanything that dos not match to the given above
-

CheckStatus

- - - - - - - - - - - - - - - - - - - - - -
ValueDescription.
NOTCHECKEDDefault value after upload.
ACCEPTEDReviewed and confirmed attachment.
REJECTEDDocument or attachment cannot be used.
-

CodeScoop Thrift File

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift

-

Components

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift

-

cvesearch

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift

- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
NEW
UPDATEDNew information for a notification message, so it is updated
OLD
FAILED
-

Fossology

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift

-

No enumerations provided

-

Importstatus

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift

-

No enumerations provided

-

License Info

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift

-

No enumerations provided

-

LicenseInfoRequestStatus

- - - - - - - - - - - - - - - - - - - - - -
ValueDescription
SUCCESS
NO_APPLICABLE_SOURCE
FAILURE
-

OutputFormatVariant

- - - - - - - - - - - - - - - - - -
ValueDescription
REPORT
DISCLOSURE
-

Licenses

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift

-

No enumerations provided

-

Moderation

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift

-

DocumentType

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
COMPONENT
RELEASE
PROJECT
LICENSE
USER
-

Project Import

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift

-

No enumerations provided

-

Projects

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift

-

Project State

- - - - - - - - - - - - - - - - - - - - - -
ValueDescription
ACTIVEwell
PHASE_OUTwell
UNKNOWNwell
-

Project Type

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
CUSTOMERProject that delivers artifacts to customer outside organisation
INTERNALProject that provides artifacts or service for internal use
PRODUCTJust that it is a product instead of a project
SERVICEProject that provides services to customer outside organisation
INNER_SOURCEInner source project, meaning that everyone inside org can use it
-

Project Relationship

- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
UNKNOWNunknown
REFERREDSister project
CONTAINEDSub project
DUPLICATEduplicate
-

Project Clearing State

- - - - - - - - - - - - - - - - - - - - - -
ValueDescription
OPENnot started
IN_PROGRESS
CLOSED
-

Schedule

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift

-

No enumerations provided

- -

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift

-

No enumerations provided

-

General SW360 Thrift

-

Software Mainline States

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
OPENNot decided so far
MAINLINEOrganisation or person thinks that use of this software is recommended, which included multiple versions.
SPECIFICThe software is not recommended in general, but for special use case or for this particular version it is acceptable.
PHASE_OUTThe software has issues, please consider removing it soon, if in use.
DENIEDSoftware which is not allowed for use. For example, software that does not have licensing.
-

General SW360 Thrift

-

Software Mainline States

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription.
OPENNot decided so far
MAINLINEOrganisation or person thinks that use of this software is recommended, which included multiple versions.
SPECIFICThe software is not recommended in general, but for special use case or for this particular version it is acceptable.
PHASE_OUTThe software has issues, please consider removing it soon, if in use.
DENIEDSoftware which is not allowed for use. For example, software that does not have licensing.
-

Moderation States

- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
PENDINGNot opened so far.
APPROVEDA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.
REJECTEDA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.
INPROGRESSA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.
-

Visibility

- - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescription
PRIVATEOnly visible by creator (and admin which applies to all visibility levels).
ME_AND_MODERATORSVisible by creator and moderators.
BUISNESSUNIT_AND_MODERATORSAll users of the same group and the moderators.
EVERYONEEvery user who is logged into the system.
-

Verification State

- - - - - - - - - - - - - - - - - - - - - -
ValueDescription
NOT_CHECKEDNo one has yet looked at this and verified it.
CHECKEDIt is verified.
INCORRECTIt was decided that the verification should be rejected.
-

Release Relationship

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ValueDescriptionClearing releav nt
CONTAINEDIf you just do not know whether it is dynamically linked.Yes
REFERREDReferencing a stand alone used other part.No
UNKNOWNIf you just do not know.Yes
DYNAMICALLY_LINKEDSoftware dynamically linked - as the name says.Yes
STATICALLY_LINKEDSoftware statically linked - as the name says.Yes
SIDE_BY_SIDENot decided so far.Yes
STANDALONESoftware is given as standalone delivery, ie. not technically connected.Yes
INTERNAL_USEUsed for creating or building or ? the product or projects but not delivered.Yes
OPTIONALIs not mandatory part of the installation.Yes
TO_BE_REPLACEDIs there but should be moved out.Yes
-

Users

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift

-

Vendors

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift

-

No enumerations provided

-

Vulnerabilities

-

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift

-

No enumerations provided

- - - -
- Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Enumerations | Eclipse SW360 +

Enumerations

SW360 enumeration values for the internal thrift API

SW360 thrift API is comprised of the following methods:

  • attachments
  • codescoop
  • components
  • cvesearch
  • fossology
  • importstatus
  • licenseinfo
  • licenses
  • moderation
  • projectimport
  • projects
  • schedule
  • search
  • sw360
  • users
  • vendors
  • vulnerabilities

Reference: https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift

Attachments

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift

AttachmentType

ValueDescription.
DOCUMENTjusta document
SOURCEoriginal course code
DESIGNdesign document
REQUIREMENTrequirements document
CLEARING_REPORTOSS licensing reporting
COMPONENT_LICENSE_INFO_XMLXML document with licenseing information - e.g. SPDX
COMPONENT_LICENSE_INFO_COMBINEDXML document with licensing information covering multiple componnts at once - e.g. SPDX
SCAN_RESULT_REPORTOutput what a scanner for licenses has found
SCAN_RESULT_REPORT_XMLOutput what a scanner for licenses has found this time in XML
SOURCE_SELFSelf assembled source code distribution
BINARYBinary of component from vendor
BINARY_SELFSelf built binary
DECISION_REPORTdocumenting importing decisions for using this item
LEGAL_EVALUATIONSome legal evaluation created for this item
LICENSE_AGREEMENTA ruling license agreement for this item, note that this could be for commercial software for example
SCREENSHOTScreenshot, usually screenshot of the Website with licensing information
OTHERanything that dos not match to the given above

CheckStatus

ValueDescription.
NOTCHECKEDDefault value after upload.
ACCEPTEDReviewed and confirmed attachment.
REJECTEDDocument or attachment cannot be used.

CodeScoop Thrift File

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift

Components

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift

cvesearch

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift

ValueDescription
NEW
UPDATEDNew information for a notification message, so it is updated
OLD
FAILED

Fossology

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift

No enumerations provided

Importstatus

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift

No enumerations provided

License Info

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift

No enumerations provided

LicenseInfoRequestStatus

ValueDescription
SUCCESS
NO_APPLICABLE_SOURCE
FAILURE

OutputFormatVariant

ValueDescription
REPORT
DISCLOSURE

Licenses

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift

No enumerations provided

Moderation

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift

DocumentType

ValueDescription
COMPONENT
RELEASE
PROJECT
LICENSE
USER

Project Import

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift

No enumerations provided

Projects

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift

Project State

ValueDescription
ACTIVEwell
PHASE_OUTwell
UNKNOWNwell

Project Type

ValueDescription
CUSTOMERProject that delivers artifacts to customer outside organisation
INTERNALProject that provides artifacts or service for internal use
PRODUCTJust that it is a product instead of a project
SERVICEProject that provides services to customer outside organisation
INNER_SOURCEInner source project, meaning that everyone inside org can use it

Project Relationship

ValueDescription
UNKNOWNunknown
REFERREDSister project
CONTAINEDSub project
DUPLICATEduplicate

Project Clearing State

ValueDescription
OPENnot started
IN_PROGRESS
CLOSED

Schedule

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift

No enumerations provided

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift

No enumerations provided

General SW360 Thrift

Software Mainline States

ValueDescription
OPENNot decided so far
MAINLINEOrganisation or person thinks that use of this software is recommended, which included multiple versions.
SPECIFICThe software is not recommended in general, but for special use case or for this particular version it is acceptable.
PHASE_OUTThe software has issues, please consider removing it soon, if in use.
DENIEDSoftware which is not allowed for use. For example, software that does not have licensing.

General SW360 Thrift

Software Mainline States

ValueDescription.
OPENNot decided so far
MAINLINEOrganisation or person thinks that use of this software is recommended, which included multiple versions.
SPECIFICThe software is not recommended in general, but for special use case or for this particular version it is acceptable.
PHASE_OUTThe software has issues, please consider removing it soon, if in use.
DENIEDSoftware which is not allowed for use. For example, software that does not have licensing.

Moderation States

ValueDescription
PENDINGNot opened so far.
APPROVEDA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.
REJECTEDA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.
INPROGRESSA person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.

Visibility

ValueDescription
PRIVATEOnly visible by creator (and admin which applies to all visibility levels).
ME_AND_MODERATORSVisible by creator and moderators.
BUISNESSUNIT_AND_MODERATORSAll users of the same group and the moderators.
EVERYONEEvery user who is logged into the system.

Verification State

ValueDescription
NOT_CHECKEDNo one has yet looked at this and verified it.
CHECKEDIt is verified.
INCORRECTIt was decided that the verification should be rejected.

Release Relationship

ValueDescriptionClearing releav nt
CONTAINEDIf you just do not know whether it is dynamically linked.Yes
REFERREDReferencing a stand alone used other part.No
UNKNOWNIf you just do not know.Yes
DYNAMICALLY_LINKEDSoftware dynamically linked - as the name says.Yes
STATICALLY_LINKEDSoftware statically linked - as the name says.Yes
SIDE_BY_SIDENot decided so far.Yes
STANDALONESoftware is given as standalone delivery, ie. not technically connected.Yes
INTERNAL_USEUsed for creating or building or ? the product or projects but not delivered.Yes
OPTIONALIs not mandatory part of the installation.Yes
TO_BE_REPLACEDIs there but should be moved out.Yes

Users

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift

Vendors

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift

No enumerations provided

Vulnerabilities

https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift

No enumerations provided

Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/user-management-roles/index.html b/docs/administrationguide/user-management-roles/index.html index 2445f05..ee12c6f 100644 --- a/docs/administrationguide/user-management-roles/index.html +++ b/docs/administrationguide/user-management-roles/index.html @@ -1,793 +1,92 @@ - - - - - - - - - - - - - - - - - - - - -User Management Roles | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

User Management Roles

- -
- - - - - - - - - - - - - -
-

Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;

-
    -
  • The creator of the record
    • -
  • The moderators for a record
    • -
  • The clearing admins of the same group in SW360.
    • -
-

Then, the proposed changes can be approved by them.

-

General SW360 Roles and Access

-

There are two main types of roles. The first type are general roles on the system that apply in the default case:

-
    -
  1. User - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.
    2. -
  2. Clearing Expert - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.
    3. -
  3. Clearing Admin - A clearing admin has the rights to work on the projects of the own group and to edit licenses.
    4. -
  4. ECC Admin - The only users who can edit (or approve as moderation request) ECC classifications.
    5. -
  5. Secuirty Admin - The only users to edit relevance for security vulnerabilities.
    6. -
  6. SW360 Admin - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.
    7. -
-

In addition there are ACL-style roles, meaning that per data item access settings can be made:

-
    -
  1. Creator - A creator can modify in addition to the user’s read abilities, a user can be creator of a data item.
    2. -
  2. Moderator - A creator can define moderators for a data item. Moderators can change a data item as a creator can.
    3. -
  3. Contributor (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.
    4. -
  4. Project Owner - A user who owns the project.
    5. -
  5. Lead Architect (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.
    6. -
  6. Project Responsible (Project) - Is a contributor, just named differently to identify the responsible person.
    7. -
  7. Security Responsible - Users responsible for the security of the project.
    8. -
- - - -
- Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +User Management Roles | Eclipse SW360 +

User Management Roles

Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;

  • The creator of the record
  • The moderators for a record
  • The clearing admins of the same group in SW360.

Then, the proposed changes can be approved by them.

General SW360 Roles and Access

There are two main types of roles. The first type are general roles on the system that apply in the default case:

  1. User - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.
  2. Clearing Expert - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.
  3. Clearing Admin - A clearing admin has the rights to work on the projects of the own group and to edit licenses.
  4. ECC Admin - The only users who can edit (or approve as moderation request) ECC classifications.
  5. Secuirty Admin - The only users to edit relevance for security vulnerabilities.
  6. SW360 Admin - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.

In addition there are ACL-style roles, meaning that per data item access settings can be made:

  1. Creator - A creator can modify in addition to the user’s read abilities, a user can be creator of a data item.
  2. Moderator - A creator can define moderators for a data item. Moderators can change a data item as a creator can.
  3. Contributor (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.
  4. Project Owner - A user who owns the project.
  5. Lead Architect (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.
  6. Project Responsible (Project) - Is a contributor, just named differently to identify the responsible person.
  7. Security Responsible - Users responsible for the security of the project.
Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html b/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html index a9057ae..a29ae61 100644 --- a/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html +++ b/docs/administrationguide/user-scheduling-cve-search-by-admins/index.html @@ -1,787 +1,97 @@ - - - - - - - - - - - - - - - - - - - - -CVE-Search Scheduling | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

CVE-Search Scheduling

-
How to schedule the CVE-Search Service
-
- - - - - - - - - - - - - -
-

SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.

-

In what follows the synchronization between SW360 and the external CVE provider is described.

-

CveSearch-updates can either be scheduled automatically when launching the schedule-service (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an SW360 admin. -It is automatically scheduled with the start of the scheduling service, if in the /resources/sw360.properties file of the schedule-service in the backend, cvesearchService is mentioned in the autostart-property:

-

autostart = cvesearchService

-

According to the default settings, cveSearch is not auto-started with the scheduling service.

-

For manually scheduling the CVE search service, open the Schedule Portlet of the Admin menu. Note that the Admin menu is only visible to SW360 admins.

-

-

In the Schedule Portlet of the Admin menu, a user with admin rights can turn on or off automatic updates of the cve-search service manually. -In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the Schedule CveSearch Updates-button is inactive, whereas the Cancel Scheduled CveSearch Updates-button is active and vice versa:

-

-

The offset (first run of the update) and the interval between updates can also be adjusted in the /resources/sw360.properties file of the src-schedule service. +CVE-Search Scheduling | Eclipse SW360 +

CVE-Search Scheduling

How to schedule the CVE-Search Service

SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.

In what follows the synchronization between SW360 and the external CVE provider is described.

CveSearch-updates can either be scheduled automatically when launching the schedule-service (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an SW360 admin. +It is automatically scheduled with the start of the scheduling service, if in the /resources/sw360.properties file of the schedule-service in the backend, cvesearchService is mentioned in the autostart-property:

autostart = cvesearchService

According to the default settings, cveSearch is not auto-started with the scheduling service.

For manually scheduling the CVE search service, open the Schedule Portlet of the Admin menu. Note that the Admin menu is only visible to SW360 admins.

In the Schedule Portlet of the Admin menu, a user with admin rights can turn on or off automatic updates of the cve-search service manually. +In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the Schedule CveSearch Updates-button is inactive, whereas the Cancel Scheduled CveSearch Updates-button is active and vice versa:

The offset (first run of the update) and the interval between updates can also be adjusted in the /resources/sw360.properties file of the src-schedule service. The corresponding properties are schedule.cvesearch.firstOffset.seconds and schedule.cvesearch.interval.seconds. The offset has to be given in seconds since midnight and also the interval has to be entered in seconds. -The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).

-

schedule.cvesearch.firstOffset.seconds = 0

-

schedule.cvesearch.interval.seconds = 86400

-

With automatic scheduling the next synchronization moment according to the offset and the interval is computed. This will be the first moment when a cveSearch-update is run. +The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).

schedule.cvesearch.firstOffset.seconds = 0

schedule.cvesearch.interval.seconds = 86400

With automatic scheduling the next synchronization moment according to the offset and the interval is computed. This will be the first moment when a cveSearch-update is run. There is nothing like an initial run when autostarting of manually scheduling the CveSearch-updates. -Moreover, the configuration, i.e. offset, interval and next synchronization (where the latter is a consequence of offset and interval) are shown in the portlet:

-

-

Setup of a local instance

-

It is recommended to set up and use a local instance instead of the public cve-search instance. -The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.

- - - -
- Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Moreover, the configuration, i.e. offset, interval and next synchronization (where the latter is a consequence of offset and interval) are shown in the portlet:

Setup of a local instance

It is recommended to set up and use a local instance instead of the public cve-search instance. +The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.

Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/vulnerabilitymanagement/index.html b/docs/administrationguide/vulnerabilitymanagement/index.html index a874485..80f6642 100644 --- a/docs/administrationguide/vulnerabilitymanagement/index.html +++ b/docs/administrationguide/vulnerabilitymanagement/index.html @@ -1,900 +1,94 @@ - - - - - - - - - - - - - - - - - - - - - -Vulnerability Management | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Vulnerability Management

-
SW360 Vulnerability Portlet
-
- - - - - - - - - - - - - -
-

In the vulnerability portlet, you can view the vulnerabilites that are currently present in SW360 in more detail, independent of the release or project they apply to. Clicking on the top level entry Vulnerabilities, a table listing all vulnerabilities is shown:

-

-

Clicking on a vulnerability entry in the table, the details view of this vulnerability is shown.

-

-

The details view is also linked from the vulnerabilities view in the project portlet and component and release portlet, respectively.

-

Vulnerability Verification for Releases

-

Vulnerabilities automatically imported into SW360 - e.g. via the CVE search connection of SW360 - can be applicable for a release or not. The latter can happen, because release data in SW360 is incorrect or not complete. Then the CVE search service uses a more general search pattern yielding a lot of vulnerabilities, only some of which actually apply to the release. Therefore, in SW360 a vulnerability can be marked for a given release with one of the following verification states:

-
    -
  1. NOT CHECKED
    2. -
  2. CHECKED
    3. -
  3. INCORRECT
    4. -
-

Only admins can mark a vulnerability or change the verification state and enter a comment to give reasons for the change. The verification state and the meta-information (when and by whom the verification state was changed and the comment) are stored as VerificationStateInfo at the appropriate ReleaseVulnerabilityRelation.

-

The verification state is displayed in the detail mode of a release, at vulnerabilities in the column Verification of the vulnerability table. User without admin-rights can only see the vulnerabilities that are NOT CHECKED or CHECKED together with a tooltip containing the meta-info. The INCORRECT vulnerabilities are hidden from users without admin rights in the release detail view and also in the component detail view and in the project detail view.

-

Admins see in the same table a dropdown menu, where they can adjust the state. An admin is shown all vulnerabilities belonging to a project, component or release, also those that are marked as INCORRECT.

-

-

Vulnerability Rating for Projects

-

In the detail view of a project, in the category Vulnerabilites, the vulnerabilities belonging to the linked releases of the project are shown. Such a vulnerability in the context of a certain project can be assigned one of the following Ratings:

-
    -
  1. NOT CHECKED
    2. -
  2. IRRELEVANT
    3. -
  3. RESOLVED
    4. -
  4. APPLICABLE
    5. -
-

Those ratings are shown in the vulnerability table of the project details view. A user that has writing permission for the project can change the rating via a drop-down menu. If he changes the value, he is asked to enter a comment. The VulnerabilityRating together with the meta-data (who has changed the rating, date of change of the rating and comment) is stored in one database object ProjectVulnerabilityRating per project.

-

A user that has no writing permission on the project is shown the Vulnerability Rating in the table without the possibility to change the value.

-

The number of vulnerabilities for a project with rating NOT CHECKED is displayed in the bullet of the Vulnerability tab of the project detail view. The bullet is red if there are vulnerabilities with status NOT CHECKED for the project. In the example 7 of the 10 existing vulnerabilities are NOT CHECKED.

-

-

-

Change History for Vulnerability Ratings and Verifications

-

The complete list of status changes for vulnerability ratings in the project portlet and for vulnerability verifications in the component portlet is shown when hovering with the mouse over the vulnerability rating/verification in the table. This is shown for the project vulnerability table in the picture below.

-

-

#CVE-Search

-

Automatic update of vulnerabilities

-

See this use case.

-

Heuristics

-

All heuristics start by looking at the cpe. If the cpe is valid, i.e. start with the string “cpe:” and are longer then 10 chars, this is used for the search. If the search fails it falls back to the other search levels.

-

There are at the moment two different heuristics implemented which define how and in which order to search the cveSearch DB.

-

They can actually be combined, i.e. one could be the fallback of the other.

-

Guessing heuristic (the new one)

-

The matching of vendor- and product-names is improved by using a lists of actual vendors resp. actual products of an vendor.

-

From the information given for a release, which is expected to be either of the form

-
    -
  1. vendor="VENDOR_NAME", name="PRODUCT_NAME" and a version or
    2. -
  2. vendor="", name="VENDOR_NAME PRODUCT_NAME" and a version (as generated by the bdpimport).
    3. -
-

we try to find the best matches from the vendors list and then for these ones the best matches in their respective product lists. -The first run includes the version, and if no matching product with the correct version is found, a second run is made without the version restriction.

-
Modified Levenshtein distance
-

For the definition which matches are good we use a variation of the Levenshtein distance with some asymmetric modifications. In the following we will call the left side needle and the right side haystack. The needles will come from the lists and the haystack will be (parts of) the raw information extracted from the release. The defining rules are

-
    -
  1. Our Levenshtein distance is equal to the regular Levenshtein distance, if the haystack does not contain any spaces.
    2. -
  2. Skipping a prefix ending with a space or of the haystack does not cost anything, i.e. does not increase the distance
    3. -
  3. Skipping a postfix starting with a space of the haystack does not cost anything, i.e. does not increase the distance
    4. -
  4. If either the needle or the haystack is empty, the distance is Integer.MAX_VALUE
    5. -
-

This means that the string "needle" has

-
    -
  • distance 0 to itself, i.e. "needle"
    • -
  • distance 0 to itself plus a postfix separated by a space, e.g. "needle postfix"
    • -
  • distance 0 to itself plus a prefix separated by a space, e.g. "prefix needle"
    • -
  • distance 2 to something which has regular distance of 2 surrounded by a prefix and a postfix which are separated by spaces, e.g. "prefix nedles postfix"
    • -
-
Configuration
-

The finetuning parameters can be configured by setting the following properties in /etc/sw360/sw360.properties or in the configuration.yml

-
cvesearch.default.vendor.threshold=1
+Vulnerability Management | Eclipse SW360
+
Vulnerability Management
SW360 Vulnerability Portlet
In the vulnerability portlet, you can view the vulnerabilites that are currently present in SW360 in more detail, independent of the release or project they apply to. Clicking on the top level entry Vulnerabilities, a table listing all vulnerabilities is shown:
Clicking on a vulnerability entry in the table, the details view of this vulnerability is shown.
The details view is also linked from the vulnerabilities view in the project portlet and component and release portlet, respectively.
Vulnerability Verification for Releases
Vulnerabilities automatically imported into SW360 - e.g. via the CVE search connection of SW360 - can be applicable for a release or not. The latter can happen, because release data in SW360 is incorrect or not complete. Then the CVE search service uses a more general search pattern yielding a lot of vulnerabilities, only some of which actually apply to the release. Therefore, in SW360 a vulnerability can be marked for a given release with one of the following verification states:
  1. NOT CHECKED
  2. CHECKED
  3. INCORRECT
Only admins can mark a vulnerability or change the verification state and enter a comment to give reasons for the change. The verification state and the meta-information (when and by whom the verification state was changed and the comment) are stored as VerificationStateInfo at the appropriate ReleaseVulnerabilityRelation.
The verification state is displayed in the detail mode of a release, at vulnerabilities in the column Verification of the vulnerability table. User without admin-rights can only see the vulnerabilities that are NOT CHECKED or CHECKED together with a tooltip containing the meta-info. The INCORRECT vulnerabilities are hidden from users without admin rights in the release detail view and also in the component detail view and in the project detail view.
Admins see in the same table a dropdown menu, where they can adjust the state. An admin is shown all vulnerabilities belonging to a project, component or release, also those that are marked as INCORRECT.
Vulnerability Rating for Projects
In the detail view of a project, in the category Vulnerabilites, the vulnerabilities belonging to the linked releases of the project are shown. Such a vulnerability in the context of a certain project can be assigned one of the following Ratings:
  1. NOT CHECKED
  2. IRRELEVANT
  3. RESOLVED
  4. APPLICABLE
Those ratings are shown in the vulnerability table of the project details view. A user that has writing permission for the project can change the rating via a drop-down menu. If he changes the value, he is asked to enter a comment. The VulnerabilityRating together with the meta-data (who has changed the rating, date of change of the rating and comment) is stored in one database object ProjectVulnerabilityRating per project.
A user that has no writing permission on the project is shown the Vulnerability Rating in the table without the possibility to change the value.
The number of vulnerabilities for a project with rating NOT CHECKED is displayed in the bullet of the Vulnerability tab of the project detail view. The bullet is red if there are vulnerabilities with status NOT CHECKED for the project. In the example 7 of the 10 existing vulnerabilities are NOT CHECKED.
Change History for Vulnerability Ratings and Verifications
The complete list of status changes for vulnerability ratings in the project portlet and for vulnerability verifications in the component portlet is shown when hovering with the mouse over the vulnerability rating/verification in the table. This is shown for the project vulnerability table in the picture below.
#CVE-Search
Automatic update of vulnerabilities
See this use case.
Heuristics
All heuristics start by looking at the cpe. If the cpe is valid, i.e. start with the string “cpe:” and are longer then 10 chars, this is used for the search. If the search fails it falls back to the other search levels.
There are at the moment two different heuristics implemented which define how and in which order to search the cveSearch DB.
They can actually be combined, i.e. one could be the fallback of the other.
Guessing heuristic (the new one)
The matching of vendor- and product-names is improved by using a lists of actual vendors resp. actual products of an vendor.
From the information given for a release, which is expected to be either of the form
  1. vendor="VENDOR_NAME", name="PRODUCT_NAME" and a version or
  2. vendor="", name="VENDOR_NAME PRODUCT_NAME" and a version (as generated by the bdpimport).
we try to find the best matches from the vendors list and then for these ones the best matches in their respective product lists.
+The first run includes the version, and if no matching product with the correct version is found, a second run is made without the version restriction.
Modified Levenshtein distance
For the definition which matches are good we use a variation of the Levenshtein distance with some asymmetric modifications. In the following we will call the left side needle and the right side haystack. The needles will come from the lists and the haystack will be (parts of) the raw information extracted from the release. The defining rules are
  1. Our Levenshtein distance is equal to the regular Levenshtein distance, if the haystack does not contain any spaces.
  2. Skipping a prefix ending with a space or of the haystack does not cost anything, i.e. does not increase the distance
  3. Skipping a postfix starting with a space of the haystack does not cost anything, i.e. does not increase the distance
  4. If either the needle or the haystack is empty, the distance is Integer.MAX_VALUE
This means that the string "needle" has
  • distance 0 to itself, i.e. "needle"
  • distance 0 to itself plus a postfix separated by a space, e.g. "needle postfix"
  • distance 0 to itself plus a prefix separated by a space, e.g. "prefix needle"
  • distance 2 to something which has regular distance of 2 surrounded by a prefix and a postfix which are separated by spaces, e.g. "prefix nedles postfix"
Configuration
The finetuning parameters can be configured by setting the following properties in /etc/sw360/sw360.properties or in the configuration.yml
cvesearch.default.vendor.threshold=1
 cvesearch.default.product.threshold=0
 cvesearch.default.cutoff=6
-

-
Finetuning

-
There are three variables which can be used for finetuning of the algorithm

-
    
-
  • cutoff (defaults to Integer.MAX_VALUE, i.e. no cutoff)
    • 
-
  • vendorThreshold (defaults to 0, i.e. no vendor threshold)
    • 
-
  • productThreshold (defaults to 0, i.e. no product threshold)
    • 
-

-
Cons

-
    
-
  • is not able to find anything if no vendor but a unique product is given
    • 
-
  • many search queries
    • 
-
  • it will always try find the best match, e.g. also very bad matches, if cutoff is to large
    • 
-

-
Display How a Vulnerability was Found

-
In the vulnerability tables of the projects portlet and the component and release portlet you can see, whether a vulnerability was found directly by the CPE or by heuristics. In the latter case, also the distance (and therefore the quality of the match with 0 = best possible match) is displayed.

-

-
In addition, below the vulnerability tables of the projects portlet and the component and release portlet, you can see the number of directly linked releases that was found by CPE or heuristic, respectively:

-

-
Example 1: {vendor="Apache",name="Maven",version="3.0.4"}

-
Basic heuristic

-
This heuristic builds in the first step the correct needle
-cpe:2.3:.:.*apache.*maven.*3.0.4.* and finds the cpe cpe:2.3:a:apache:maven:3.0.4

-
Guessing heuristic

-
The heuristic guesses the vendor apache and the product maven. Together with the version this results in the same cpe-needle cpe:2.3:.:.*apache.*maven.*3.0.4.*.

-
Example 2: {vendor="",name="Apache Maven",version="3.0.4"}

-
Basic heuristic

-
The first levels of this heuristic fails until the sixth level which does not use the vendor. The resulting needle is then cpe:2.3:.:.*apache.*maven.*3.0.4.* and finds the cpe cpe:2.3:a:apache:maven:3.0.4

-
Guessing heuristic

-
The heuristic guesses the vendor apache since it is a substring of apache maven and thus has distance 0, the same is true for the productname maven which results in the same cpe-needle as above.

-
-        

-    
-    
-    
-    
-    
-    
-    
-    
-    

-        
-            
-            

-                

-                    Vulnerabilities
-                

-                

-            

-        
-            
-            

-                

-                    Search Vulnerabilities
-                

-                
How to Check for Vulnerabilities Affecting Your Project

-            

-        
-    
-

-
-	
-	
-	

-  Last modified March 29, 2023: upd(project): Major updates (3fc96db)
-

-
-

-
-          

-        

-      

-      
-
-
-    

-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+
Finetuning

There are three variables which can be used for finetuning of the algorithm

  • cutoff (defaults to Integer.MAX_VALUE, i.e. no cutoff)
  • vendorThreshold (defaults to 0, i.e. no vendor threshold)
  • productThreshold (defaults to 0, i.e. no product threshold)

Cons

  • is not able to find anything if no vendor but a unique product is given
  • many search queries
  • it will always try find the best match, e.g. also very bad matches, if cutoff is to large

Display How a Vulnerability was Found

In the vulnerability tables of the projects portlet and the component and release portlet you can see, whether a vulnerability was found directly by the CPE or by heuristics. In the latter case, also the distance (and therefore the quality of the match with 0 = best possible match) is displayed.

In addition, below the vulnerability tables of the projects portlet and the component and release portlet, you can see the number of directly linked releases that was found by CPE or heuristic, respectively:

Example 1: {vendor="Apache",name="Maven",version="3.0.4"}

Basic heuristic

This heuristic builds in the first step the correct needle +cpe:2.3:.:.*apache.*maven.*3.0.4.* and finds the cpe cpe:2.3:a:apache:maven:3.0.4

Guessing heuristic

The heuristic guesses the vendor apache and the product maven. Together with the version this results in the same cpe-needle cpe:2.3:.:.*apache.*maven.*3.0.4.*.

Example 2: {vendor="",name="Apache Maven",version="3.0.4"}

Basic heuristic

The first levels of this heuristic fails until the sixth level which does not use the vendor. The resulting needle is then cpe:2.3:.:.*apache.*maven.*3.0.4.* and finds the cpe cpe:2.3:a:apache:maven:3.0.4

Guessing heuristic

The heuristic guesses the vendor apache since it is a substring of apache maven and thus has distance 0, the same is true for the productname maven which results in the same cpe-needle as above.

Vulnerabilities

Search Vulnerabilities

How to Check for Vulnerabilities Affecting Your Project

Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/vulnerabilitymanagement/index.xml b/docs/administrationguide/vulnerabilitymanagement/index.xml index bb17675..ac4ac32 100644 --- a/docs/administrationguide/vulnerabilitymanagement/index.xml +++ b/docs/administrationguide/vulnerabilitymanagement/index.xml @@ -1,162 +1,118 @@ - - - Eclipse SW360 – Vulnerability Management - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/ - Recent content in Vulnerability Management on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Vulnerabilities - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/ - - - - <h1 id="50-vulnerabilities">5.0 Vulnerabilities</h1> -<p>A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases.</p> -<p>To open Vulnerabilities page, click on the <strong>Vulnerabilities tab</strong> from the main menu.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#52-quick-filter">Quick Filter</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#53-advanced-filter">Advanced Filter</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#51-vulnerabilities-list">Vulnerabilities List</a></td> -</tr> -</tbody> -</table> -<h2 id="51-vulnerabilities-list">5.1 Vulnerabilities List</h2> -<p>On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information:</p> -<ol> -<li><strong>External Id</strong> of the vulnerabilities.</li> -<li><strong>Title</strong> of the vulnerabilities.</li> -<li><strong>Weighting</strong>.</li> -<li><strong>Publish date</strong>: This is the date that the vulnerability was published.</li> -<li><strong>Last Update</strong>: This is the date that the vulnerability was last updated.</li> -</ol> -<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> -<h2 id="52-quick-filter">5.2 Quick Filter</h2> -<p>You can use the <strong>Quick Filter</strong> to search for a vulnerability. To search for a particular vulnerability, use the type field.</p> -<h2 id="53-advanced-filter">5.3 Advanced Filter</h2> -<p>The <strong>Advance Filter</strong> dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure:</p> -<ol> -<li>Search the Vulnerability by <strong>CVE ID</strong> (Common Vulnerabilities and Exposures).</li> -<li>Search the vulnerability by <strong>Vulnerable Configuration</strong>.</li> -</ol> -<h2 id="54-view-vulnerability">5.4 View Vulnerability</h2> -<p>To open a view mode for a Vulnerability:</p> -<p>Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the <strong>External ID</strong>. When you click on External ID for a vulnerability you are displayed with the following information:</p> -<ul> -<li>Summary</li> -<li>Metadata</li> -<li>References</li> -</ul> -<p><code>NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.</code></p> -<h3 id="a-summary">A. Summary</h3> -<p>To view summary information for the vulnerability, click on <strong>Summary</strong>. You can now view the following vulnerability information:</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png" alt=""></p> -<ul> -<li>Title</li> -<li>Description</li> -<li>External ID</li> -<li>Publish date</li> -<li>Last update date</li> -<li>Priority</li> -<li>Priority Text</li> -<li>Action</li> -<li>Impact</li> -<li>Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool.</li> -<li>Assigned External Component IDs</li> -<li>Vendor Advisories: Here you can view the vendor and a web address to the release</li> -<li>Vulnerability Scoring (CVVS)</li> -<li>Access</li> -<li>Common Weakness enumerations</li> -<li>Vulnerable Configurations</li> -<li>Linked releases: List of all the releases that the vulnerability is linked to.</li> -</ul> -<h3 id="b-metadata-to-be-added">B. Metadata (To be added)</h3> -<p>To view metadata for the vulnerability, click on <strong>Metadata</strong>.</p> -<h3 id="c-references">C. References</h3> -<p>To view all the references for the vulnerability, click on <strong>References</strong>. -This page lists all referenced websites.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png" alt=""></p> - - - - - - Docs: Search Vulnerabilities - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/ - - - - <p>The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. -The CVE-search service runs automatically at the time that has been scheduled by one of the <code>SW360-admins</code>. -Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project.</p> -<h2 id="vulnerabilites-in-the-project-portlet">Vulnerabilites in the Project Portlet</h2> -<p>After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the <code>Projects Portlet</code>. -To that end, open the <code>Projects Portlet</code> and click on your project:</p> -<p><img src="./images/UCVulnerabilitiesProject/01_SelectProject.png" alt=""></p> -<p>In the <code>Vulnerabilities tab</code> on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked -to your project. Actually, you see two numbers. The left number indicates how many vulnerabilities have not been evaluated or <code>rated</code> for this project yet. -Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey.</p> -<p><img src="./images/UCVulnerabilitiesProject/02_NumberOfVulnerabilities.png" alt=""></p> -<h2 id="the-vulnerabilities-tab">The Vulnerabilities Tab</h2> -<p>To view (and to rate the vulnerabilities for the project), click on the <code>Vulnerabilities Tab</code>. A list of vulnerabilities occurs. Each vulnerability has been found -for one of the releases that are directly linked to your project. In the first column, you see the name of that release.</p> -<p><img src="./images/UCVulnerabilitiesProject/03_VulnerabilityListProject.png" alt=""></p> -<p>By clicking on the <code>external id</code> of a vulnerability, you can view the details of the vulnerability in the <code>Vulnerability Portlet</code>. -More details about the <code>Vulnerability Portlet</code> can be found <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#the-vulnerability-portlet">here</a>. -The column <code>Priority</code> contains no special information when using <code>CVE-Search</code>, it is used when importing vulnerability information from different sources. -In the column <code>Matched By</code>, you see the <code>distance</code> with which the vulnerability was found, and in the mouse-over the corresponding <code>needle</code> is displayed. -Below the table, you see a report about how many vulnerabilities in your project were found with which <code>distance</code> by <code>heuristics</code> and how many of them have been found by a <code>matching CPE</code> respectively. -For more details on <code>distances</code>, <code>matches</code> and <code>needles</code>, click <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#heuristics">here</a>. -In the column <code>Title</code>, the <code>External id</code> is repeated, and in the mouse-over, you can read the <code>description</code> of the vulnerability.</p> -<h2 id="evaluating-vulnerabilities-for-your-project">Evaluating Vulnerabilities for your Project</h2> -<p>If you are allowed to edit the project, you can also <code>rate</code> the relevance of the vulnerability for your project. In this case, the column <code>Relevance for project</code> contains -drop-down menus, where you can select a <code>rating</code> for each vulnerability (compare <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#vulnerability-rating-for-projects">here</a>). -To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click <code>OK</code>.</p> -<p><img src="./images/UCVulnerabilitiesProject/04_ChangeRating.png" alt=""></p> -<p>In order to update the number of checked and unchecked vulnerabilities in the bullet of the <code>Vulnerability tab</code>, you have to reload. -After that, you can also view the <code>history of rating changes</code> in the mouse-over of the corresponding vulnerability, -see also <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#change-history-for-vulnerability-ratings-and-verifications">here</a>.</p> -<p>You can also view the vulnerabilities associated with a <code>component</code> and those associated with a <code>release</code> in the <code>Components Portlet</code>. +Eclipse SW360 – Vulnerability Managementhttps://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/Recent content in Vulnerability Management on Eclipse SW360Hugo -- gohugo.ioDocs: Vulnerabilitieshttps://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/ +<h1 id="50-vulnerabilities">5.0 Vulnerabilities</h1> +<p>A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases.</p> +<p>To open Vulnerabilities page, click on the <strong>Vulnerabilities tab</strong> from the main menu.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerabilities_Page.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#52-quick-filter">Quick Filter</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#53-advanced-filter">Advanced Filter</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#51-vulnerabilities-list">Vulnerabilities List</a></td> +</tr> +</tbody> +</table> +<h2 id="51-vulnerabilities-list">5.1 Vulnerabilities List</h2> +<p>On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information:</p> +<ol> +<li><strong>External Id</strong> of the vulnerabilities.</li> +<li><strong>Title</strong> of the vulnerabilities.</li> +<li><strong>Weighting</strong>.</li> +<li><strong>Publish date</strong>: This is the date that the vulnerability was published.</li> +<li><strong>Last Update</strong>: This is the date that the vulnerability was last updated.</li> +</ol> +<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> +<h2 id="52-quick-filter">5.2 Quick Filter</h2> +<p>You can use the <strong>Quick Filter</strong> to search for a vulnerability. To search for a particular vulnerability, use the type field.</p> +<h2 id="53-advanced-filter">5.3 Advanced Filter</h2> +<p>The <strong>Advance Filter</strong> dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure:</p> +<ol> +<li>Search the Vulnerability by <strong>CVE ID</strong> (Common Vulnerabilities and Exposures).</li> +<li>Search the vulnerability by <strong>Vulnerable Configuration</strong>.</li> +</ol> +<h2 id="54-view-vulnerability">5.4 View Vulnerability</h2> +<p>To open a view mode for a Vulnerability:</p> +<p>Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the <strong>External ID</strong>. When you click on External ID for a vulnerability you are displayed with the following information:</p> +<ul> +<li>Summary</li> +<li>Metadata</li> +<li>References</li> +</ul> +<p><code>NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.</code></p> +<h3 id="a-summary">A. Summary</h3> +<p>To view summary information for the vulnerability, click on <strong>Summary</strong>. You can now view the following vulnerability information:</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_Summary.png" alt=""></p> +<ul> +<li>Title</li> +<li>Description</li> +<li>External ID</li> +<li>Publish date</li> +<li>Last update date</li> +<li>Priority</li> +<li>Priority Text</li> +<li>Action</li> +<li>Impact</li> +<li>Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool.</li> +<li>Assigned External Component IDs</li> +<li>Vendor Advisories: Here you can view the vendor and a web address to the release</li> +<li>Vulnerability Scoring (CVVS)</li> +<li>Access</li> +<li>Common Weakness enumerations</li> +<li>Vulnerable Configurations</li> +<li>Linked releases: List of all the releases that the vulnerability is linked to.</li> +</ul> +<h3 id="b-metadata-to-be-added">B. Metadata (To be added)</h3> +<p>To view metadata for the vulnerability, click on <strong>Metadata</strong>.</p> +<h3 id="c-references">C. References</h3> +<p>To view all the references for the vulnerability, click on <strong>References</strong>. +This page lists all referenced websites.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/VulnerabiblitiesPage/Vulnerability_References.png" alt=""></p>Docs: Search Vulnerabilitieshttps://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/ +<p>The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. +The CVE-search service runs automatically at the time that has been scheduled by one of the <code>SW360-admins</code>. +Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project.</p> +<h2 id="vulnerabilites-in-the-project-portlet">Vulnerabilites in the Project Portlet</h2> +<p>After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the <code>Projects Portlet</code>. +To that end, open the <code>Projects Portlet</code> and click on your project:</p> +<p><img src="./images/UCVulnerabilitiesProject/01_SelectProject.png" alt=""></p> +<p>In the <code>Vulnerabilities tab</code> on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked +to your project. Actually, you see two numbers. The left number indicates how many vulnerabilities have not been evaluated or <code>rated</code> for this project yet. +Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey.</p> +<p><img src="./images/UCVulnerabilitiesProject/02_NumberOfVulnerabilities.png" alt=""></p> +<h2 id="the-vulnerabilities-tab">The Vulnerabilities Tab</h2> +<p>To view (and to rate the vulnerabilities for the project), click on the <code>Vulnerabilities Tab</code>. A list of vulnerabilities occurs. Each vulnerability has been found +for one of the releases that are directly linked to your project. In the first column, you see the name of that release.</p> +<p><img src="./images/UCVulnerabilitiesProject/03_VulnerabilityListProject.png" alt=""></p> +<p>By clicking on the <code>external id</code> of a vulnerability, you can view the details of the vulnerability in the <code>Vulnerability Portlet</code>. +More details about the <code>Vulnerability Portlet</code> can be found <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#the-vulnerability-portlet">here</a>. +The column <code>Priority</code> contains no special information when using <code>CVE-Search</code>, it is used when importing vulnerability information from different sources. +In the column <code>Matched By</code>, you see the <code>distance</code> with which the vulnerability was found, and in the mouse-over the corresponding <code>needle</code> is displayed. +Below the table, you see a report about how many vulnerabilities in your project were found with which <code>distance</code> by <code>heuristics</code> and how many of them have been found by a <code>matching CPE</code> respectively. +For more details on <code>distances</code>, <code>matches</code> and <code>needles</code>, click <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#heuristics">here</a>. +In the column <code>Title</code>, the <code>External id</code> is repeated, and in the mouse-over, you can read the <code>description</code> of the vulnerability.</p> +<h2 id="evaluating-vulnerabilities-for-your-project">Evaluating Vulnerabilities for your Project</h2> +<p>If you are allowed to edit the project, you can also <code>rate</code> the relevance of the vulnerability for your project. In this case, the column <code>Relevance for project</code> contains +drop-down menus, where you can select a <code>rating</code> for each vulnerability (compare <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#vulnerability-rating-for-projects">here</a>). +To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click <code>OK</code>.</p> +<p><img src="./images/UCVulnerabilitiesProject/04_ChangeRating.png" alt=""></p> +<p>In order to update the number of checked and unchecked vulnerabilities in the bullet of the <code>Vulnerability tab</code>, you have to reload. +After that, you can also view the <code>history of rating changes</code> in the mouse-over of the corresponding vulnerability, +see also <a href="https://github.com/eclipse/sw360/wiki/Doc-Vulnerability-Management#change-history-for-vulnerability-ratings-and-verifications">here</a>.</p> +<p>You can also view the vulnerabilities associated with a <code>component</code> and those associated with a <code>release</code> in the <code>Components Portlet</code>. CVE Search associates vulnerabilities with a release in SW360 based on the data that SW360 knows for that release. -For a <code>release</code>, a <code>security admin</code> or an <code>admin</code> can judge whether a vulnerability does indeed refer to the <code>release</code>. -Vulnerabilities that have been classified as <code>INCORRECT</code> by an <code>admin</code> or <code>security admin</code> are not displayed to <code>USERs</code> any more and therefore do not distort the picture for your project.</p> - - - - - - +For a <code>release</code>, a <code>security admin</code> or an <code>admin</code> can judge whether a vulnerability does indeed refer to the <code>release</code>. +Vulnerabilities that have been classified as <code>INCORRECT</code> by an <code>admin</code> or <code>security admin</code> are not displayed to <code>USERs</code> any more and therefore do not distort the picture for your project.</p> \ No newline at end of file diff --git a/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html b/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html index c6a344b..ccf3a9e 100644 --- a/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html +++ b/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html @@ -1,807 +1,108 @@ - - - - - - - - - - - - - - - - - - - - -Search Vulnerabilities | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Search Vulnerabilities

-
How to Check for Vulnerabilities Affecting Your Project
-
- - - - - - - - - - - - - -
-

The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. +Search Vulnerabilities | Eclipse SW360 +

Search Vulnerabilities

How to Check for Vulnerabilities Affecting Your Project

The CVE-Search service of SW360 checks for vulnerabilities that affect releases present in SW360. The CVE-search service runs automatically at the time that has been scheduled by one of the SW360-admins. -Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project.

-

Vulnerabilites in the Project Portlet

-

After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the Projects Portlet. -To that end, open the Projects Portlet and click on your project:

-

-

In the Vulnerabilities tab on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked +Typically, this will happen at night. So, in the beginning, SW360 does not know any vulnerabilities for your project.

Vulnerabilites in the Project Portlet

After a CVE-search run has been finished, you can see the number of vulnerabilities associated with your project in the Projects Portlet. +To that end, open the Projects Portlet and click on your project:

In the Vulnerabilities tab on the left hand side, you see the number of vulnerabilites that have been found for the releases that are directly linked to your project. Actually, you see two numbers. The left number indicates how many vulnerabilities have not been evaluated or rated for this project yet. -Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey.

-

-

The Vulnerabilities Tab

-

To view (and to rate the vulnerabilities for the project), click on the Vulnerabilities Tab. A list of vulnerabilities occurs. Each vulnerability has been found -for one of the releases that are directly linked to your project. In the first column, you see the name of that release.

-

-

By clicking on the external id of a vulnerability, you can view the details of the vulnerability in the Vulnerability Portlet. -More details about the Vulnerability Portlet can be found here. +Whenever this number is positive, the bullet surrounding the numbers will be red. Otherwise the bullet is grey.

The Vulnerabilities Tab

To view (and to rate the vulnerabilities for the project), click on the Vulnerabilities Tab. A list of vulnerabilities occurs. Each vulnerability has been found +for one of the releases that are directly linked to your project. In the first column, you see the name of that release.

By clicking on the external id of a vulnerability, you can view the details of the vulnerability in the Vulnerability Portlet. +More details about the Vulnerability Portlet can be found here. The column Priority contains no special information when using CVE-Search, it is used when importing vulnerability information from different sources. In the column Matched By, you see the distance with which the vulnerability was found, and in the mouse-over the corresponding needle is displayed. Below the table, you see a report about how many vulnerabilities in your project were found with which distance by heuristics and how many of them have been found by a matching CPE respectively. -For more details on distances, matches and needles, click here. -In the column Title, the External id is repeated, and in the mouse-over, you can read the description of the vulnerability.

-

Evaluating Vulnerabilities for your Project

-

If you are allowed to edit the project, you can also rate the relevance of the vulnerability for your project. In this case, the column Relevance for project contains -drop-down menus, where you can select a rating for each vulnerability (compare here). -To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click OK.

-

-

In order to update the number of checked and unchecked vulnerabilities in the bullet of the Vulnerability tab, you have to reload. +For more details on distances, matches and needles, click here. +In the column Title, the External id is repeated, and in the mouse-over, you can read the description of the vulnerability.

Evaluating Vulnerabilities for your Project

If you are allowed to edit the project, you can also rate the relevance of the vulnerability for your project. In this case, the column Relevance for project contains +drop-down menus, where you can select a rating for each vulnerability (compare here). +To change the rating for a project, simply select a different value from the drop-down menu, enter a comment and click OK.

In order to update the number of checked and unchecked vulnerabilities in the bullet of the Vulnerability tab, you have to reload. After that, you can also view the history of rating changes in the mouse-over of the corresponding vulnerability, -see also here.

-

You can also view the vulnerabilities associated with a component and those associated with a release in the Components Portlet. +see also here.

You can also view the vulnerabilities associated with a component and those associated with a release in the Components Portlet. CVE Search associates vulnerabilities with a release in SW360 based on the data that SW360 knows for that release. For a release, a security admin or an admin can judge whether a vulnerability does indeed refer to the release. -Vulnerabilities that have been classified as INCORRECT by an admin or security admin are not displayed to USERs any more and therefore do not distort the picture for your project.

- - - -
- Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Vulnerabilities that have been classified as INCORRECT by an admin or security admin are not displayed to USERs any more and therefore do not distort the picture for your project.

Last modified March 29, 2023: upd(project): Major updates (3fc96db)
+ + + \ No newline at end of file diff --git a/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html b/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html index c1da067..c5b45c7 100644 --- a/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html +++ b/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html @@ -1,872 +1,97 @@ - - - - - - - - - - - - - - - - - - - - -Vulnerabilities | Eclipse SW360 - - -Vulnerabilities | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Vulnerabilities

- -
- - - - - - - - - - - - - -
-

5.0 Vulnerabilities

-

A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases.

-

To open Vulnerabilities page, click on the Vulnerabilities tab from the main menu.

- -
- -
- - - - - - - - - - - - - - - - - - - - - - -
Sl.No.Description
1Quick Filter
2Advanced Filter
3Vulnerabilities List
-

5.1 Vulnerabilities List

-

On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information:

-
    -
  1. External Id of the vulnerabilities.
    2. -
  2. Title of the vulnerabilities.
    3. -
  3. Weighting.
    4. -
  4. Publish date: This is the date that the vulnerability was published.
    5. -
  5. Last Update: This is the date that the vulnerability was last updated.
    6. -
-

NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

-

5.2 Quick Filter

-

You can use the Quick Filter to search for a vulnerability. To search for a particular vulnerability, use the type field.

-

5.3 Advanced Filter

-

The Advance Filter dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure:

-
    -
  1. Search the Vulnerability by CVE ID (Common Vulnerabilities and Exposures).
    2. -
  2. Search the vulnerability by Vulnerable Configuration.
    3. -
-

5.4 View Vulnerability

-

To open a view mode for a Vulnerability:

-

Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the External ID. When you click on External ID for a vulnerability you are displayed with the following information:

-
    -
  • Summary
    • -
  • Metadata
    • -
  • References
    • -
-

NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.

-

A. Summary

-

To view summary information for the vulnerability, click on Summary. You can now view the following vulnerability information:

-

-
    -
  • Title
    • -
  • Description
    • -
  • External ID
    • -
  • Publish date
    • -
  • Last update date
    • -
  • Priority
    • -
  • Priority Text
    • -
  • Action
    • -
  • Impact
    • -
  • Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool.
    • -
  • Assigned External Component IDs
    • -
  • Vendor Advisories: Here you can view the vendor and a web address to the release
    • -
  • Vulnerability Scoring (CVVS)
    • -
  • Access
    • -
  • Common Weakness enumerations
    • -
  • Vulnerable Configurations
    • -
  • Linked releases: List of all the releases that the vulnerability is linked to.
    • -
-

B. Metadata (To be added)

-

To view metadata for the vulnerability, click on Metadata.

-

C. References

-

To view all the references for the vulnerability, click on References. -This page lists all referenced websites.

-

- - - -
- Last modified March 29, 2023: upd(project): Major updates (0672702) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Sl.No. Description 1 Quick Filter 2 Advanced Filter 3 Vulnerabilities List 5."> +

Vulnerabilities

5.0 Vulnerabilities

A vulnerability is a security flaw, glitch, or weakness found in software code that could be exploited by an attacker (threat source). Vulnerabilities page lists all the vulnerabilities that are available in SW360. The Vulnerabilities are synced from SVM tools. They are listed independently without any relation to their linked projects/components/releases.

To open Vulnerabilities page, click on the Vulnerabilities tab from the main menu.

Sl.No.Description
1Quick Filter
2Advanced Filter
3Vulnerabilities List

5.1 Vulnerabilities List

On the Vulnerabilities page, you can view all the vulnerabilities that are available. The vulnerabilities are listed with the following information:

  1. External Id of the vulnerabilities.
  2. Title of the vulnerabilities.
  3. Weighting.
  4. Publish date: This is the date that the vulnerability was published.
  5. Last Update: This is the date that the vulnerability was last updated.

NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

5.2 Quick Filter

You can use the Quick Filter to search for a vulnerability. To search for a particular vulnerability, use the type field.

5.3 Advanced Filter

The Advance Filter dialogue box allows you to search for a particular vulnerability. To search for a vulnerability, follow the procedure:

  1. Search the Vulnerability by CVE ID (Common Vulnerabilities and Exposures).
  2. Search the vulnerability by Vulnerable Configuration.

5.4 View Vulnerability

To open a view mode for a Vulnerability:

Search for the Vulnerability you want to view or navigate from the Vulnerability list and click on the External ID. When you click on External ID for a vulnerability you are displayed with the following information:

  • Summary
  • Metadata
  • References

NOTE: YOU CAN ONLY VIEW THE DATA AS THIS IS AN UNEDITABLE FIELD.

A. Summary

To view summary information for the vulnerability, click on Summary. You can now view the following vulnerability information:

  • Title
  • Description
  • External ID
  • Publish date
  • Last update date
  • Priority
  • Priority Text
  • Action
  • Impact
  • Legal notice: Here you can view the when the vulnerability is synced from which external SVM tool.
  • Assigned External Component IDs
  • Vendor Advisories: Here you can view the vendor and a web address to the release
  • Vulnerability Scoring (CVVS)
  • Access
  • Common Weakness enumerations
  • Vulnerable Configurations
  • Linked releases: List of all the releases that the vulnerability is linked to.

B. Metadata (To be added)

To view metadata for the vulnerability, click on Metadata.

C. References

To view all the references for the vulnerability, click on References. +This page lists all referenced websites.

Last modified March 29, 2023: upd(project): Major updates (0672702)
+ + + \ No newline at end of file diff --git a/docs/deployment/baremetal/deploy-natively/index.html b/docs/deployment/baremetal/deploy-natively/index.html index cca4873..39d5c86 100644 --- a/docs/deployment/baremetal/deploy-natively/index.html +++ b/docs/deployment/baremetal/deploy-natively/index.html @@ -1,855 +1,121 @@ - - - - - - - - - - - - - - - - - - - - -Ubuntu 22.04 / Debian 11 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Ubuntu 22.04 / Debian 11

-
Bare metal deployment with Debian based Linux
-
- - - - - - - - - - - - - -
-

Introduction

-

We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as Mac OSX (amd64 only).

-

Requirements

-

The installation consists of quite some tasks, as an overview:

-
    -
  • Java 11
    • -
  • Postgresql >= 15.x
    • -
  • CouchDB >= 3.2.x
    • -
  • Thrift 0.18.1
    • -
  • Liferay CE 7.4.3 GA18
    • -
-

Initial steps

-

In order to “calibrate the system” just run the update / upgrade cycle once:

-
sudo apt update
-sudo apt upgrade
-

PostgreSQL

-

You can go ahead install postgresql:

-
sudo apt install postgresql
-

or whatever package version is suitable here, for example version 12 for ubuntu 20.04.

-

The configuration for Liferay will come later.

-

CouchDB

-

CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:

-
apt install curl gpg
-curl https://couchdb.apache.org/repo/keys.asc | sudo gpg –dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg
-echo “deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main” | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null
-sudo apt-get update -y
-sudo apt-get install -y couchdb
-

The installer will ask a couple of questions:

-
    -
  1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
    2. -
  2. Unless you know what you are doing, use standalone install intead of clustered option, for a regular single instalation.
    3. -
  3. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in couchdb.properties and place it centrally in /etc/sw360
    4. -
-

In case you added an admin accidentally and would like to remove it,

-

Thrift

-

For thrift, the helper install script is located on sw360 scripts/install-thrift.sh:

-
sudo ./install-thrift.sh
-

In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16

-

Java 11

-

If you do not have installed java 11 yet on your setup:

-
curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null
-echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.gpg
-

Dependencies

-

Use the included script located in:

-
./scripts/download_dependencies.sh
-

Required dependencies will be downloaded on the deps folder.

-

For liferay, unpack it, ideally in the /opt directory.

-

Install Couchdb Lucene

-

SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

-

For build the custom CLucene jar:

-
#!/bin/bash
-
-CLUCENE_VERSION=2.1.0
-mkdir /tmp/build
-curl -JL https://github.com/rnewson/couchdb-lucene/archive/v"$CLUCENE_VERSION".tar.gz | tar -C /tmp/build -xz --strip-components=1
-cp ./scripts/patches/couchdb-lucene.patch /tmp/build
-cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini 
-cd /tmp/build || exit 1
-patch -p1 < couchdb-lucene.patch \
-mvn -X install war:war \
-
-## Deploy New SW360
-
-Build with:
-
-```bash
-mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ \
-  -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests
-

Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

-
cd rest
-mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
-

Final Steps in Liferay

-

Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page.

-

This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment:

-

https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/

- - - -
- Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Ubuntu 22.04 / Debian 11 | Eclipse SW360 +

Ubuntu 22.04 / Debian 11

Bare metal deployment with Debian based Linux

Introduction

We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as Mac OSX (amd64 only).

Requirements

The installation consists of quite some tasks, as an overview:

  • Java 11
  • Postgresql >= 15.x
  • CouchDB >= 3.2.x
  • Thrift 0.18.1
  • Liferay CE 7.4.3 GA18

Initial steps

In order to “calibrate the system” just run the update / upgrade cycle once:

sudo apt update
+sudo apt upgrade
+

PostgreSQL

You can go ahead install postgresql:

sudo apt install postgresql
+

or whatever package version is suitable here, for example version 12 for ubuntu 20.04.

The configuration for Liferay will come later.

CouchDB

CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:

apt install curl gpg
+curl https://couchdb.apache.org/repo/keys.asc | sudo gpg –dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg
+echo “deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main” | sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null
+sudo apt-get update -y
+sudo apt-get install -y couchdb
+

The installer will ask a couple of questions:

  1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
  2. Unless you know what you are doing, use standalone install intead of clustered option, for a regular single instalation.
  3. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in couchdb.properties and place it centrally in /etc/sw360

In case you added an admin accidentally and would like to remove it,

Thrift

For thrift, the helper install script is located on sw360 scripts/install-thrift.sh:

sudo ./install-thrift.sh
+

In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16

Java 11

If you do not have installed java 11 yet on your setup:

curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg >/dev/null
+echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.gpg
+

Dependencies

Use the included script located in:

./scripts/download_dependencies.sh
+

Required dependencies will be downloaded on the deps folder.

For liferay, unpack it, ideally in the /opt directory.

Install Couchdb Lucene

SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

For build the custom CLucene jar:

#!/bin/bash
+
+CLUCENE_VERSION=2.1.0
+mkdir /tmp/build
+curl -JL https://github.com/rnewson/couchdb-lucene/archive/v"$CLUCENE_VERSION".tar.gz | tar -C /tmp/build -xz --strip-components=1
+cp ./scripts/patches/couchdb-lucene.patch /tmp/build
+cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini 
+cd /tmp/build || exit 1
+patch -p1 < couchdb-lucene.patch \
+mvn -X install war:war \
+
+## Deploy New SW360
+
+Build with:
+
+```bash
+mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ \
+  -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests
+

Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

cd rest
+mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
+

Final Steps in Liferay

Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page.

This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment:

https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/

Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
+ + + \ No newline at end of file diff --git a/docs/deployment/baremetal/index.html b/docs/deployment/baremetal/index.html index 8281403..3142668 100644 --- a/docs/deployment/baremetal/index.html +++ b/docs/deployment/baremetal/index.html @@ -1,780 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Bare Metal | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Bare Metal

-
SW360 Bare Metal Deployment
-
- - - - - - - - - - - - - -
- -
- - - - - - - - -
- - -
-
- Ubuntu 22.04 / Debian 11 -
-

Bare metal deployment with Debian based Linux

-
- - -
- - - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Bare Metal | Eclipse SW360 +

Bare Metal

SW360 Bare Metal Deployment
Ubuntu 22.04 / Debian 11

Bare metal deployment with Debian based Linux

Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/baremetal/index.xml b/docs/deployment/baremetal/index.xml index 62af28f..2bdd5a6 100644 --- a/docs/deployment/baremetal/index.xml +++ b/docs/deployment/baremetal/index.xml @@ -1,105 +1,76 @@ - - - Eclipse SW360 – Bare Metal - https://www.eclipse.org/sw360/docs/deployment/baremetal/ - Recent content in Bare Metal on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Ubuntu 22.04 / Debian 11 - https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/ - - - - <h2 id="introduction">Introduction</h2> -<p>We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as Mac OSX (amd64 only).</p> -<h2 id="requirements">Requirements</h2> -<p>The installation consists of quite some tasks, as an overview:</p> -<ul> -<li>Java 11</li> -<li>Postgresql &gt;= 15.x</li> -<li>CouchDB &gt;= 3.2.x</li> -<li>Thrift 0.18.1</li> -<li>Liferay CE 7.4.3 GA18</li> -</ul> -<h2 id="initial-steps">Initial steps</h2> -<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo apt update -</span></span><span style="display:flex;"><span>sudo apt upgrade -</span></span></code></pre></div><h2 id="postgresql">PostgreSQL</h2> -<p>You can go ahead install postgresql:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install postgresql -</span></span></code></pre></div><p>or whatever package version is suitable here, for example version 12 for ubuntu 20.04.</p> -<p>The configuration for Liferay will come later.</p> -<h2 id="couchdb">CouchDB</h2> -<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>apt install curl gpg -</span></span><span style="display:flex;"><span>curl https://couchdb.apache.org/repo/keys.asc | sudo gpg –dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg -</span></span><span style="display:flex;"><span><span style="color:#366">echo</span> “deb https://apache.jfrog.io/artifactory/couchdb-deb/ <span style="color:#069;font-weight:bold">$(</span>awk -F<span style="color:#555">=</span> <span style="color:#c30">&#39;/^VERSION_CODENAME/{print$2}&#39;</span> /etc/os-release<span style="color:#069;font-weight:bold">)</span> main” | sudo tee /etc/apt/sources.list.d/couchdb.list &gt;/dev/null -</span></span><span style="display:flex;"><span>sudo apt-get update -y -</span></span><span style="display:flex;"><span>sudo apt-get install -y couchdb -</span></span></code></pre></div><p>The installer will ask a couple of questions:</p> -<ol> -<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> -<li>Unless you know what you are doing, use standalone install intead of clustered option, for a regular single instalation.</li> -<li>Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> -</ol> -<p>In case you added an admin accidentally and would like to remove it,</p> -<h2 id="thrift">Thrift</h2> -<p>For thrift, the helper install script is located on sw360 <code>scripts/install-thrift.sh</code>:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo ./install-thrift.sh -</span></span></code></pre></div><p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16</p> -<h2 id="java-11">Java 11</h2> -<p>If you do not have installed java 11 yet on your setup:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg &gt;/dev/null -</span></span><span style="display:flex;"><span><span style="color:#366">echo</span> <span style="color:#c30">&#34;deb https://packages.adoptium.net/artifactory/deb </span><span style="color:#069;font-weight:bold">$(</span>awk -F<span style="color:#555">=</span> <span style="color:#c30">&#39;/^VERSION_CODENAME/{print$2}&#39;</span> /etc/os-release<span style="color:#069;font-weight:bold">)</span><span style="color:#c30"> main&#34;</span> | sudo tee /etc/apt/sources.list.d/adoptium.gpg -</span></span></code></pre></div><h2 id="dependencies">Dependencies</h2> -<p>Use the included script located in:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./scripts/download_dependencies.sh -</span></span></code></pre></div><p>Required dependencies will be downloaded on the deps folder.</p> -<p>For liferay, unpack it, ideally in the <code>/opt</code> directory.</p> -<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> -<p>For build the custom CLucene jar:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash -</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> -</span></span><span style="display:flex;"><span><span style="color:#033">CLUCENE_VERSION</span><span style="color:#555">=</span>2.1.0 -</span></span><span style="display:flex;"><span>mkdir /tmp/build -</span></span><span style="display:flex;"><span>curl -JL https://github.com/rnewson/couchdb-lucene/archive/v<span style="color:#c30">&#34;</span><span style="color:#033">$CLUCENE_VERSION</span><span style="color:#c30">&#34;</span>.tar.gz | tar -C /tmp/build -xz --strip-components<span style="color:#555">=</span><span style="color:#f60">1</span> -</span></span><span style="display:flex;"><span>cp ./scripts/patches/couchdb-lucene.patch /tmp/build -</span></span><span style="display:flex;"><span>cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini -</span></span><span style="display:flex;"><span><span style="color:#366">cd</span> /tmp/build <span style="color:#555">||</span> <span style="color:#366">exit</span> <span style="color:#f60">1</span> -</span></span><span style="display:flex;"><span>patch -p1 &lt; couchdb-lucene.patch <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>mvn -X install war:war <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">## Deploy New SW360</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>Build with: -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#c30">```</span>bash -</span></span><span style="display:flex;"><span>mvn clean package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/deploy/ <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -Dbackend.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests -</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#366">cd</span> rest -</span></span><span style="display:flex;"><span>mvn clean package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> -<p>Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page.</p> -<p>This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment:</p> -<p><a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/</a></p> - - - - - - +Eclipse SW360 – Bare Metalhttps://www.eclipse.org/sw360/docs/deployment/baremetal/Recent content in Bare Metal on Eclipse SW360Hugo -- gohugo.ioDocs: Ubuntu 22.04 / Debian 11https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/ +<h2 id="introduction">Introduction</h2> +<p>We are covering the update for Debian based Linux distros, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as Mac OSX (amd64 only).</p> +<h2 id="requirements">Requirements</h2> +<p>The installation consists of quite some tasks, as an overview:</p> +<ul> +<li>Java 11</li> +<li>Postgresql &gt;= 15.x</li> +<li>CouchDB &gt;= 3.2.x</li> +<li>Thrift 0.18.1</li> +<li>Liferay CE 7.4.3 GA18</li> +</ul> +<h2 id="initial-steps">Initial steps</h2> +<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>sudo apt update +</span></span><span style="display:flex;"><span>sudo apt upgrade +</span></span></code></pre></div><h2 id="postgresql">PostgreSQL</h2> +<p>You can go ahead install postgresql:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo apt install postgresql +</span></span></code></pre></div><p>or whatever package version is suitable here, for example version 12 for ubuntu 20.04.</p> +<p>The configuration for Liferay will come later.</p> +<h2 id="couchdb">CouchDB</h2> +<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>apt install curl gpg +</span></span><span style="display:flex;"><span>curl https://couchdb.apache.org/repo/keys.asc | sudo gpg –dearmor -o /etc/apt/trusted.gpg.d/couchdb-archive-keyring.gpg +</span></span><span style="display:flex;"><span><span style="color:#366">echo</span> “deb https://apache.jfrog.io/artifactory/couchdb-deb/ <span style="color:#069;font-weight:bold">$(</span>awk -F<span style="color:#555">=</span> <span style="color:#c30">&#39;/^VERSION_CODENAME/{print$2}&#39;</span> /etc/os-release<span style="color:#069;font-weight:bold">)</span> main” | sudo tee /etc/apt/sources.list.d/couchdb.list &gt;/dev/null +</span></span><span style="display:flex;"><span>sudo apt-get update -y +</span></span><span style="display:flex;"><span>sudo apt-get install -y couchdb +</span></span></code></pre></div><p>The installer will ask a couple of questions:</p> +<ol> +<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> +<li>Unless you know what you are doing, use standalone install intead of clustered option, for a regular single instalation.</li> +<li>Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> +</ol> +<p>In case you added an admin accidentally and would like to remove it,</p> +<h2 id="thrift">Thrift</h2> +<p>For thrift, the helper install script is located on sw360 <code>scripts/install-thrift.sh</code>:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo ./install-thrift.sh +</span></span></code></pre></div><p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16</p> +<h2 id="java-11">Java 11</h2> +<p>If you do not have installed java 11 yet on your setup:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>curl https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/trusted.gpg.d/apache-temurin.gpg &gt;/dev/null +</span></span><span style="display:flex;"><span><span style="color:#366">echo</span> <span style="color:#c30">&#34;deb https://packages.adoptium.net/artifactory/deb </span><span style="color:#069;font-weight:bold">$(</span>awk -F<span style="color:#555">=</span> <span style="color:#c30">&#39;/^VERSION_CODENAME/{print$2}&#39;</span> /etc/os-release<span style="color:#069;font-weight:bold">)</span><span style="color:#c30"> main&#34;</span> | sudo tee /etc/apt/sources.list.d/adoptium.gpg +</span></span></code></pre></div><h2 id="dependencies">Dependencies</h2> +<p>Use the included script located in:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./scripts/download_dependencies.sh +</span></span></code></pre></div><p>Required dependencies will be downloaded on the deps folder.</p> +<p>For liferay, unpack it, ideally in the <code>/opt</code> directory.</p> +<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> +<p>For build the custom CLucene jar:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash +</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> +</span></span><span style="display:flex;"><span><span style="color:#033">CLUCENE_VERSION</span><span style="color:#555">=</span>2.1.0 +</span></span><span style="display:flex;"><span>mkdir /tmp/build +</span></span><span style="display:flex;"><span>curl -JL https://github.com/rnewson/couchdb-lucene/archive/v<span style="color:#c30">&#34;</span><span style="color:#033">$CLUCENE_VERSION</span><span style="color:#c30">&#34;</span>.tar.gz | tar -C /tmp/build -xz --strip-components<span style="color:#555">=</span><span style="color:#f60">1</span> +</span></span><span style="display:flex;"><span>cp ./scripts/patches/couchdb-lucene.patch /tmp/build +</span></span><span style="display:flex;"><span>cp ./scripts/docker/couchdb-lucene.ini /tmp/build/src/main/resources/couchdb-lucene.ini +</span></span><span style="display:flex;"><span><span style="color:#366">cd</span> /tmp/build <span style="color:#555">||</span> <span style="color:#366">exit</span> <span style="color:#f60">1</span> +</span></span><span style="display:flex;"><span>patch -p1 &lt; couchdb-lucene.patch <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>mvn -X install war:war <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">## Deploy New SW360</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>Build with: +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#c30">```</span>bash +</span></span><span style="display:flex;"><span>mvn clean package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/deploy/ <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -Dbackend.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.18-ga4/tomcat-9.0.33/webapps/ -DskipTests +</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#366">cd</span> rest +</span></span><span style="display:flex;"><span>mvn clean package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/deploy/ -Dbackend.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3-ga18/tomcat-9.0.33/webapps/ -Drest.deploy.dir<span style="color:#555">=</span>/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ +</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> +<p>Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page.</p> +<p>This is the legacy guide for Liferay CE 7.3.3 but is valid for current 7.4.3 deployment:</p> +<p><a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/</a></p> \ No newline at end of file diff --git a/docs/deployment/deploy-authorization-concept/index.html b/docs/deployment/deploy-authorization-concept/index.html index b9c36e7..0f87fd2 100644 --- a/docs/deployment/deploy-authorization-concept/index.html +++ b/docs/deployment/deploy-authorization-concept/index.html @@ -1,799 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -Authorization Concept | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Authorization Concept

-
Describe different roles of authorization concepts on SW360
-
- - - - - - - - - - - - - -
-

The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: role and access model

-

Roles Overview

-

SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.

-

Setup Admin (Liferay Role)

-

The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.

-

SW360 Admin (Liferay Role)

-

The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role CLEARING_ADMIN. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the SW360_ADMIN role to allow users of this role to promote other users’s roles, follow these steps:

-
    -
  1. Go to control panel
    2. -
  2. Select the Users section
    3. -
  3. To subsection Roles
    4. -
  4. Select row for SW360 Admin and select action Define permissions.
    5. -
-

When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.

-

Clearing Admin (Liferay Role)

-

The clearing admin can change all component and release records and project records of the same group.

-

Security Admin (Liferay Role)

-

In addition to the user rights, the security admin can set security vulnerabilities to irrelevant

-

ECC Admin (Liferay Role)

-

In addition to the user rights, the ECC admin can manipulate ECC data.

-

User

-

A user can create, modify and delete all own (=self created) records. A user cannot change records of others

-

Summary

-

Moderation Requests

-

If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.

- - - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Authorization Concept | Eclipse SW360 +

Authorization Concept

Describe different roles of authorization concepts on SW360

The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: role and access model

Roles Overview

SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.

Setup Admin (Liferay Role)

The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.

SW360 Admin (Liferay Role)

The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role CLEARING_ADMIN. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the SW360_ADMIN role to allow users of this role to promote other users’s roles, follow these steps:

  1. Go to control panel
  2. Select the Users section
  3. To subsection Roles
  4. Select row for SW360 Admin and select action Define permissions.

When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.

Clearing Admin (Liferay Role)

The clearing admin can change all component and release records and project records of the same group.

Security Admin (Liferay Role)

In addition to the user rights, the security admin can set security vulnerabilities to irrelevant

ECC Admin (Liferay Role)

In addition to the user rights, the ECC admin can manipulate ECC data.

User

A user can create, modify and delete all own (=self created) records. A user cannot change records of others

Summary

Moderation Requests

If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.

Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-configuration-country-codes/index.html b/docs/deployment/deploy-configuration-country-codes/index.html index 0b6d59d..d5915f8 100644 --- a/docs/deployment/deploy-configuration-country-codes/index.html +++ b/docs/deployment/deploy-configuration-country-codes/index.html @@ -1,787 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -Configuring Country Codes | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Configuring Country Codes

-
SW360 provides a feature for showing country codes and country names
-
- - - - - - - - - - - - - -
-

This feature is available on:

-
    -
  • projects / Owner Country
    • -
  • components / Owner Country
    • -
-

Country Code List

-

Its supports preferred country codes, which are shown at the top of the country list.
-You can configure them by using the sw360.properties.

- - - - - - - - - - - - - - - -
sw360 properties keyvaluedefault
preferred.country.codes(ISO 3166-1 alpha-2)DE,AT,CH,US
- - - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Configuring Country Codes | Eclipse SW360 +

Configuring Country Codes

SW360 provides a feature for showing country codes and country names

This feature is available on:

  • projects / Owner Country
  • components / Owner Country

Country Code List

Its supports preferred country codes, which are shown at the top of the country list.
You can configure them by using the sw360.properties.

sw360 properties keyvaluedefault
preferred.country.codes(ISO 3166-1 alpha-2)DE,AT,CH,US
Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-configuration-files/index.html b/docs/deployment/deploy-configuration-files/index.html index 6c566f1..21b9034 100644 --- a/docs/deployment/deploy-configuration-files/index.html +++ b/docs/deployment/deploy-configuration-files/index.html @@ -1,1248 +1,175 @@ - - - - - - - - - - - - - - - - - - - - -Configurable Property Keys | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Configurable Property Keys

-
SW360 Configurable property keys
-
- - - - - - - - - - - - - -
-

Introduction

-

List of all applicable property files in sw360:

-
    -
  • sw360.properties
    • -
  • fossology.properties
    • -
  • couchdb.properties
    • -
  • search.properties
    • -
  • orgmapping.properties
    • -
  • databasetest.properties
    • -
  • authorization/application.yml
    • -
  • rest/application.yml
    • -
-

SW360.properties (/etc/sw360/sw360.properties)

-

The following table shall give an overview about the general sw360 configuration settings.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Property KeyDefault
licenseinfo.spdxparser.use-license-info-from-filestrue/false
mainline.state.enabled.for.usertrue/false
key.auth.emailEMAIL
key.auth.extidEXTID
key.auth.givennameGIVENNAME
key.auth.surnameSURNAME
key.auth.departmentDEPARTMENT
backend.urlhttp://127.0.0.1:8080
cvesearch.vendor.threshold1
cvesearch.product.threshold0
cvesearch.cutoff6
combined.cli.parser.external.id.correlation.key-
schedule.cvesearch.firstOffset.seconds0
schedule.cvesearch.interval.seconds“(246060)”
autostart-
rest.write.access.usergroupSW360_ADMIN
rest.access.token.validity.seconds3600
rest.security.client.idsw360-trusted-client
rest.security.client.secretsw360-secret
programming.languagesActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON
software.platformsAdobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)
operating.systemsAndroid,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS
clearing.teamsorg1,org2,org3
stateActive,Phase out,Unknown
project.typeCustomer Project,Internal Project,Product,Service,Inner Source
project.externalkeysinternal.id
license.identifiers-
component.categoriesframework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml
component.externalkeyscom.github.id,com.gitlab.id,purl.id
custommap.project.rolesStakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user
custommap.component.rolesCommitter,Contributor,Expert
custommap.release.rolesCommitter,Contributor,Expert
custommap.release.externalIds-
release.externalkeysorg.maven.id,com.github.id,com.gitlab.id,purl.id
projectimport.hosts-
preferred.country.codesDE,AT,CH,US
MailUtil_from_No_Reply__@sw360.org
MailUtil_host-
MailUtil_port25
MailUtil_enableStarttlsfalse
MailUtil_enableSslfalse
MailUtil_isAuthenticationNecessarytrue
MailUtil_login-
MailUtil_password-
MailUtil_enableDebugfalse
MailUtil_supportMailAddress-
defaultBegin-
defaultEnd-
unsubscribeNoticeBefore-
unsubscribeNoticeAfter-
-

fossology.properties (/etc/sw360/fossology.properties)

-

These configuration parameters are necessary to connect to a fossology server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Property KeyDefault
fossology.hostlocalhost
fossology.port22
fossology.usersw360
fossology.key.file/fossology.id_rsa
fossology.key.pub.file[fossology.key.file] + .pub
-

couchdb.properties (/etc/sw360/couchdb.properties)

-

CouchDB and Lucene serach configuration properties.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Property KeyDefault
couchdb.urlhttp://localhost:5984
couchdb.databasesw360db
couchdb.user-
couchdb.password-
couchdb.userdbsw360users
couchdb.attachmentssw360attachments
couchdb.fossologyKeyssw360fossologyKeys
couchdb.vulnerability_managementsw360vm
lucenesearch.limit25
lucenesearch.leading.wildcard*false
-
-

* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. (couchdb-lucene.ini is part of the couchdb-lucene .war package)
-[lucene]
-allowLeadingWildcard=true

-
-

search.properties (/etc/sw360/search.properties)

-

The following table shall give an overview about the specific search properties

- - - - - - - - - - - - - -
Property KeyDefault
search.name.max.length64
-

orgmapping.properties (/etc/sw360/orgmapping.properties)

-

This configuration file is used to activate the sw360 orgmapping feature.

- - - - - - - - - - - - - - - - - -
Property KeyDefault
match.prefixfalse
enable.custom.mappingfalse
-

databasetest.properties (/etc/sw360/databasetest.properties)

-

Just for couchdb database test purpose.

- - - - - - - - - - - - - - - - - - - - - - - - - -
Property KeyDefault
couch_db_urlhttp://localhost:5984
couch_db_databasedatahandlertestdb
couchdb.username-
couchdb.password-
-

authorization/application.yml (/etc/sw360/authorization/application.yml)

-

All of the following built-in properties can be overridden:

-

-# Port to open in standalone mode
-server:
-  port: 8090
-
-# Connection to the couch databases. Will be used to store client credentials
-couchdb:
-  url: http://localhost:5984
-  database: sw360oauthclients
-  # if your couchdb does not use authentication, pls just don't use the settings for username and password
-  #username:
-  #password:
-
-spring:
-  jackson:
-    serialization:
-      indent_output: true
-
-# Common SW360 properties
-sw360:
-  # The url of the Liferay instance
-  sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
-  # The id of the company in Liferay that sw360 is run for
-  sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155}
-  # Allowed origins that should be set in the header
-  cors:
-    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
-security:
-  # Configuration for enabling authorization via headers, e.g. when using SSO
-  # in combination with a reverse proxy server
-  customheader:
-    headername:
-      # You have to enable authorization by headers explicitly here
-      enabled: false
-      # Attention: please make sure that the proxy is removing there headers
-      # if they are coming from anywhere else then the authentication server
-      intermediateauthstore: custom-header-auth-marker
-      email: authenticated-email
-      extid: authenticated-extid
-      # also available - at least in saml pre auth - are "givenname", "surname" and "department"
-
-  oauth2:
-    resource:
-      id: sw360-REST-API
-

rest/application.yml (/etc/sw360/rest/application.yml)

-

All of the following built-in properties can be overridden:

-
server:
-  port: 8091
-
-spring:
-  http:
-    multipart:
-      max-file-size: 500MB
-      max-request-size: 600MB
-
-  data:
-    rest:
-      base-path: /api
-
-# logging:
-#   level:
-#     org.springframework.web: DEBUG
-
-security:
-  oauth2:
-    resource:
-      id: sw360-REST-API
-      filter-order: 3
-      jwt:
-        keyValue: |
-          -----BEGIN PUBLIC KEY-----
-          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
-          VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
-          6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
-          5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
-          9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
-          d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
-          PQIDAQAB
-          -----END PUBLIC KEY-----
-
-sw360:
-  thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
-  test-user-id: admin@sw360.org
-  test-user-password: sw360-password
-  couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
-  cors:
-    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
- - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Configurable Property Keys | Eclipse SW360 +

Configurable Property Keys

SW360 Configurable property keys

Introduction

List of all applicable property files in sw360:

  • sw360.properties
  • fossology.properties
  • couchdb.properties
  • search.properties
  • orgmapping.properties
  • databasetest.properties
  • authorization/application.yml
  • rest/application.yml

SW360.properties (/etc/sw360/sw360.properties)

The following table shall give an overview about the general sw360 configuration settings.

Property KeyDefault
licenseinfo.spdxparser.use-license-info-from-filestrue/false
mainline.state.enabled.for.usertrue/false
key.auth.emailEMAIL
key.auth.extidEXTID
key.auth.givennameGIVENNAME
key.auth.surnameSURNAME
key.auth.departmentDEPARTMENT
backend.urlhttp://127.0.0.1:8080
cvesearch.vendor.threshold1
cvesearch.product.threshold0
cvesearch.cutoff6
combined.cli.parser.external.id.correlation.key-
schedule.cvesearch.firstOffset.seconds0
schedule.cvesearch.interval.seconds“(246060)”
autostart-
rest.write.access.usergroupSW360_ADMIN
rest.access.token.validity.seconds3600
rest.security.client.idsw360-trusted-client
rest.security.client.secretsw360-secret
programming.languagesActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON
software.platformsAdobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)
operating.systemsAndroid,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS
clearing.teamsorg1,org2,org3
stateActive,Phase out,Unknown
project.typeCustomer Project,Internal Project,Product,Service,Inner Source
project.externalkeysinternal.id
license.identifiers-
component.categoriesframework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml
component.externalkeyscom.github.id,com.gitlab.id,purl.id
custommap.project.rolesStakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user
custommap.component.rolesCommitter,Contributor,Expert
custommap.release.rolesCommitter,Contributor,Expert
custommap.release.externalIds-
release.externalkeysorg.maven.id,com.github.id,com.gitlab.id,purl.id
projectimport.hosts-
preferred.country.codesDE,AT,CH,US
MailUtil_from_No_Reply__@sw360.org
MailUtil_host-
MailUtil_port25
MailUtil_enableStarttlsfalse
MailUtil_enableSslfalse
MailUtil_isAuthenticationNecessarytrue
MailUtil_login-
MailUtil_password-
MailUtil_enableDebugfalse
MailUtil_supportMailAddress-
defaultBegin-
defaultEnd-
unsubscribeNoticeBefore-
unsubscribeNoticeAfter-

fossology.properties (/etc/sw360/fossology.properties)

These configuration parameters are necessary to connect to a fossology server.

Property KeyDefault
fossology.hostlocalhost
fossology.port22
fossology.usersw360
fossology.key.file/fossology.id_rsa
fossology.key.pub.file[fossology.key.file] + .pub

couchdb.properties (/etc/sw360/couchdb.properties)

CouchDB and Lucene serach configuration properties.

Property KeyDefault
couchdb.urlhttp://localhost:5984
couchdb.databasesw360db
couchdb.user-
couchdb.password-
couchdb.userdbsw360users
couchdb.attachmentssw360attachments
couchdb.fossologyKeyssw360fossologyKeys
couchdb.vulnerability_managementsw360vm
lucenesearch.limit25
lucenesearch.leading.wildcard*false

* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. (couchdb-lucene.ini is part of the couchdb-lucene .war package)
[lucene]
allowLeadingWildcard=true

search.properties (/etc/sw360/search.properties)

The following table shall give an overview about the specific search properties

Property KeyDefault
search.name.max.length64

orgmapping.properties (/etc/sw360/orgmapping.properties)

This configuration file is used to activate the sw360 orgmapping feature.

Property KeyDefault
match.prefixfalse
enable.custom.mappingfalse

databasetest.properties (/etc/sw360/databasetest.properties)

Just for couchdb database test purpose.

Property KeyDefault
couch_db_urlhttp://localhost:5984
couch_db_databasedatahandlertestdb
couchdb.username-
couchdb.password-

authorization/application.yml (/etc/sw360/authorization/application.yml)

All of the following built-in properties can be overridden:


+# Port to open in standalone mode
+server:
+  port: 8090
+
+# Connection to the couch databases. Will be used to store client credentials
+couchdb:
+  url: http://localhost:5984
+  database: sw360oauthclients
+  # if your couchdb does not use authentication, pls just don't use the settings for username and password
+  #username:
+  #password:
+
+spring:
+  jackson:
+    serialization:
+      indent_output: true
+
+# Common SW360 properties
+sw360:
+  # The url of the Liferay instance
+  sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
+  # The id of the company in Liferay that sw360 is run for
+  sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155}
+  # Allowed origins that should be set in the header
+  cors:
+    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
+security:
+  # Configuration for enabling authorization via headers, e.g. when using SSO
+  # in combination with a reverse proxy server
+  customheader:
+    headername:
+      # You have to enable authorization by headers explicitly here
+      enabled: false
+      # Attention: please make sure that the proxy is removing there headers
+      # if they are coming from anywhere else then the authentication server
+      intermediateauthstore: custom-header-auth-marker
+      email: authenticated-email
+      extid: authenticated-extid
+      # also available - at least in saml pre auth - are "givenname", "surname" and "department"
+
+  oauth2:
+    resource:
+      id: sw360-REST-API
+

rest/application.yml (/etc/sw360/rest/application.yml)

All of the following built-in properties can be overridden:

server:
+  port: 8091
+
+spring:
+  http:
+    multipart:
+      max-file-size: 500MB
+      max-request-size: 600MB
+
+  data:
+    rest:
+      base-path: /api
+
+# logging:
+#   level:
+#     org.springframework.web: DEBUG
+
+security:
+  oauth2:
+    resource:
+      id: sw360-REST-API
+      filter-order: 3
+      jwt:
+        keyValue: |
+          -----BEGIN PUBLIC KEY-----
+          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
+          VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
+          6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
+          5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
+          9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
+          d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
+          PQIDAQAB
+          -----END PUBLIC KEY-----
+
+sw360:
+  thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
+  test-user-id: admin@sw360.org
+  test-user-password: sw360-password
+  couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
+  cors:
+    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-cve-search/index.html b/docs/deployment/deploy-cve-search/index.html index 635a4ac..835869b 100644 --- a/docs/deployment/deploy-cve-search/index.html +++ b/docs/deployment/deploy-cve-search/index.html @@ -1,879 +1,141 @@ - - - - - - - - - - - - - - - - - - - - -CVE Scheduler | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

CVE Scheduler

-
SW360 CVE Schedules
-
- - - - - - - - - - - - - -
-

How to use SW360 CVE schedule

-

SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.
-Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.

- -

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.

-

Docker Installation Github repo

-

Only clone and “docker-compose up”.

-
 $ git clone https://github.com/cve-search/CVE-Search-Docker.git
- $ cd CVE-Search-Docker
- $ docker-compose up 
-
-
    -
  1. Clone source
    2. -
-
    $ git clone https://github.com/cve-search/cve-search
-    $ cd cve-search
-    $ git checkout {tag/branch}
-
    -
  1. Install system requirements
    2. -
-
    $ sudo apt-get install -y < requirements.system
-
    -
  1. Install CVE-Search and its Python dependencies
    2. -
-
    pip3 install -r requirements.txt
-
    -
  1. Install mongodb
    2. -
-

-    $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
-
-    $ codename=$(lsb_release --codename --short)
-
-    $ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu ${codename}/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
-
    $ sudo apt-get update
-    
-    $ sudo apt-get install -y mongodb-org
-
-    $ sudo systemctl daemon-reload
-
-    $ sudo systemctl start mongod
-
-    # Verify status of mongodb
-    $ sudo systemctl status mongod
-
-    # if all is ok, enable mongodb to start on system startup
-    $ sudo systemctl enable mongod
-
    -
  1. Populating the database
    2. -
-
    $ sudo apt-get install redis redis-server
-
-    #modify: stop-writes-on-bgsave-error yes -> no
-    $ sudo vim /etc/redis/redis.conf
-
-    $ sudo systemctl daemon-reload
-
-    $ sudo systemctl restart redis
-
-    $ ./sbin/db_mgmt_cpe_dictionary.py -p
-    
-    $ ./sbin/db_mgmt_json.py -p
-    
-    $ ./sbin/db_updater.py -c # This will take > 45minutes on a decent machine, please be patient
-
    -
  1. Updating the database
    2. -
-
    $ ./sbin/db_updater.py -v
-
    -
  1. Starting and stopping the web-server
    2. -
-
    # Install psutil >= 5.7.0
-    $ pip3 install psutil>=5.7.0
-
-    # Starting web server
-    $ python3 web/index.py
-

Default Web server: http://localhost:5000

-

To stop the server, press the CTRL+C

-

Note: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust

-
    $ cd cve-search
-    $ cp etc/configuration.ini.sample etc/configuration.ini
-    $ vim etc/configuration.ini
-

Setup SW360 with CVE server

-
    -
  1. Change default CVE server
    2. -
-

Change cvesearch.host with CVE server address.

-
    $ vim ${SW360_DIR_INSTALL}/backend/src/src-cvesearch/src/main/resources/cvesearch.properties
-
    -
  1. Setting for schedule the CVE service
    2. -
-

The offset (first run of the update) and the interval between updates can also be adjusted.

-
    $ vim ${SW360_DIR_INSTALL}/backend/src/src-schedule/src/main/resources/sw360.properties
-

The offset has to be given in seconds since midnight and also the interval has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).

-

According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start autostart = cvesearchService

-
    -
  1. Schedule task Adminstration
    2. -
-

View and start/stop schedule

-

Click Admin > Schedule

-

Reference

-

CVE guide: [https://cve-search.github.io/cve-search/database/database.html]

-

User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]

- - - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +CVE Scheduler | Eclipse SW360 +

CVE Scheduler

SW360 CVE Schedules

How to use SW360 CVE schedule

SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.
Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.

Docker Installation Github repo

Only clone and “docker-compose up”.

 $ git clone https://github.com/cve-search/CVE-Search-Docker.git
+ $ cd CVE-Search-Docker
+ $ docker-compose up 
+
  1. Clone source
    $ git clone https://github.com/cve-search/cve-search
+    $ cd cve-search
+    $ git checkout {tag/branch}
+
  1. Install system requirements
    $ sudo apt-get install -y < requirements.system
+
  1. Install CVE-Search and its Python dependencies
    pip3 install -r requirements.txt
+
  1. Install mongodb

+    $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
+
+    $ codename=$(lsb_release --codename --short)
+
+    $ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu ${codename}/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+
    $ sudo apt-get update
+    
+    $ sudo apt-get install -y mongodb-org
+
+    $ sudo systemctl daemon-reload
+
+    $ sudo systemctl start mongod
+
+    # Verify status of mongodb
+    $ sudo systemctl status mongod
+
+    # if all is ok, enable mongodb to start on system startup
+    $ sudo systemctl enable mongod
+
  1. Populating the database
    $ sudo apt-get install redis redis-server
+
+    #modify: stop-writes-on-bgsave-error yes -> no
+    $ sudo vim /etc/redis/redis.conf
+
+    $ sudo systemctl daemon-reload
+
+    $ sudo systemctl restart redis
+
+    $ ./sbin/db_mgmt_cpe_dictionary.py -p
+    
+    $ ./sbin/db_mgmt_json.py -p
+    
+    $ ./sbin/db_updater.py -c # This will take > 45minutes on a decent machine, please be patient
+
  1. Updating the database
    $ ./sbin/db_updater.py -v
+
  1. Starting and stopping the web-server
    # Install psutil >= 5.7.0
+    $ pip3 install psutil>=5.7.0
+
+    # Starting web server
+    $ python3 web/index.py
+

Default Web server: http://localhost:5000

To stop the server, press the CTRL+C

Note: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust

    $ cd cve-search
+    $ cp etc/configuration.ini.sample etc/configuration.ini
+    $ vim etc/configuration.ini
+

Setup SW360 with CVE server

  1. Change default CVE server

Change cvesearch.host with CVE server address.

    $ vim ${SW360_DIR_INSTALL}/backend/src/src-cvesearch/src/main/resources/cvesearch.properties
+
  1. Setting for schedule the CVE service

The offset (first run of the update) and the interval between updates can also be adjusted.

    $ vim ${SW360_DIR_INSTALL}/backend/src/src-schedule/src/main/resources/sw360.properties
+

The offset has to be given in seconds since midnight and also the interval has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).

According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start autostart = cvesearchService

  1. Schedule task Adminstration

View and start/stop schedule

Click Admin > Schedule

Reference

CVE guide: [https://cve-search.github.io/cve-search/database/database.html]

User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]

Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-export-and-import/index.html b/docs/deployment/deploy-export-and-import/index.html index 2bf6f3d..db3b986 100644 --- a/docs/deployment/deploy-export-and-import/index.html +++ b/docs/deployment/deploy-export-and-import/index.html @@ -1,899 +1,133 @@ - - - - - - - - - - - - - - - - - - - - -Export and Import | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Export and Import

-
SW360 Export and Import
-
- - - - - - - - - - - - - -
- 
- note that only export and import of users is active,
-- everything else is deprecated functionality.
-- The export and import functionality has not been
-- updated at some point and thus will not function
-- properly anymore.
-

Full Export

-

The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. -e.g.

-
http://localhost:5984/_utils/config.html
-

under

-
view_index_dir  /var/lib/couchdb
+Export and Import | Eclipse SW360
+
Export and Import
SW360 Export and Import
- note that only export and import of users is active,
+- everything else is deprecated functionality.
+- The export and import functionality has not been
+- updated at some point and thus will not function
+- properly anymore.
+
Full Export
The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon.
+e.g.
http://localhost:5984/_utils/config.html
+
under
view_index_dir  /var/lib/couchdb
 
This method of exporting has the advantage that all Ids remain the same.
-An equally simple method it to use the Couch-DB replicator from Futon.

-
This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with

-
https://github.com/couchapp/couchapp
-
and then follows the instructions from

-
http://harthur.github.io/costco/
-
and

-
couchapp push . http://localhost:5984/sw360users
-
then you go to

-
http://localhost:5984/sw360users/_design/costco/index.html
-
and you can run functions like:

-
function(doc) {
-  if (doc.type == 'user') {
-    if(doc.fullname == 'Homer J. Simons') {
-       doc.fullname =  'Homer Jay Simons';
-    }
-  }
-  return doc;
-}
-
You can also change the names of properties, e.g.

-
function(doc) {
-  if (doc.type == 'user') {
-    if(doc.fullname ) {
-       doc.fullname2 = doc.fullname;
-       delete doc.fullname;
-      }
-  }
-  return doc;
-}
-
CSV Export

-
Users

-
The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.

-
Projects

-
There is no CSV export or import for projects currently.

-
Components and Releases

-
To Export the components and releases you need to do the following:
+An equally simple method it to use the Couch-DB replicator from Futon.
This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with
https://github.com/couchapp/couchapp
+
and then follows the instructions from
http://harthur.github.io/costco/
+
and
couchapp push . http://localhost:5984/sw360users
+
then you go to
http://localhost:5984/sw360users/_design/costco/index.html
+
and you can run functions like:
function(doc) {
+  if (doc.type == 'user') {
+    if(doc.fullname == 'Homer J. Simons') {
+       doc.fullname =  'Homer Jay Simons';
+    }
+  }
+  return doc;
+}
+
You can also change the names of properties, e.g.
function(doc) {
+  if (doc.type == 'user') {
+    if(doc.fullname ) {
+       doc.fullname2 = doc.fullname;
+       delete doc.fullname;
+      }
+  }
+  return doc;
+}
+
CSV Export
Users
The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.
Projects
There is no CSV export or import for projects currently.
Components and Releases
To Export the components and releases you need to do the following:
 As Components and Releases are identified by their identifier ([name] or [name(version)]), these identifiers need to be unique. When importing duplicates in the identifiers are ignored and they are also not exported.
-Therefore in the admin page you can check the database for such duplicates.

-
After that “Download Component CSV” creates a CSV with components, releases and their source attachments.
+Therefore in the admin page you can check the database for such duplicates.
After that “Download Component CSV” creates a CSV with components, releases and their source attachments.
 The source attachments are created if the “DownloadURL” is a valid url.
 These remote-only attachments will be download once the first download request occurs.
-If the URL does not exist you get an error.

-
Alternatively you can use

-
sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java
+If the URL does not exist you get an error.
Alternatively you can use
sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java
 
to bulk download the source only attachments.
-The command line call to use it from the Siemens network looks like this:

-
 java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d
-
Attachments

-
Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.

-
The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.

-
This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.

-
The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.

-
If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.

-
If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.

-
In general this should only be necessary if errors have occurred.
-It is a good idea to run this before you export the attachments.

-
-
Links between releases can be exported or imported.
+The command line call to use it from the Siemens network looks like this:
 java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d
+
Attachments
Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.
The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.
This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.
The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.
If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.
If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.
In general this should only be necessary if errors have occurred.
+It is a good idea to run this before you export the attachments.
Links between releases can be exported or imported.
 Because release links are stored in maps, the procedure is idempotent by construction.
-The old links are overwritten with the imported data.

-
Suggested Order for Exports

-
    
-
  1. Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)
    2. 
-
  2. Clean up the attachments
    3. 
-
  3. Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)
    4. 
-
  4. Export the Users, Components, Attachment Infos and release links
    5. 
-
  5. copy the sw360attachments.couch, this might be a huge files
    6. 
-

-
Suggested Order for Imports

-
On a fresh installation

-
    
-
  1. Copy the sw360attachments.couch in its place
    2. 
-
  2. Start the licenses importer
    3. 
-
  3. restart the backend to make the design documents available and boot the frontend
    4. 
-
  4. Import the users
    5. 
-
  5. Import the component CSV
    6. 
-
  6. Import the Attachment Infos
    7. 
-
  7. Import the Release Link Infos.
    8. 
-

-
Regular Maintenance Operations

-
    
-
  1. Run the attachments clean up
    2. 
-
  2. Resolve name crashes with the search for duplicate Identifiers
    3. 
-

-
Imports on a running instance

-
    
-
  1. New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.
    2. 
-
  2. Users can be added via CSV.
    3. 
-
  3. Release links can be added via CSV, duplicates overwrite existing links
    4. 
-

-
Attachments should not be imported on a running instance!
+The old links are overwritten with the imported data.
Suggested Order for Exports
  1. Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)
  2. Clean up the attachments
  3. Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)
  4. Export the Users, Components, Attachment Infos and release links
  5. copy the sw360attachments.couch, this might be a huge files
Suggested Order for Imports
On a fresh installation
  1. Copy the sw360attachments.couch in its place
  2. Start the licenses importer
  3. restart the backend to make the design documents available and boot the frontend
  4. Import the users
  5. Import the component CSV
  6. Import the Attachment Infos
  7. Import the Release Link Infos.
Regular Maintenance Operations
  1. Run the attachments clean up
  2. Resolve name crashes with the search for duplicate Identifiers
Imports on a running instance
  1. New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.
  2. Users can be added via CSV.
  3. Release links can be added via CSV, duplicates overwrite existing links
Attachments should not be imported on a running instance!
 This should not break much, as without the entries in the couchDB there will be no import.
 But potentially remote-only Attachments get deleted.
-Nevertheless this scenario is not intended and maybe there are unforeseen side effects.

-
Troubleshooting

-
Import failing in the Backend: No Department

-
The import fails with some error message that a user does not have a department?

-
    
-
  1. First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.
    2. 
-
  2. If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the “sw360users” database in couchdb.
    3. 
-
  3. Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.
    4. 
-

-
-	
-	
-	

-  Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
-

-
-

-
-
-          

-        

-      

-      
-
-
-    

-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+Nevertheless this scenario is not intended and maybe there are unforeseen side effects.
Troubleshooting
Import failing in the Backend: No Department
The import fails with some error message that a user does not have a department?
  1. First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.
  2. If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the “sw360users” database in couchdb.
  3. Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.
Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-initial-setup18/index.html b/docs/deployment/deploy-initial-setup18/index.html index bfeb9b9..1d35b2e 100644 --- a/docs/deployment/deploy-initial-setup18/index.html +++ b/docs/deployment/deploy-initial-setup18/index.html @@ -1,935 +1,101 @@ - - - - - - - - - - - - - - - - - - - - -SW360 18.x.x Series Initial Setup | Eclipse SW360 -SW360 18.x.x Series Initial Setup | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

SW360 18.x.x Series Initial Setup

- -
- - - - - - - - - - - - - -
-

After successful , Then if you open the server with the URL https://localhost:8080/ the following screen should appear:

- -
- -
- -

Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

- -
- -
- -

After login the sw360 is not setup, thus the server does not display much, but a screen like the following:

- -
- -
- -

User and Login Settings in Liferay

-

Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:

- -
- -
- -

Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.

- -
- -
- -

Then, go: in Configuration > Instance Settings > Users >

- -
- -
- -

In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:

- -
- -
- -

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.

- -
- -
- -

Finally, sice Liferay 7.4 some of the bundled modules need to be activated:

-
    -
  • jquery
    • -
  • font awesome
    • -
-

In oder to do this, please select from the Configuration > System Settings > Third Party and go to jquery, select the enablement and click on Update:

- -
- -
- -

Do the same for Font Awesome:

- -
- -
- -

Note that you need to reload the browser or load a new browser window to take changes to effect.

-

Setup SW360 for Liferay: Import *.lar Files

-

For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

-

In order to go ahead, switch to the SW360 area where you can apply site settings:

- -
- -
- -

The go into > Publishing > Import which shows like this:

- -
- -
- -

Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

- -
- -
- -

As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

- -
- -
- -

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

-

After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

- -
- -
- -

Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

- -
- -
- -

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:

- -
- -
- -

You can close the left menu area by clicking on the upper left icon:

- -
- -
- -

Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

-

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

- -
- -
- -

Create User Accounts for Test

-

Click the SW360 Admin menu which is_the right and selection the User item.

- -
- -
- -

Create at least one user with Admin properties. Example:

- -
- -
- -

Real Login

-

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.

- -
- -
- -

After the successful login, SW360 will look as follows.

- -
- -
- - - - -
- Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +After login the sw360 is not setup, thus the server does not display much, but a screen like the following:"> +

SW360 18.x.x Series Initial Setup

After successful , Then if you open the server with the URL https://localhost:8080/ the following screen should appear:

Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

After login the sw360 is not setup, thus the server does not display much, but a screen like the following:

User and Login Settings in Liferay

Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:

Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.

Then, go: in Configuration > Instance Settings > Users >

In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.

Finally, sice Liferay 7.4 some of the bundled modules need to be activated:

  • jquery
  • font awesome

In oder to do this, please select from the Configuration > System Settings > Third Party and go to jquery, select the enablement and click on Update:

Do the same for Font Awesome:

Note that you need to reload the browser or load a new browser window to take changes to effect.

Setup SW360 for Liferay: Import *.lar Files

For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

In order to go ahead, switch to the SW360 area where you can apply site settings:

The go into > Publishing > Import which shows like this:

Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:

You can close the left menu area by clicking on the upper left icon:

Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

Create User Accounts for Test

Click the SW360 Admin menu which is_the right and selection the User item.

Create at least one user with Admin properties. Example:

Real Login

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.

After the successful login, SW360 will look as follows.

Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-requirements/index.html b/docs/deployment/deploy-requirements/index.html index c2ee458..ffab50a 100644 --- a/docs/deployment/deploy-requirements/index.html +++ b/docs/deployment/deploy-requirements/index.html @@ -1,891 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -System Requirements | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

System Requirements

-
SW360 minimal system requirements based on system class
-
- - - - - - - - - - - - - -
-

For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see $TOMCAT_HOME/bin/setenv.sh).

-

Please note that you can review the current memory situation of the application in the liferay administration section as well (see Configuration-> Server Administration).

-

Hardware and Infrastructure

-

CD-based test instances

-

When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended:

-
    -
  • 1 core
    • -
  • 4GB RAM
    • -
  • 40GB normal file system
    • -
  • 10Mbit Ethernet link
    • -
-

In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB.

-

Staging instances

-

Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set.

-
    -
  • 2 cores
    • -
  • 8GB RAM
    • -
  • 500GB normal file system
    • -
  • 100Mbit Ethernet link
    • -
-

The tomcat should be adjusted to 4GB RAM

-

Productive instances

-

Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup.

-
    -
  • 4 cores
    • -
  • 16GB RAM
    • -
  • 500GB SSD based file system
    • -
  • 1GBit link Ethernet link
    • -
-

Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder.

-

Network

-

The following table shall give an overview about the inbound ports

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PortServiceRemarks
443httpsAccessing the application
22sshAdministering the application
80httpif you would like to access the solution over http
5984/5985http/httpsif access to the couchdb (admin) interface is required
-

Overview about the additional outbound ports:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PortServiceRemarks
3269sldapIf you do authentication using secure LDAP
443sldapIf you do consume services over https (e.g. vulnerabilty pulling)
53dns
22sshthe old way of calling a fossology server
-

Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound.

-

Software:

-

As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development:

-

until 5:

-
    -
  • OpenJDK 8
    • -
  • Unbunu 16.04 LTS
    • -
-

after 5:

-
    -
  • openjdk 8
    • -
  • ubuntu 18.04 LTS
    • -
-

after 11:

-
    -
  • openjdk 11
    • -
  • ubuntu 18.04 LTS
    • -
-

More information about requirements can be found here: https://github.com/sw360/sw360vagrant/wiki

- - - -
- Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +System Requirements | Eclipse SW360 +

System Requirements

SW360 minimal system requirements based on system class

For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see $TOMCAT_HOME/bin/setenv.sh).

Please note that you can review the current memory situation of the application in the liferay administration section as well (see Configuration-> Server Administration).

Hardware and Infrastructure

CD-based test instances

When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended:

  • 1 core
  • 4GB RAM
  • 40GB normal file system
  • 10Mbit Ethernet link

In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB.

Staging instances

Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set.

  • 2 cores
  • 8GB RAM
  • 500GB normal file system
  • 100Mbit Ethernet link

The tomcat should be adjusted to 4GB RAM

Productive instances

Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup.

  • 4 cores
  • 16GB RAM
  • 500GB SSD based file system
  • 1GBit link Ethernet link

Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder.

Network

The following table shall give an overview about the inbound ports

PortServiceRemarks
443httpsAccessing the application
22sshAdministering the application
80httpif you would like to access the solution over http
5984/5985http/httpsif access to the couchdb (admin) interface is required

Overview about the additional outbound ports:

PortServiceRemarks
3269sldapIf you do authentication using secure LDAP
443sldapIf you do consume services over https (e.g. vulnerabilty pulling)
53dns
22sshthe old way of calling a fossology server

Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound.

Software:

As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development:

until 5:

  • OpenJDK 8
  • Unbunu 16.04 LTS

after 5:

  • openjdk 8
  • ubuntu 18.04 LTS

after 11:

  • openjdk 11
  • ubuntu 18.04 LTS

More information about requirements can be found here: https://github.com/sw360/sw360vagrant/wiki

Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-secure-deployment/index.html b/docs/deployment/deploy-secure-deployment/index.html index 0a7b515..c9d2341 100644 --- a/docs/deployment/deploy-secure-deployment/index.html +++ b/docs/deployment/deploy-secure-deployment/index.html @@ -1,799 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -Security | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Security

-
SW360 security checklist pre and post deployment
-
- - - - - - - - - - - - - -
-

After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components:

-
    -
  • Lifearay
    • -
  • Tomcat
    • -
  • Couchdb
    • -
-

For the applications, the following very first line measure should be considered:

-
    -
  • -

    Change password of Liferay administrator user or check if that is appropriately secure.

    -
    • -
  • -

    You should check the permissions of the involved users in the user management in Liferay.

    -
    • -
  • -

    Assign individual passwords for users, also you could force the users to change their passwords at login if you like.

    -
    • -
  • -

    Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only.

    -
    • -
  • -

    Also for Tomcat you limit port access from localhost only.

    -
    • -
  • -

    Do you need the ssh ports open or can you just go to the machine (physically).

    -
    • -
  • -

    Fix the admin party on couchdb

    -
    • -
  • -

    Add https access to couchdb

    -
    • -
  • -

    check that sw360 runtime user does not have sudo rights and config files for sw360 are 600 only.

    -
    • -
- - - -
- Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Security | Eclipse SW360 +

Security

SW360 security checklist pre and post deployment

After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components:

  • Lifearay
  • Tomcat
  • Couchdb

For the applications, the following very first line measure should be considered:

  • Change password of Liferay administrator user or check if that is appropriately secure.

  • You should check the permissions of the involved users in the user management in Liferay.

  • Assign individual passwords for users, also you could force the users to change their passwords at login if you like.

  • Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only.

  • Also for Tomcat you limit port access from localhost only.

  • Do you need the ssh ports open or can you just go to the machine (physically).

  • Fix the admin party on couchdb

  • Add https access to couchdb

  • check that sw360 runtime user does not have sudo rights and config files for sw360 are 600 only.

Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
+ + + \ No newline at end of file diff --git a/docs/deployment/deploy-specialdeployment/index.html b/docs/deployment/deploy-specialdeployment/index.html index 80974fb..77c6ecb 100644 --- a/docs/deployment/deploy-specialdeployment/index.html +++ b/docs/deployment/deploy-specialdeployment/index.html @@ -1,771 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Special Deployment Guides | Eclipse SW360 -Special Deployment Guides | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Special Deployment Guides

- -
- - - - - - - - - - - - - -
-

General Deployment Guides

- - - - -
- Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +"> +

Special Deployment Guides

General Deployment Guides

Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6)
+ + + \ No newline at end of file diff --git a/docs/deployment/index.html b/docs/deployment/index.html index dd3b035..2345943 100644 --- a/docs/deployment/index.html +++ b/docs/deployment/index.html @@ -1,898 +1,90 @@ - - - - - - - - - - - - - - - - - - - - - -Deployment | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Deployment

-
SW360 Deployment Guides
-
- - - - - - - - - - - - - -
- -

For current SW360 deployment is recommended use docker compose, as base setup of the necessary third party tools are present.

-

You can find SW360 official docker-compose reference here.

-

This docker compose comes with default admin passwords for couchdb and postgres. Is recommended for production to customize this file.

-

Donload the file mentioned above an just run:

-
docker compose -d
-

Three nested docker containers will be created for sw360, couchdb and postgres, and the respective volumes for the containers. They run in a closed sw360 docker network.

-

After this, you need to execute the 18.x.x. series initial setup

-

General Topics

- -

Special Topics

-

After install and setup sw360, this are possible topice to be considered:

- - -
- - - - - - - - -
- - -
-
- Bare Metal -
-

SW360 Bare Metal Deployment

-
- - -
-
- Upgrade from previous instances -
-

SW360 Bare Metal Deployment

-
- - -
-
- Legacy Deployment Guides -
-

SW360 Legacy deployment guides

-
- - -
-
- Authorization Concept -
-

Describe different roles of authorization concepts on SW360

-
- - -
-
- Configurable Property Keys -
-

SW360 Configurable property keys

-
- - -
-
- Configuring Country Codes -
-

SW360 provides a feature for showing country codes and country names

-
- - -
-
- CVE Scheduler -
-

SW360 CVE Schedules

-
- - -
-
- Export and Import -
-

SW360 Export and Import

-
- - -
-
- Security -
-

SW360 security checklist pre and post deployment

-
- - -
-
- Special Deployment Guides -
-

-
- - -
-
- SW360 18.x.x Series Initial Setup -
-

-
- - -
-
- System Requirements -
-

SW360 minimal system requirements based on system class

-
- - -
- - - -
- Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
- -
- -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Deployment | Eclipse SW360 +

Deployment

SW360 Deployment Guides

For current SW360 deployment is recommended use docker compose, as base setup of the necessary third party tools are present.

You can find SW360 official docker-compose reference here.

This docker compose comes with default admin passwords for couchdb and postgres. Is recommended for production to customize this file.

Donload the file mentioned above an just run:

docker compose -d
+

Three nested docker containers will be created for sw360, couchdb and postgres, and the respective volumes for the containers. They run in a closed sw360 docker network.

After this, you need to execute the 18.x.x. series initial setup

General Topics

Special Topics

After install and setup sw360, this are possible topice to be considered:

Bare Metal

SW360 Bare Metal Deployment

Upgrade from previous instances

SW360 Bare Metal Deployment

Legacy Deployment Guides

SW360 Legacy deployment guides

Authorization Concept

Describe different roles of authorization concepts on SW360

Configurable Property Keys

SW360 Configurable property keys

Configuring Country Codes

SW360 provides a feature for showing country codes and country names

CVE Scheduler

SW360 CVE Schedules

Export and Import

SW360 Export and Import

Security

SW360 security checklist pre and post deployment

Special Deployment Guides

SW360 18.x.x Series Initial Setup

System Requirements

SW360 minimal system requirements based on system class

Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
+ + + \ No newline at end of file diff --git a/docs/deployment/index.xml b/docs/deployment/index.xml index cd5e50e..ee67466 100644 --- a/docs/deployment/index.xml +++ b/docs/deployment/index.xml @@ -1,1210 +1,993 @@ - - - Eclipse SW360 – Deployment - https://www.eclipse.org/sw360/docs/deployment/ - Recent content in Deployment on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Bare Metal - https://www.eclipse.org/sw360/docs/deployment/baremetal/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/baremetal/ - - - - - - - - - Docs: Upgrade from previous instances - https://www.eclipse.org/sw360/docs/deployment/upgrading/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/ - - - - - - - - - Docs: Legacy Deployment Guides - https://www.eclipse.org/sw360/docs/deployment/legacy/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/ - - - - - - - - - Docs: Authorization Concept - https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ - - - - <p>The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: <a href="https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model">role and access model</a></p> -<h2 id="roles-overview">Roles Overview</h2> -<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> -<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> -<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> -<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> -<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the <code>SW360_ADMIN</code> role to allow users of this role to promote other users&rsquo;s roles, follow these steps:</p> -<ol> -<li>Go to control panel</li> -<li>Select the <code>Users</code> section</li> -<li>To subsection <code>Roles</code></li> -<li>Select row for <code>SW360 Admin</code> and select action <code>Define permissions</code>.</li> -</ol> -<p>When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.</p> -<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> -<p>The clearing admin can change all component and release records and project records of the same group.</p> -<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> -<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> -<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> -<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> -<h4 id="user">User</h4> -<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> -<h4 id="summary">Summary</h4> -<h3 id="moderation-requests">Moderation Requests</h3> -<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> - - - - - - Docs: Configurable Property Keys - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ - - - - <h3 id="introduction">Introduction</h3> -<p>List of all applicable property files in sw360:</p> -<ul> -<li>sw360.properties</li> -<li>fossology.properties</li> -<li>couchdb.properties</li> -<li>search.properties</li> -<li>orgmapping.properties</li> -<li>databasetest.properties</li> -<li>authorization/application.yml</li> -<li>rest/application.yml</li> -</ul> -<h3 id="sw360properties-etcsw360sw360properties">SW360.properties (/etc/sw360/sw360.properties)</h3> -<p>The following table shall give an overview about the general sw360 configuration settings.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">licenseinfo.spdxparser.use-license-info-from-files</td> -<td style="text-align:left">true/false</td> -</tr> -<tr> -<td style="text-align:left">mainline.state.enabled.for.user</td> -<td style="text-align:left">true/false</td> -</tr> -<tr> -<td style="text-align:left">key.auth.email</td> -<td style="text-align:left">EMAIL</td> -</tr> -<tr> -<td style="text-align:left">key.auth.extid</td> -<td style="text-align:left">EXTID</td> -</tr> -<tr> -<td style="text-align:left">key.auth.givenname</td> -<td style="text-align:left">GIVENNAME</td> -</tr> -<tr> -<td style="text-align:left">key.auth.surname</td> -<td style="text-align:left">SURNAME</td> -</tr> -<tr> -<td style="text-align:left">key.auth.department</td> -<td style="text-align:left">DEPARTMENT</td> -</tr> -<tr> -<td style="text-align:left">backend.url</td> -<td style="text-align:left">http://127.0.0.1:8080</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.vendor.threshold</td> -<td style="text-align:left">1</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.product.threshold</td> -<td style="text-align:left">0</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.cutoff</td> -<td style="text-align:left">6</td> -</tr> -<tr> -<td style="text-align:left">combined.cli.parser.external.id.correlation.key</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">schedule.cvesearch.firstOffset.seconds</td> -<td style="text-align:left">0</td> -</tr> -<tr> -<td style="text-align:left">schedule.cvesearch.interval.seconds</td> -<td style="text-align:left">&ldquo;(24<em>60</em>60)&rdquo;</td> -</tr> -<tr> -<td style="text-align:left">autostart</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">rest.write.access.usergroup</td> -<td style="text-align:left">SW360_ADMIN</td> -</tr> -<tr> -<td style="text-align:left">rest.access.token.validity.seconds</td> -<td style="text-align:left">3600</td> -</tr> -<tr> -<td style="text-align:left">rest.security.client.id</td> -<td style="text-align:left">sw360-trusted-client</td> -</tr> -<tr> -<td style="text-align:left">rest.security.client.secret</td> -<td style="text-align:left">sw360-secret</td> -</tr> -<tr> -<td style="text-align:left">programming.languages</td> -<td style="text-align:left">ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON</td> -</tr> -<tr> -<td style="text-align:left">software.platforms</td> -<td style="text-align:left">Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)</td> -</tr> -<tr> -<td style="text-align:left">operating.systems</td> -<td style="text-align:left">Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS</td> -</tr> -<tr> -<td style="text-align:left">clearing.teams</td> -<td style="text-align:left">org1,org2,org3</td> -</tr> -<tr> -<td style="text-align:left">state</td> -<td style="text-align:left">Active,Phase out,Unknown</td> -</tr> -<tr> -<td style="text-align:left">project.type</td> -<td style="text-align:left">Customer Project,Internal Project,Product,Service,Inner Source</td> -</tr> -<tr> -<td style="text-align:left">project.externalkeys</td> -<td style="text-align:left">internal.id</td> -</tr> -<tr> -<td style="text-align:left">license.identifiers</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">component.categories</td> -<td style="text-align:left">framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml</td> -</tr> -<tr> -<td style="text-align:left">component.externalkeys</td> -<td style="text-align:left">com.github.id,com.gitlab.id,purl.id</td> -</tr> -<tr> -<td style="text-align:left">custommap.project.roles</td> -<td style="text-align:left">Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user</td> -</tr> -<tr> -<td style="text-align:left">custommap.component.roles</td> -<td style="text-align:left">Committer,Contributor,Expert</td> -</tr> -<tr> -<td style="text-align:left">custommap.release.roles</td> -<td style="text-align:left">Committer,Contributor,Expert</td> -</tr> -<tr> -<td style="text-align:left">custommap.release.externalIds</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">release.externalkeys</td> -<td style="text-align:left">org.maven.id,com.github.id,com.gitlab.id,purl.id</td> -</tr> -<tr> -<td style="text-align:left">projectimport.hosts</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">preferred.country.codes</td> -<td style="text-align:left">DE,AT,CH,US</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_from</td> -<td style="text-align:left">_<a href="mailto:No_Reply__@sw360.org">No_Reply__@sw360.org</a></td> -</tr> -<tr> -<td style="text-align:left">MailUtil_host</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_port</td> -<td style="text-align:left">25</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableStarttls</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableSsl</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_isAuthenticationNecessary</td> -<td style="text-align:left">true</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_login</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_password</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableDebug</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_supportMailAddress</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">defaultBegin</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">defaultEnd</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">unsubscribeNoticeBefore</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">unsubscribeNoticeAfter</td> -<td style="text-align:left">-</td> -</tr> -</tbody> -</table> -<h3 id="fossologyproperties-etcsw360fossologyproperties">fossology.properties (/etc/sw360/fossology.properties)</h3> -<p>These configuration parameters are necessary to connect to a fossology server.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">fossology.host</td> -<td style="text-align:left">localhost</td> -</tr> -<tr> -<td style="text-align:left">fossology.port</td> -<td style="text-align:left">22</td> -</tr> -<tr> -<td style="text-align:left">fossology.user</td> -<td style="text-align:left">sw360</td> -</tr> -<tr> -<td style="text-align:left">fossology.key.file</td> -<td style="text-align:left">/fossology.id_rsa</td> -</tr> -<tr> -<td style="text-align:left">fossology.key.pub.file</td> -<td style="text-align:left">[fossology.key.file] + .pub</td> -</tr> -</tbody> -</table> -<h3 id="couchdbproperties-etcsw360couchdbproperties">couchdb.properties (/etc/sw360/couchdb.properties)</h3> -<p>CouchDB and Lucene serach configuration properties.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">couchdb.url</td> -<td style="text-align:left">http://localhost:5984</td> -</tr> -<tr> -<td style="text-align:left">couchdb.database</td> -<td style="text-align:left">sw360db</td> -</tr> -<tr> -<td style="text-align:left">couchdb.user</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.password</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.userdb</td> -<td style="text-align:left">sw360users</td> -</tr> -<tr> -<td style="text-align:left">couchdb.attachments</td> -<td style="text-align:left">sw360attachments</td> -</tr> -<tr> -<td style="text-align:left">couchdb.fossologyKeys</td> -<td style="text-align:left">sw360fossologyKeys</td> -</tr> -<tr> -<td style="text-align:left">couchdb.vulnerability_management</td> -<td style="text-align:left">sw360vm</td> -</tr> -<tr> -<td style="text-align:left">lucenesearch.limit</td> -<td style="text-align:left">25</td> -</tr> -<tr> -<td style="text-align:left">lucenesearch.leading.wildcard*</td> -<td style="text-align:left">false</td> -</tr> -</tbody> -</table> -<blockquote> -<p>* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. <em>(couchdb-lucene.ini is part of the couchdb-lucene .war package)</em> <br> -[lucene] <br> -allowLeadingWildcard=true</p> -</blockquote> -<h3 id="searchproperties-etcsw360searchproperties">search.properties (/etc/sw360/search.properties)</h3> -<p>The following table shall give an overview about the specific search properties</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">search.name.max.length</td> -<td style="text-align:left">64</td> -</tr> -</tbody> -</table> -<h3 id="orgmappingproperties-etcsw360orgmappingproperties">orgmapping.properties (/etc/sw360/orgmapping.properties)</h3> -<p>This configuration file is used to activate the sw360 orgmapping feature.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">match.prefix</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">enable.custom.mapping</td> -<td style="text-align:left">false</td> -</tr> -</tbody> -</table> -<h3 id="databasetestproperties-etcsw360databasetestproperties">databasetest.properties (/etc/sw360/databasetest.properties)</h3> -<p>Just for couchdb database test purpose.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">couch_db_url</td> -<td style="text-align:left">http://localhost:5984</td> -</tr> -<tr> -<td style="text-align:left">couch_db_database</td> -<td style="text-align:left">datahandlertestdb</td> -</tr> -<tr> -<td style="text-align:left">couchdb.username</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.password</td> -<td style="text-align:left">-</td> -</tr> -</tbody> -</table> -<h3 id="authorizationapplicationyml-etcsw360authorizationapplicationyml">authorization/application.yml (/etc/sw360/authorization/application.yml)</h3> -<p>All of the following built-in properties can be overridden:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Port to open in standalone mode -</span></span><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8090 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials -</span></span><span style="display:flex;"><span>couchdb: -</span></span><span style="display:flex;"><span> url: http://localhost:5984 -</span></span><span style="display:flex;"><span> database: sw360oauthclients -</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password -</span></span><span style="display:flex;"><span> #username: -</span></span><span style="display:flex;"><span> #password: -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> jackson: -</span></span><span style="display:flex;"><span> serialization: -</span></span><span style="display:flex;"><span> indent_output: true -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Common SW360 properties -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> # The url of the Liferay instance -</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} -</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for -</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} -</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO -</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server -</span></span><span style="display:flex;"><span> customheader: -</span></span><span style="display:flex;"><span> headername: -</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here -</span></span><span style="display:flex;"><span> enabled: false -</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers -</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server -</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker -</span></span><span style="display:flex;"><span> email: authenticated-email -</span></span><span style="display:flex;"><span> extid: authenticated-extid -</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span></code></pre></div><h3 id="restapplicationyml-etcsw360restapplicationyml">rest/application.yml (/etc/sw360/rest/application.yml)</h3> -<p>All of the following built-in properties can be overridden:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8091 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> http: -</span></span><span style="display:flex;"><span> multipart: -</span></span><span style="display:flex;"><span> max-file-size: 500MB -</span></span><span style="display:flex;"><span> max-request-size: 600MB -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> data: -</span></span><span style="display:flex;"><span> rest: -</span></span><span style="display:flex;"><span> base-path: /api -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># logging: -</span></span><span style="display:flex;"><span># level: -</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span><span style="display:flex;"><span> filter-order: 3 -</span></span><span style="display:flex;"><span> jwt: -</span></span><span style="display:flex;"><span> keyValue: | -</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- -</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy -</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ -</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ -</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg -</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da -</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ -</span></span><span style="display:flex;"><span> PQIDAQAB -</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} -</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org -</span></span><span style="display:flex;"><span> test-user-password: sw360-password -</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span></code></pre></div> - - - - - Docs: Configuring Country Codes - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ - - - - <p>This feature is available on:</p> -<ul> -<li>projects / Owner Country</li> -<li>components / Owner Country</li> -</ul> -<p><img src="https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg" alt="Country Code List"></p> -<p>Its supports preferred country codes, which are shown at the top of the country list. <br> -You can configure them by using the sw360.properties.</p> -<table> -<thead> -<tr> -<th style="text-align:center">sw360 properties key</th> -<th style="text-align:center">value</th> -<th style="text-align:center">default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">preferred.country.codes</td> -<td style="text-align:center">(ISO 3166-1 alpha-2)</td> -<td style="text-align:center">DE,AT,CH,US</td> -</tr> -</tbody> -</table> - - - - - - Docs: CVE Scheduler - https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ - - - - <h1 id="how-to-use-sw360-cve-schedule">How to use SW360 CVE schedule</h1> -<p>SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.<br> -<em>Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.</em></p> -<h2 id="install-cve-search">Install CVE-search</h2> -<p>cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.</p> -<h3 id="docker-installation-github-repohttpsgithubcomcve-searchcve-search-docker">Docker Installation <a href="https://github.com/cve-search/CVE-Search-Docker">Github repo</a></h3> -<p>Only clone and &ldquo;docker-compose up&rdquo;.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/CVE-Search-Docker.git -</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> CVE-Search-Docker -</span></span><span style="display:flex;"><span> $ docker-compose up -</span></span></code></pre></div><h3 id="native-installation-github-repohttpsgithubcomcve-searchcve-search">Native Installation <a href="https://github.com/cve-search/cve-search">Github repo</a></h3> -<ol> -<li>Clone source</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/cve-search -</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search -</span></span><span style="display:flex;"><span> $ git checkout <span style="color:#555">{</span>tag/branch<span style="color:#555">}</span> -</span></span></code></pre></div><ol start="2"> -<li>Install system requirements</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install -y &lt; requirements.system -</span></span></code></pre></div><ol start="3"> -<li>Install CVE-Search and its Python dependencies</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> pip3 install -r requirements.txt -</span></span></code></pre></div><ol start="4"> -<li>Install mongodb</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ <span style="color:#033">codename</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>lsb_release --codename --short<span style="color:#069;font-weight:bold">)</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ <span style="color:#366">echo</span> <span style="color:#c30">&#34;deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu </span><span style="color:#a00">${</span><span style="color:#033">codename</span><span style="color:#a00">}</span><span style="color:#c30">/mongodb-org/4.4 multiverse&#34;</span> | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get update -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo apt-get install -y mongodb-org -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl start mongod -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Verify status of mongodb</span> -</span></span><span style="display:flex;"><span> $ sudo systemctl status mongod -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># if all is ok, enable mongodb to start on system startup</span> -</span></span><span style="display:flex;"><span> $ sudo systemctl <span style="color:#366">enable</span> mongod -</span></span></code></pre></div><ol start="5"> -<li>Populating the database</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install redis redis-server -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">#modify: stop-writes-on-bgsave-error yes -&gt; no</span> -</span></span><span style="display:flex;"><span> $ sudo vim /etc/redis/redis.conf -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl restart redis -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_cpe_dictionary.py -p -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_json.py -p -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_updater.py -c <span style="color:#09f;font-style:italic"># This will take &gt; 45minutes on a decent machine, please be patient</span> -</span></span></code></pre></div><ol start="6"> -<li>Updating the database</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ ./sbin/db_updater.py -v -</span></span></code></pre></div><ol start="7"> -<li>Starting and stopping the web-server</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Install psutil &gt;= 5.7.0</span> -</span></span><span style="display:flex;"><span> $ pip3 install psutil&gt;<span style="color:#555">=</span>5.7.0 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Starting web server</span> -</span></span><span style="display:flex;"><span> $ python3 web/index.py -</span></span></code></pre></div><p>Default Web server: http://localhost:5000</p> -<p>To stop the server, press the <code>CTRL+C</code></p> -<p><strong>Note</strong>: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search -</span></span><span style="display:flex;"><span> $ cp etc/configuration.ini.sample etc/configuration.ini -</span></span><span style="display:flex;"><span> $ vim etc/configuration.ini -</span></span></code></pre></div><h2 id="setup-sw360-with-cve-server">Setup SW360 with CVE server</h2> -<ol> -<li>Change default CVE server</li> -</ol> -<p>Change <code>cvesearch.host</code> with CVE server address.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-cvesearch/src/main/resources/cvesearch.properties -</span></span></code></pre></div><ol start="2"> -<li>Setting for schedule the CVE service</li> -</ol> -<p>The offset (first run of the update) and the interval between updates can also be adjusted.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-schedule/src/main/resources/sw360.properties -</span></span></code></pre></div><p>The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> -<p>According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start <code>autostart = cvesearchService</code></p> -<ol start="3"> -<li>Schedule task Adminstration</li> -</ol> -<p>View and start/stop schedule</p> -<p>Click <code>Admin</code> &gt; <code>Schedule</code></p> -<h2 id="reference">Reference</h2> -<p>CVE guide: [https://cve-search.github.io/cve-search/database/database.html]</p> -<p>User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]</p> - - - - - - Docs: Export and Import - https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ - - - - <div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-diff" data-lang="diff"><span style="display:flex;"><span><span style="background-color:#fcc">- note that only export and import of users is active, -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- everything else is deprecated functionality. -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- The export and import functionality has not been -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- updated at some point and thus will not function -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- properly anymore. -</span></span></span></code></pre></div><h1 id="full-export">Full Export</h1> -<p>The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. -e.g.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/_utils/config.html -</span></span></code></pre></div><p>under</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>view_index_dir /var/lib/couchdb -</span></span></code></pre></div><p>This method of exporting has the advantage that all Ids remain the same. -An equally simple method it to use the Couch-DB replicator from Futon.</p> -<p>This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://github.com/couchapp/couchapp -</span></span></code></pre></div><p>and then follows the instructions from</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://harthur.github.io/costco/ -</span></span></code></pre></div><p>and</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>couchapp push . http://localhost:5984/sw360users -</span></span></code></pre></div><p>then you go to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/sw360users/_design/costco/index.html -</span></span></code></pre></div><p>and you can run functions like:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { -</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { -</span></span><span style="display:flex;"><span> if(doc.fullname == &#39;Homer J. Simons&#39;) { -</span></span><span style="display:flex;"><span> doc.fullname = &#39;Homer Jay Simons&#39;; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> return doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>You can also change the names of properties, e.g.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { -</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { -</span></span><span style="display:flex;"><span> if(doc.fullname ) { -</span></span><span style="display:flex;"><span> doc.fullname2 = doc.fullname; -</span></span><span style="display:flex;"><span> delete doc.fullname; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> return doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h1 id="csv-export">CSV Export</h1> -<h2 id="users">Users</h2> -<p>The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.</p> -<h2 id="projects">Projects</h2> -<p>There is no CSV export or import for projects currently.</p> -<h2 id="components-and-releases">Components and Releases</h2> -<p>To Export the components and releases you need to do the following: +Eclipse SW360 – Deploymenthttps://www.eclipse.org/sw360/docs/deployment/Recent content in Deployment on Eclipse SW360Hugo -- gohugo.ioDocs: Bare Metalhttps://www.eclipse.org/sw360/docs/deployment/baremetal/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/baremetal/Docs: Upgrade from previous instanceshttps://www.eclipse.org/sw360/docs/deployment/upgrading/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/Docs: Legacy Deployment Guideshttps://www.eclipse.org/sw360/docs/deployment/legacy/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/Docs: Authorization Concepthttps://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ +<p>The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: <a href="https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model">role and access model</a></p> +<h2 id="roles-overview">Roles Overview</h2> +<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> +<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> +<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> +<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> +<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the <code>SW360_ADMIN</code> role to allow users of this role to promote other users&rsquo;s roles, follow these steps:</p> +<ol> +<li>Go to control panel</li> +<li>Select the <code>Users</code> section</li> +<li>To subsection <code>Roles</code></li> +<li>Select row for <code>SW360 Admin</code> and select action <code>Define permissions</code>.</li> +</ol> +<p>When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.</p> +<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> +<p>The clearing admin can change all component and release records and project records of the same group.</p> +<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> +<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> +<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> +<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> +<h4 id="user">User</h4> +<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> +<h4 id="summary">Summary</h4> +<h3 id="moderation-requests">Moderation Requests</h3> +<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p>Docs: Configurable Property Keyshttps://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ +<h3 id="introduction">Introduction</h3> +<p>List of all applicable property files in sw360:</p> +<ul> +<li>sw360.properties</li> +<li>fossology.properties</li> +<li>couchdb.properties</li> +<li>search.properties</li> +<li>orgmapping.properties</li> +<li>databasetest.properties</li> +<li>authorization/application.yml</li> +<li>rest/application.yml</li> +</ul> +<h3 id="sw360properties-etcsw360sw360properties">SW360.properties (/etc/sw360/sw360.properties)</h3> +<p>The following table shall give an overview about the general sw360 configuration settings.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">licenseinfo.spdxparser.use-license-info-from-files</td> +<td style="text-align:left">true/false</td> +</tr> +<tr> +<td style="text-align:left">mainline.state.enabled.for.user</td> +<td style="text-align:left">true/false</td> +</tr> +<tr> +<td style="text-align:left">key.auth.email</td> +<td style="text-align:left">EMAIL</td> +</tr> +<tr> +<td style="text-align:left">key.auth.extid</td> +<td style="text-align:left">EXTID</td> +</tr> +<tr> +<td style="text-align:left">key.auth.givenname</td> +<td style="text-align:left">GIVENNAME</td> +</tr> +<tr> +<td style="text-align:left">key.auth.surname</td> +<td style="text-align:left">SURNAME</td> +</tr> +<tr> +<td style="text-align:left">key.auth.department</td> +<td style="text-align:left">DEPARTMENT</td> +</tr> +<tr> +<td style="text-align:left">backend.url</td> +<td style="text-align:left">http://127.0.0.1:8080</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.vendor.threshold</td> +<td style="text-align:left">1</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.product.threshold</td> +<td style="text-align:left">0</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.cutoff</td> +<td style="text-align:left">6</td> +</tr> +<tr> +<td style="text-align:left">combined.cli.parser.external.id.correlation.key</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">schedule.cvesearch.firstOffset.seconds</td> +<td style="text-align:left">0</td> +</tr> +<tr> +<td style="text-align:left">schedule.cvesearch.interval.seconds</td> +<td style="text-align:left">&ldquo;(24<em>60</em>60)&rdquo;</td> +</tr> +<tr> +<td style="text-align:left">autostart</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">rest.write.access.usergroup</td> +<td style="text-align:left">SW360_ADMIN</td> +</tr> +<tr> +<td style="text-align:left">rest.access.token.validity.seconds</td> +<td style="text-align:left">3600</td> +</tr> +<tr> +<td style="text-align:left">rest.security.client.id</td> +<td style="text-align:left">sw360-trusted-client</td> +</tr> +<tr> +<td style="text-align:left">rest.security.client.secret</td> +<td style="text-align:left">sw360-secret</td> +</tr> +<tr> +<td style="text-align:left">programming.languages</td> +<td style="text-align:left">ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON</td> +</tr> +<tr> +<td style="text-align:left">software.platforms</td> +<td style="text-align:left">Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)</td> +</tr> +<tr> +<td style="text-align:left">operating.systems</td> +<td style="text-align:left">Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS</td> +</tr> +<tr> +<td style="text-align:left">clearing.teams</td> +<td style="text-align:left">org1,org2,org3</td> +</tr> +<tr> +<td style="text-align:left">state</td> +<td style="text-align:left">Active,Phase out,Unknown</td> +</tr> +<tr> +<td style="text-align:left">project.type</td> +<td style="text-align:left">Customer Project,Internal Project,Product,Service,Inner Source</td> +</tr> +<tr> +<td style="text-align:left">project.externalkeys</td> +<td style="text-align:left">internal.id</td> +</tr> +<tr> +<td style="text-align:left">license.identifiers</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">component.categories</td> +<td style="text-align:left">framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml</td> +</tr> +<tr> +<td style="text-align:left">component.externalkeys</td> +<td style="text-align:left">com.github.id,com.gitlab.id,purl.id</td> +</tr> +<tr> +<td style="text-align:left">custommap.project.roles</td> +<td style="text-align:left">Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user</td> +</tr> +<tr> +<td style="text-align:left">custommap.component.roles</td> +<td style="text-align:left">Committer,Contributor,Expert</td> +</tr> +<tr> +<td style="text-align:left">custommap.release.roles</td> +<td style="text-align:left">Committer,Contributor,Expert</td> +</tr> +<tr> +<td style="text-align:left">custommap.release.externalIds</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">release.externalkeys</td> +<td style="text-align:left">org.maven.id,com.github.id,com.gitlab.id,purl.id</td> +</tr> +<tr> +<td style="text-align:left">projectimport.hosts</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">preferred.country.codes</td> +<td style="text-align:left">DE,AT,CH,US</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_from</td> +<td style="text-align:left">_<a href="mailto:No_Reply__@sw360.org">No_Reply__@sw360.org</a></td> +</tr> +<tr> +<td style="text-align:left">MailUtil_host</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_port</td> +<td style="text-align:left">25</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableStarttls</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableSsl</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_isAuthenticationNecessary</td> +<td style="text-align:left">true</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_login</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_password</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableDebug</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_supportMailAddress</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">defaultBegin</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">defaultEnd</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">unsubscribeNoticeBefore</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">unsubscribeNoticeAfter</td> +<td style="text-align:left">-</td> +</tr> +</tbody> +</table> +<h3 id="fossologyproperties-etcsw360fossologyproperties">fossology.properties (/etc/sw360/fossology.properties)</h3> +<p>These configuration parameters are necessary to connect to a fossology server.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">fossology.host</td> +<td style="text-align:left">localhost</td> +</tr> +<tr> +<td style="text-align:left">fossology.port</td> +<td style="text-align:left">22</td> +</tr> +<tr> +<td style="text-align:left">fossology.user</td> +<td style="text-align:left">sw360</td> +</tr> +<tr> +<td style="text-align:left">fossology.key.file</td> +<td style="text-align:left">/fossology.id_rsa</td> +</tr> +<tr> +<td style="text-align:left">fossology.key.pub.file</td> +<td style="text-align:left">[fossology.key.file] + .pub</td> +</tr> +</tbody> +</table> +<h3 id="couchdbproperties-etcsw360couchdbproperties">couchdb.properties (/etc/sw360/couchdb.properties)</h3> +<p>CouchDB and Lucene serach configuration properties.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">couchdb.url</td> +<td style="text-align:left">http://localhost:5984</td> +</tr> +<tr> +<td style="text-align:left">couchdb.database</td> +<td style="text-align:left">sw360db</td> +</tr> +<tr> +<td style="text-align:left">couchdb.user</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.password</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.userdb</td> +<td style="text-align:left">sw360users</td> +</tr> +<tr> +<td style="text-align:left">couchdb.attachments</td> +<td style="text-align:left">sw360attachments</td> +</tr> +<tr> +<td style="text-align:left">couchdb.fossologyKeys</td> +<td style="text-align:left">sw360fossologyKeys</td> +</tr> +<tr> +<td style="text-align:left">couchdb.vulnerability_management</td> +<td style="text-align:left">sw360vm</td> +</tr> +<tr> +<td style="text-align:left">lucenesearch.limit</td> +<td style="text-align:left">25</td> +</tr> +<tr> +<td style="text-align:left">lucenesearch.leading.wildcard*</td> +<td style="text-align:left">false</td> +</tr> +</tbody> +</table> +<blockquote> +<p>* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. <em>(couchdb-lucene.ini is part of the couchdb-lucene .war package)</em> <br> +[lucene] <br> +allowLeadingWildcard=true</p> +</blockquote> +<h3 id="searchproperties-etcsw360searchproperties">search.properties (/etc/sw360/search.properties)</h3> +<p>The following table shall give an overview about the specific search properties</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">search.name.max.length</td> +<td style="text-align:left">64</td> +</tr> +</tbody> +</table> +<h3 id="orgmappingproperties-etcsw360orgmappingproperties">orgmapping.properties (/etc/sw360/orgmapping.properties)</h3> +<p>This configuration file is used to activate the sw360 orgmapping feature.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">match.prefix</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">enable.custom.mapping</td> +<td style="text-align:left">false</td> +</tr> +</tbody> +</table> +<h3 id="databasetestproperties-etcsw360databasetestproperties">databasetest.properties (/etc/sw360/databasetest.properties)</h3> +<p>Just for couchdb database test purpose.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">couch_db_url</td> +<td style="text-align:left">http://localhost:5984</td> +</tr> +<tr> +<td style="text-align:left">couch_db_database</td> +<td style="text-align:left">datahandlertestdb</td> +</tr> +<tr> +<td style="text-align:left">couchdb.username</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.password</td> +<td style="text-align:left">-</td> +</tr> +</tbody> +</table> +<h3 id="authorizationapplicationyml-etcsw360authorizationapplicationyml">authorization/application.yml (/etc/sw360/authorization/application.yml)</h3> +<p>All of the following built-in properties can be overridden:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Port to open in standalone mode +</span></span><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8090 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials +</span></span><span style="display:flex;"><span>couchdb: +</span></span><span style="display:flex;"><span> url: http://localhost:5984 +</span></span><span style="display:flex;"><span> database: sw360oauthclients +</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password +</span></span><span style="display:flex;"><span> #username: +</span></span><span style="display:flex;"><span> #password: +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> jackson: +</span></span><span style="display:flex;"><span> serialization: +</span></span><span style="display:flex;"><span> indent_output: true +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Common SW360 properties +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> # The url of the Liferay instance +</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} +</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for +</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} +</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO +</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server +</span></span><span style="display:flex;"><span> customheader: +</span></span><span style="display:flex;"><span> headername: +</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here +</span></span><span style="display:flex;"><span> enabled: false +</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers +</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server +</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker +</span></span><span style="display:flex;"><span> email: authenticated-email +</span></span><span style="display:flex;"><span> extid: authenticated-extid +</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span></code></pre></div><h3 id="restapplicationyml-etcsw360restapplicationyml">rest/application.yml (/etc/sw360/rest/application.yml)</h3> +<p>All of the following built-in properties can be overridden:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8091 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> http: +</span></span><span style="display:flex;"><span> multipart: +</span></span><span style="display:flex;"><span> max-file-size: 500MB +</span></span><span style="display:flex;"><span> max-request-size: 600MB +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> data: +</span></span><span style="display:flex;"><span> rest: +</span></span><span style="display:flex;"><span> base-path: /api +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># logging: +</span></span><span style="display:flex;"><span># level: +</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span><span style="display:flex;"><span> filter-order: 3 +</span></span><span style="display:flex;"><span> jwt: +</span></span><span style="display:flex;"><span> keyValue: | +</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- +</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy +</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ +</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ +</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg +</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da +</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ +</span></span><span style="display:flex;"><span> PQIDAQAB +</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} +</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org +</span></span><span style="display:flex;"><span> test-user-password: sw360-password +</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span></code></pre></div>Docs: Configuring Country Codeshttps://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ +<p>This feature is available on:</p> +<ul> +<li>projects / Owner Country</li> +<li>components / Owner Country</li> +</ul> +<p><img src="https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg" alt="Country Code List"></p> +<p>Its supports preferred country codes, which are shown at the top of the country list. <br> +You can configure them by using the sw360.properties.</p> +<table> +<thead> +<tr> +<th style="text-align:center">sw360 properties key</th> +<th style="text-align:center">value</th> +<th style="text-align:center">default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">preferred.country.codes</td> +<td style="text-align:center">(ISO 3166-1 alpha-2)</td> +<td style="text-align:center">DE,AT,CH,US</td> +</tr> +</tbody> +</table>Docs: CVE Schedulerhttps://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +<h1 id="how-to-use-sw360-cve-schedule">How to use SW360 CVE schedule</h1> +<p>SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.<br> +<em>Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.</em></p> +<h2 id="install-cve-search">Install CVE-search</h2> +<p>cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.</p> +<h3 id="docker-installation-github-repohttpsgithubcomcve-searchcve-search-docker">Docker Installation <a href="https://github.com/cve-search/CVE-Search-Docker">Github repo</a></h3> +<p>Only clone and &ldquo;docker-compose up&rdquo;.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/CVE-Search-Docker.git +</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> CVE-Search-Docker +</span></span><span style="display:flex;"><span> $ docker-compose up +</span></span></code></pre></div><h3 id="native-installation-github-repohttpsgithubcomcve-searchcve-search">Native Installation <a href="https://github.com/cve-search/cve-search">Github repo</a></h3> +<ol> +<li>Clone source</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/cve-search +</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search +</span></span><span style="display:flex;"><span> $ git checkout <span style="color:#555">{</span>tag/branch<span style="color:#555">}</span> +</span></span></code></pre></div><ol start="2"> +<li>Install system requirements</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install -y &lt; requirements.system +</span></span></code></pre></div><ol start="3"> +<li>Install CVE-Search and its Python dependencies</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> pip3 install -r requirements.txt +</span></span></code></pre></div><ol start="4"> +<li>Install mongodb</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ <span style="color:#033">codename</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>lsb_release --codename --short<span style="color:#069;font-weight:bold">)</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ <span style="color:#366">echo</span> <span style="color:#c30">&#34;deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu </span><span style="color:#a00">${</span><span style="color:#033">codename</span><span style="color:#a00">}</span><span style="color:#c30">/mongodb-org/4.4 multiverse&#34;</span> | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get update +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo apt-get install -y mongodb-org +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl start mongod +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Verify status of mongodb</span> +</span></span><span style="display:flex;"><span> $ sudo systemctl status mongod +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># if all is ok, enable mongodb to start on system startup</span> +</span></span><span style="display:flex;"><span> $ sudo systemctl <span style="color:#366">enable</span> mongod +</span></span></code></pre></div><ol start="5"> +<li>Populating the database</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install redis redis-server +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">#modify: stop-writes-on-bgsave-error yes -&gt; no</span> +</span></span><span style="display:flex;"><span> $ sudo vim /etc/redis/redis.conf +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl restart redis +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_cpe_dictionary.py -p +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_json.py -p +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_updater.py -c <span style="color:#09f;font-style:italic"># This will take &gt; 45minutes on a decent machine, please be patient</span> +</span></span></code></pre></div><ol start="6"> +<li>Updating the database</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ ./sbin/db_updater.py -v +</span></span></code></pre></div><ol start="7"> +<li>Starting and stopping the web-server</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Install psutil &gt;= 5.7.0</span> +</span></span><span style="display:flex;"><span> $ pip3 install psutil&gt;<span style="color:#555">=</span>5.7.0 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Starting web server</span> +</span></span><span style="display:flex;"><span> $ python3 web/index.py +</span></span></code></pre></div><p>Default Web server: http://localhost:5000</p> +<p>To stop the server, press the <code>CTRL+C</code></p> +<p><strong>Note</strong>: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search +</span></span><span style="display:flex;"><span> $ cp etc/configuration.ini.sample etc/configuration.ini +</span></span><span style="display:flex;"><span> $ vim etc/configuration.ini +</span></span></code></pre></div><h2 id="setup-sw360-with-cve-server">Setup SW360 with CVE server</h2> +<ol> +<li>Change default CVE server</li> +</ol> +<p>Change <code>cvesearch.host</code> with CVE server address.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-cvesearch/src/main/resources/cvesearch.properties +</span></span></code></pre></div><ol start="2"> +<li>Setting for schedule the CVE service</li> +</ol> +<p>The offset (first run of the update) and the interval between updates can also be adjusted.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-schedule/src/main/resources/sw360.properties +</span></span></code></pre></div><p>The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> +<p>According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start <code>autostart = cvesearchService</code></p> +<ol start="3"> +<li>Schedule task Adminstration</li> +</ol> +<p>View and start/stop schedule</p> +<p>Click <code>Admin</code> &gt; <code>Schedule</code></p> +<h2 id="reference">Reference</h2> +<p>CVE guide: [https://cve-search.github.io/cve-search/database/database.html]</p> +<p>User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]</p>Docs: Export and Importhttps://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-diff" data-lang="diff"><span style="display:flex;"><span><span style="background-color:#fcc">- note that only export and import of users is active, +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- everything else is deprecated functionality. +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- The export and import functionality has not been +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- updated at some point and thus will not function +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- properly anymore. +</span></span></span></code></pre></div><h1 id="full-export">Full Export</h1> +<p>The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. +e.g.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/_utils/config.html +</span></span></code></pre></div><p>under</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>view_index_dir /var/lib/couchdb +</span></span></code></pre></div><p>This method of exporting has the advantage that all Ids remain the same. +An equally simple method it to use the Couch-DB replicator from Futon.</p> +<p>This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://github.com/couchapp/couchapp +</span></span></code></pre></div><p>and then follows the instructions from</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://harthur.github.io/costco/ +</span></span></code></pre></div><p>and</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>couchapp push . http://localhost:5984/sw360users +</span></span></code></pre></div><p>then you go to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/sw360users/_design/costco/index.html +</span></span></code></pre></div><p>and you can run functions like:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { +</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { +</span></span><span style="display:flex;"><span> if(doc.fullname == &#39;Homer J. Simons&#39;) { +</span></span><span style="display:flex;"><span> doc.fullname = &#39;Homer Jay Simons&#39;; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> return doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>You can also change the names of properties, e.g.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { +</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { +</span></span><span style="display:flex;"><span> if(doc.fullname ) { +</span></span><span style="display:flex;"><span> doc.fullname2 = doc.fullname; +</span></span><span style="display:flex;"><span> delete doc.fullname; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> return doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h1 id="csv-export">CSV Export</h1> +<h2 id="users">Users</h2> +<p>The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.</p> +<h2 id="projects">Projects</h2> +<p>There is no CSV export or import for projects currently.</p> +<h2 id="components-and-releases">Components and Releases</h2> +<p>To Export the components and releases you need to do the following: As Components and Releases are identified by their identifier ([name] or [name(version)]), these identifiers need to be unique. When importing duplicates in the identifiers are ignored and they are also not exported. -Therefore in the admin page you can check the database for such duplicates.</p> -<p>After that &ldquo;Download Component CSV&rdquo; creates a CSV with components, releases and their source attachments. +Therefore in the admin page you can check the database for such duplicates.</p> +<p>After that &ldquo;Download Component CSV&rdquo; creates a CSV with components, releases and their source attachments. The source attachments are created if the &ldquo;DownloadURL&rdquo; is a valid url. These remote-only attachments will be download once the first download request occurs. -If the URL does not exist you get an error.</p> -<p>Alternatively you can use</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java -</span></span></code></pre></div><p>to bulk download the source only attachments. -The command line call to use it from the Siemens network looks like this:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d -</span></span></code></pre></div><h2 id="attachments">Attachments</h2> -<p>Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.</p> -<p>The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.</p> -<p>This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.</p> -<p>The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.</p> -<p>If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.</p> -<p>If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.</p> -<p>In general this should only be necessary if errors have occurred. -It is a good idea to run this before you export the attachments.</p> -<h2 id="release-links">Release links</h2> -<p>Links between releases can be exported or imported. +If the URL does not exist you get an error.</p> +<p>Alternatively you can use</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java +</span></span></code></pre></div><p>to bulk download the source only attachments. +The command line call to use it from the Siemens network looks like this:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d +</span></span></code></pre></div><h2 id="attachments">Attachments</h2> +<p>Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.</p> +<p>The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.</p> +<p>This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.</p> +<p>The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.</p> +<p>If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.</p> +<p>If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.</p> +<p>In general this should only be necessary if errors have occurred. +It is a good idea to run this before you export the attachments.</p> +<h2 id="release-links">Release links</h2> +<p>Links between releases can be exported or imported. Because release links are stored in maps, the procedure is idempotent by construction. -The old links are overwritten with the imported data.</p> -<h2 id="suggested-order-for-exports">Suggested Order for Exports</h2> -<ol> -<li>Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)</li> -<li>Clean up the attachments</li> -<li>Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)</li> -<li>Export the Users, Components, Attachment Infos and release links</li> -<li>copy the sw360attachments.couch, this might be a huge files</li> -</ol> -<h2 id="suggested-order-for-imports">Suggested Order for Imports</h2> -<h3 id="on-a-fresh-installation">On a fresh installation</h3> -<ol> -<li>Copy the sw360attachments.couch in its place</li> -<li>Start the licenses importer</li> -<li>restart the backend to make the design documents available and boot the frontend</li> -<li>Import the users</li> -<li>Import the component CSV</li> -<li>Import the Attachment Infos</li> -<li>Import the Release Link Infos.</li> -</ol> -<h3 id="regular-maintenance-operations">Regular Maintenance Operations</h3> -<ol> -<li>Run the attachments clean up</li> -<li>Resolve name crashes with the search for duplicate Identifiers</li> -</ol> -<h3 id="imports-on-a-running-instance">Imports on a running instance</h3> -<ol> -<li>New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.</li> -<li>Users can be added via CSV.</li> -<li>Release links can be added via CSV, duplicates overwrite existing links</li> -</ol> -<p>Attachments should not be imported on a running instance! +The old links are overwritten with the imported data.</p> +<h2 id="suggested-order-for-exports">Suggested Order for Exports</h2> +<ol> +<li>Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)</li> +<li>Clean up the attachments</li> +<li>Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)</li> +<li>Export the Users, Components, Attachment Infos and release links</li> +<li>copy the sw360attachments.couch, this might be a huge files</li> +</ol> +<h2 id="suggested-order-for-imports">Suggested Order for Imports</h2> +<h3 id="on-a-fresh-installation">On a fresh installation</h3> +<ol> +<li>Copy the sw360attachments.couch in its place</li> +<li>Start the licenses importer</li> +<li>restart the backend to make the design documents available and boot the frontend</li> +<li>Import the users</li> +<li>Import the component CSV</li> +<li>Import the Attachment Infos</li> +<li>Import the Release Link Infos.</li> +</ol> +<h3 id="regular-maintenance-operations">Regular Maintenance Operations</h3> +<ol> +<li>Run the attachments clean up</li> +<li>Resolve name crashes with the search for duplicate Identifiers</li> +</ol> +<h3 id="imports-on-a-running-instance">Imports on a running instance</h3> +<ol> +<li>New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.</li> +<li>Users can be added via CSV.</li> +<li>Release links can be added via CSV, duplicates overwrite existing links</li> +</ol> +<p>Attachments should not be imported on a running instance! This should not break much, as without the entries in the couchDB there will be no import. But potentially remote-only Attachments get deleted. -Nevertheless this scenario is not intended and maybe there are unforeseen side effects.</p> -<h2 id="troubleshooting">Troubleshooting</h2> -<h4 id="import-failing-in-the-backend-no-department">Import failing in the Backend: No Department</h4> -<p>The import fails with some error message that a user does not have a department?</p> -<ol> -<li>First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.</li> -<li>If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the &ldquo;sw360users&rdquo; database in couchdb.</li> -<li>Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.</li> -</ol> - - - - - - Docs: Security - https://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/ - - - - <p>After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components:</p> -<ul> -<li>Lifearay</li> -<li>Tomcat</li> -<li>Couchdb</li> -</ul> -<p>For the applications, the following very first line measure should be considered:</p> -<ul> -<li> -<p>Change password of Liferay administrator user or check if that is appropriately secure.</p> -</li> -<li> -<p>You should check the permissions of the involved users in the user management in Liferay.</p> -</li> -<li> -<p>Assign individual passwords for users, also you could force the users to change their passwords at login if you like.</p> -</li> -<li> -<p>Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only.</p> -</li> -<li> -<p>Also for Tomcat you limit port access from localhost only.</p> -</li> -<li> -<p>Do you need the ssh ports open or can you just go to the machine (physically).</p> -</li> -<li> -<p>Fix the admin party on couchdb</p> -</li> -<li> -<p>Add https access to couchdb</p> -</li> -<li> -<p>check that sw360 runtime user does not have sudo rights and config files for sw360 are <code>600</code> only.</p> -</li> -</ul> - - - - - - Docs: Special Deployment Guides - https://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/ - - - - <h3 id="general-deployment-guides">General Deployment Guides</h3> -<ul> -<li><a href="https://qiita.com/K-Hama/items/1582b4e1bf248025eabb">Comprehensive blog post on SW360 Installation in Japanese</a></li> -</ul> - - - - - - Docs: SW360 18.x.x Series Initial Setup - https://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/ - - - - <p>After successful , Then if you open the server with the URL <code>https://localhost:8080/</code> the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/1.png"/> -</figure> - -<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/2.png"/> -</figure> - -<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/3.png"/> -</figure> - -<h2 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h2> -<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/4.png"/> -</figure> - -<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/6.png"/> -</figure> - -<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/7.png"/> -</figure> - -<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/8.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/9.png"/> -</figure> - -<p>Finally, sice Liferay 7.4 some of the bundled modules need to be activated:</p> -<ul> -<li>jquery</li> -<li>font awesome</li> -</ul> -<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/10.png"/> -</figure> - -<p>Do the same for Font Awesome:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/11.png"/> -</figure> - -<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> -<h2 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h2> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> -<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/12.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> -</figure> - -<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/18.png"/> -</figure> - -<p>You can close the left menu area by clicking on the upper left icon:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/19.png"/> -</figure> - -<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/20.png"/> -</figure> - -<h2 id="create-user-accounts-for-test">Create User Accounts for Test</h2> -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/21.png"/> -</figure> - -<p>Create at least one user with Admin properties. Example:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/26.png"/> -</figure> - -<h2 id="real-login">Real Login</h2> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/24.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/25.png"/> -</figure> - - - - - - - Docs: System Requirements - https://www.eclipse.org/sw360/docs/deployment/deploy-requirements/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-requirements/ - - - - <p>For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see <code>$TOMCAT_HOME/bin/setenv.sh</code>).</p> -<p>Please note that you can review the current memory situation of the application in the liferay administration section as well (see <code>Configuration</code>-&gt; <code>Server Administration</code>).</p> -<h2 id="hardware-and-infrastructure">Hardware and Infrastructure</h2> -<h3 id="cd-based-test-instances">CD-based test instances</h3> -<p>When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended:</p> -<ul> -<li>1 core</li> -<li>4GB RAM</li> -<li>40GB normal file system</li> -<li>10Mbit Ethernet link</li> -</ul> -<p>In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB.</p> -<h3 id="staging-instances">Staging instances</h3> -<p>Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set.</p> -<ul> -<li>2 cores</li> -<li>8GB RAM</li> -<li>500GB normal file system</li> -<li>100Mbit Ethernet link</li> -</ul> -<p>The tomcat should be adjusted to 4GB RAM</p> -<h3 id="productive-instances">Productive instances</h3> -<p>Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup.</p> -<ul> -<li>4 cores</li> -<li>16GB RAM</li> -<li>500GB SSD based file system</li> -<li>1GBit link Ethernet link</li> -</ul> -<p>Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder.</p> -<h3 id="network">Network</h3> -<p>The following table shall give an overview about the inbound ports</p> -<table> -<thead> -<tr> -<th style="text-align:left">Port</th> -<th style="text-align:left">Service</th> -<th style="text-align:left">Remarks</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">443</td> -<td style="text-align:left">https</td> -<td style="text-align:left">Accessing the application</td> -</tr> -<tr> -<td style="text-align:left">22</td> -<td style="text-align:left">ssh</td> -<td style="text-align:left">Administering the application</td> -</tr> -<tr> -<td style="text-align:left">80</td> -<td style="text-align:left">http</td> -<td style="text-align:left">if you would like to access the solution over http</td> -</tr> -<tr> -<td style="text-align:left">5984/5985</td> -<td style="text-align:left">http/https</td> -<td style="text-align:left">if access to the couchdb (admin) interface is required</td> -</tr> -</tbody> -</table> -<p>Overview about the <em>additional</em> outbound ports:</p> -<table> -<thead> -<tr> -<th style="text-align:left">Port</th> -<th style="text-align:left">Service</th> -<th style="text-align:left">Remarks</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">3269</td> -<td style="text-align:left">sldap</td> -<td style="text-align:left">If you do authentication using secure LDAP</td> -</tr> -<tr> -<td style="text-align:left">443</td> -<td style="text-align:left">sldap</td> -<td style="text-align:left">If you do consume services over https (e.g. vulnerabilty pulling)</td> -</tr> -<tr> -<td style="text-align:left">53</td> -<td style="text-align:left">dns</td> -<td style="text-align:left">&hellip;</td> -</tr> -<tr> -<td style="text-align:left">22</td> -<td style="text-align:left">ssh</td> -<td style="text-align:left">the old way of calling a fossology server</td> -</tr> -</tbody> -</table> -<p>Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound.</p> -<h2 id="software">Software:</h2> -<p>As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development:</p> -<p>until 5:</p> -<ul> -<li>OpenJDK 8</li> -<li>Unbunu 16.04 LTS</li> -</ul> -<p>after 5:</p> -<ul> -<li>openjdk 8</li> -<li>ubuntu 18.04 LTS</li> -</ul> -<p>after 11:</p> -<ul> -<li>openjdk 11</li> -<li>ubuntu 18.04 LTS</li> -</ul> -<p>More information about requirements can be found here: <a href="https://github.com/sw360/sw360vagrant/wiki">https://github.com/sw360/sw360vagrant/wiki</a></p> - - - - - - +Nevertheless this scenario is not intended and maybe there are unforeseen side effects.</p> +<h2 id="troubleshooting">Troubleshooting</h2> +<h4 id="import-failing-in-the-backend-no-department">Import failing in the Backend: No Department</h4> +<p>The import fails with some error message that a user does not have a department?</p> +<ol> +<li>First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.</li> +<li>If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the &ldquo;sw360users&rdquo; database in couchdb.</li> +<li>Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.</li> +</ol>Docs: Securityhttps://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/ +<p>After the basic installation, there are some following steps that should be considered for securing the deployment. The main issue that can be done upfront is the documentation of the involved components:</p> +<ul> +<li>Lifearay</li> +<li>Tomcat</li> +<li>Couchdb</li> +</ul> +<p>For the applications, the following very first line measure should be considered:</p> +<ul> +<li> +<p>Change password of Liferay administrator user or check if that is appropriately secure.</p> +</li> +<li> +<p>You should check the permissions of the involved users in the user management in Liferay.</p> +</li> +<li> +<p>Assign individual passwords for users, also you could force the users to change their passwords at login if you like.</p> +</li> +<li> +<p>Besides the general advice to check the deployment instructions for the involved components, it is of particular interest to limit couchdb access from localhost only.</p> +</li> +<li> +<p>Also for Tomcat you limit port access from localhost only.</p> +</li> +<li> +<p>Do you need the ssh ports open or can you just go to the machine (physically).</p> +</li> +<li> +<p>Fix the admin party on couchdb</p> +</li> +<li> +<p>Add https access to couchdb</p> +</li> +<li> +<p>check that sw360 runtime user does not have sudo rights and config files for sw360 are <code>600</code> only.</p> +</li> +</ul>Docs: Special Deployment Guideshttps://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/ +<h3 id="general-deployment-guides">General Deployment Guides</h3> +<ul> +<li><a href="https://qiita.com/K-Hama/items/1582b4e1bf248025eabb">Comprehensive blog post on SW360 Installation in Japanese</a></li> +</ul>Docs: SW360 18.x.x Series Initial Setuphttps://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/ +<p>After successful , Then if you open the server with the URL <code>https://localhost:8080/</code> the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/1.png"/> +</figure> +<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/2.png"/> +</figure> +<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/3.png"/> +</figure> +<h2 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h2> +<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/4.png"/> +</figure> +<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/6.png"/> +</figure> +<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/7.png"/> +</figure> +<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/8.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/9.png"/> +</figure> +<p>Finally, sice Liferay 7.4 some of the bundled modules need to be activated:</p> +<ul> +<li>jquery</li> +<li>font awesome</li> +</ul> +<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/10.png"/> +</figure> +<p>Do the same for Font Awesome:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/11.png"/> +</figure> +<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> +<h2 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h2> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/12.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> +</figure> +<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/18.png"/> +</figure> +<p>You can close the left menu area by clicking on the upper left icon:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/19.png"/> +</figure> +<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/20.png"/> +</figure> +<h2 id="create-user-accounts-for-test">Create User Accounts for Test</h2> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/21.png"/> +</figure> +<p>Create at least one user with Admin properties. Example:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/26.png"/> +</figure> +<h2 id="real-login">Real Login</h2> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/24.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/25.png"/> +</figure>Docs: System Requirementshttps://www.eclipse.org/sw360/docs/deployment/deploy-requirements/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-requirements/ +<p>For deploying the SW360, there are the following hardware requirements below. Please note that the main memory consumer is the tomcat application container. Accordingly, this requires different settings (see <code>$TOMCAT_HOME/bin/setenv.sh</code>).</p> +<p>Please note that you can review the current memory situation of the application in the liferay administration section as well (see <code>Configuration</code>-&gt; <code>Server Administration</code>).</p> +<h2 id="hardware-and-infrastructure">Hardware and Infrastructure</h2> +<h3 id="cd-based-test-instances">CD-based test instances</h3> +<p>When there is a continuous deployment and continuous delivery directly deployed to machine the following machine is recommended:</p> +<ul> +<li>1 core</li> +<li>4GB RAM</li> +<li>40GB normal file system</li> +<li>10Mbit Ethernet link</li> +</ul> +<p>In this case, the sw360 solution runs fairly well for clicking around and creation of a few data sets. Note that Tomcat should have 2GB.</p> +<h3 id="staging-instances">Staging instances</h3> +<p>Testing and working with normal data sets for staging and pre-productive testing. Pre productive does not need to have the same execution speed of the machine, however, requires enough RAM and file system to run a clone on the data set.</p> +<ul> +<li>2 cores</li> +<li>8GB RAM</li> +<li>500GB normal file system</li> +<li>100Mbit Ethernet link</li> +</ul> +<p>The tomcat should be adjusted to 4GB RAM</p> +<h3 id="productive-instances">Productive instances</h3> +<p>Productive with for example: 10K releases, 2k users which deploys the entire solution onto a single larger machine. It does not apply to a docker based setup.</p> +<ul> +<li>4 cores</li> +<li>16GB RAM</li> +<li>500GB SSD based file system</li> +<li>1GBit link Ethernet link</li> +</ul> +<p>Tomcat should be adjusted to 10-12GB RAM. Note: normally, you could also run Tomcat with significantly lees RAM, if you put common dependencies in a shared lib folder.</p> +<h3 id="network">Network</h3> +<p>The following table shall give an overview about the inbound ports</p> +<table> +<thead> +<tr> +<th style="text-align:left">Port</th> +<th style="text-align:left">Service</th> +<th style="text-align:left">Remarks</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">443</td> +<td style="text-align:left">https</td> +<td style="text-align:left">Accessing the application</td> +</tr> +<tr> +<td style="text-align:left">22</td> +<td style="text-align:left">ssh</td> +<td style="text-align:left">Administering the application</td> +</tr> +<tr> +<td style="text-align:left">80</td> +<td style="text-align:left">http</td> +<td style="text-align:left">if you would like to access the solution over http</td> +</tr> +<tr> +<td style="text-align:left">5984/5985</td> +<td style="text-align:left">http/https</td> +<td style="text-align:left">if access to the couchdb (admin) interface is required</td> +</tr> +</tbody> +</table> +<p>Overview about the <em>additional</em> outbound ports:</p> +<table> +<thead> +<tr> +<th style="text-align:left">Port</th> +<th style="text-align:left">Service</th> +<th style="text-align:left">Remarks</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">3269</td> +<td style="text-align:left">sldap</td> +<td style="text-align:left">If you do authentication using secure LDAP</td> +</tr> +<tr> +<td style="text-align:left">443</td> +<td style="text-align:left">sldap</td> +<td style="text-align:left">If you do consume services over https (e.g. vulnerabilty pulling)</td> +</tr> +<tr> +<td style="text-align:left">53</td> +<td style="text-align:left">dns</td> +<td style="text-align:left">&hellip;</td> +</tr> +<tr> +<td style="text-align:left">22</td> +<td style="text-align:left">ssh</td> +<td style="text-align:left">the old way of calling a fossology server</td> +</tr> +</tbody> +</table> +<p>Outbound ports for http / https may be required for downloading system updates. Ports for ssh may not be required outbound.</p> +<h2 id="software">Software:</h2> +<p>As for the software, the sw360 can be run on many platforms, even on Windows seven. We have the following reference platform for development:</p> +<p>until 5:</p> +<ul> +<li>OpenJDK 8</li> +<li>Unbunu 16.04 LTS</li> +</ul> +<p>after 5:</p> +<ul> +<li>openjdk 8</li> +<li>ubuntu 18.04 LTS</li> +</ul> +<p>after 11:</p> +<ul> +<li>openjdk 11</li> +<li>ubuntu 18.04 LTS</li> +</ul> +<p>More information about requirements can be found here: <a href="https://github.com/sw360/sw360vagrant/wiki">https://github.com/sw360/sw360vagrant/wiki</a></p> \ No newline at end of file diff --git a/docs/deployment/legacy/deploy-liferay/index.html b/docs/deployment/legacy/deploy-liferay/index.html index 62ba3bd..6f7008c 100644 --- a/docs/deployment/legacy/deploy-liferay/index.html +++ b/docs/deployment/legacy/deploy-liferay/index.html @@ -1,873 +1,109 @@ - - - - - - - - - - - - - - - - - - - - -Initial Setup of Liferay 6.2 and sw360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Initial Setup of Liferay 6.2 and sw360

- -
- - - - - - - - - - - - - -
-

Liferay administrator steps

-

This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the sw360vagrant or the sw360chores deployment, the default setup user credentials are setup@sw360.org with the unsafe password sw360fossy.

-
    -
  1. -

    Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)

    -
    2. -
  2. -

    Go to

    -

    Menu Admin -> Item Control Panel -> Section Users, Password Policies -> Default Password Policy -> Actions -> Edit

    -
    3. -
  3. -

    Then

    -

    uncheck Change Required and then -save

    -
    4. -
  4. -

    Then we need to grant new users the right to see SW360

    -

    Control Panel -> Configuration -> Users(on the right) -> Default User Associations

    -

    check Apply to Existing Users -write in Sites: SW360 -save (on the right)

    -
    5. -
  5. -

    Do not allow stranger to create accounts …

    -

    Control Panel -> Configuration -> Users(on the right) -> Authentication

    -

    uncheck Allow strangers to create ... +Initial Setup of Liferay 6.2 and sw360 | Eclipse SW360 +

    Initial Setup of Liferay 6.2 and sw360

    Liferay administrator steps

    This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the sw360vagrant or the sw360chores deployment, the default setup user credentials are setup@sw360.org with the unsafe password sw360fossy.

    1. Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)

    2. Go to

      Menu Admin -> Item Control Panel -> Section Users, Password Policies -> Default Password Policy -> Actions -> Edit

    3. Then

      uncheck Change Required and then +save

    4. Then we need to grant new users the right to see SW360

      Control Panel -> Configuration -> Users(on the right) -> Default User Associations

      check Apply to Existing Users +write in Sites: SW360 +save (on the right)

    5. Do not allow stranger to create accounts …

      Control Panel -> Configuration -> Users(on the right) -> Authentication

      uncheck Allow strangers to create ... uncheck Allow strangers to verify ... -save (on the right)

      -
      6. -
    6. -

      Then, to deactivate self registration

      -

      Control Panel -> Authentication -> remove checkmarks for creating accounts by strangers -save (on the right)

      -

      Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)

      -
      7. -
    7. -

      Then we go to

      -

      Admin -> Pages

      -
      8. -
    8. -

      and import the lar files from

      -
      frontend/configuration/public_pages.lar
-frontend/configuration/private_pages.lar
-

      for the respective pages, using the tabs Public Pages and Private Pages. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.

      -
      9. -
    9. -

      ( DO NOT CHECK Pages -> Change -> Delete Missing Pages)

      -

      We check on first page

      -

      Application Configuration -> Choose Applications (leave all checked)

      -

      Permissions -> Permissions

      -

      Permissions -> Permissions Assigned to Roles

      -

      => Click Continue

      -
      10. -
    10. -

      We check on second page of the import agent:

      -

      Update Data -> Mirror with overwriting

      -

      Authorship of the Content -> Use the Current User as Author

      -
      11. -
    11. -

      If this was successful we can go to

      -

      Private Pages -> users

      -
      12. -
    12. -

      We can then import a csv file that looks like that

      -
       GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash
- user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK
-
      13. -
    -

    Note that

    -
    1. The GID must be unique
+save (on the right)

  6. Then, to deactivate self registration

    Control Panel -> Authentication -> remove checkmarks for creating accounts by strangers +save (on the right)

    Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)

  7. Then we go to

    Admin -> Pages

  8. and import the lar files from

    frontend/configuration/public_pages.lar
+frontend/configuration/private_pages.lar
+

    for the respective pages, using the tabs Public Pages and Private Pages. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.

  9. ( DO NOT CHECK Pages -> Change -> Delete Missing Pages)

    We check on first page

    Application Configuration -> Choose Applications (leave all checked)

    Permissions -> Permissions

    Permissions -> Permissions Assigned to Roles

    => Click Continue

  10. We check on second page of the import agent:

    Update Data -> Mirror with overwriting

    Authorship of the Content -> Use the Current User as Author

  11. If this was successful we can go to

    Private Pages -> users

  12. We can then import a csv file that looks like that

     GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash
+ user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK
+

Note that

1. The GID must be unique
 1. The hash here means "t"
 1. The GID is called external Id in the thrift-based datamodel
-
-

Some notes and troubleshooting

-

Check Liferay Configuration Options

-

There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:

-
    -
  • Auto login or self registration functionality
    • -
  • Site statistics
    • -
  • Password policies
    • -
  • Configurability options
    • -
  • many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options.
    • -
-

Liferay crashes at startup with exception: Dockbar

-

If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem …).

-

Strange behavior

-

If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:

-
CATALINA_OPTS="$CATALINA_OPTS -Xms2048m -Xmx2048m
-- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m
-- -XX:MaxPermSize=512m"
-

if you run Java prior to 8.

-

Surfing to the main page shows blank page with exception message

-

If the “null pointer page” shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).

- - - -
- Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +

Some notes and troubleshooting

Check Liferay Configuration Options

There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:

Liferay crashes at startup with exception: Dockbar

If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem …).

Strange behavior

If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:

CATALINA_OPTS="$CATALINA_OPTS -Xms2048m -Xmx2048m
+- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m
+- -XX:MaxPermSize=512m"
+

if you run Java prior to 8.

Surfing to the main page shows blank page with exception message

If the “null pointer page” shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).

Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/deploy-liferay7.3/index.html b/docs/deployment/legacy/deploy-liferay7.3/index.html index 1d55294..c67563e 100644 --- a/docs/deployment/legacy/deploy-liferay7.3/index.html +++ b/docs/deployment/legacy/deploy-liferay7.3/index.html @@ -1,950 +1,104 @@ - - - - - - - - - - - - - - - - - - - - -Initial Setup of Liferay 7.3 and sw360 | Eclipse SW360 -Initial Setup of Liferay 7.3 and sw360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Initial Setup of Liferay 7.3 and sw360

- -
- - - - - - - - - - - - - -
-

After successful installation, the vagrant ends like the following terminal output:

- -
- -
- -

Then if you open the server with the URL https://localhost:8443/ the following screen should appear:

- -
- -
- -

Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

-

Sign in_the icon_the upper left corner. If you did not change the values in configuration.rbthe default login is setup@sw360.org and sw360fossy.

- -
- -
- -

After login the sw360 is not setup, thus the server does not display much, but a screen like the following:

- -
- -
- -

User and Login Settings in Liferay

-

Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:

- -
- -
- -

In this area, go for Security > Password Policies:

- -
- -
- -

Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.

- -
- -
- -

Then, go: in Configuration > Instance Settings > Users >

- -
- -
- -

In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:

- -
- -
- -

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.

- -
- -
- -

Finally, sice Liferay 7.3 some of the bundled modules need to be activated:

-
    -
  • jquery
    • -
  • font awesome
    • -
-

In oder to do this, please select from the Configuration > System Settings > Third Party and go to jquery, select the enablement and click on Update:

- -
- -
- -

Do the same for Font Awesome:

- -
- -
- -

Note that you need to reload the browser or load a new browser window to take changes to effect.

-

Setup SW360 for Liferay: Import *.lar Files

-

For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

-

In order to go ahead, switch to the SW360 area where you can apply site settings:

- -
- -
- -

The go into > Publishing > Import which shows like this:

- -
- -
- -

Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

- -
- -
- -

As for import settings, follow the selection as shown on the screenshot. It is very important that for the PublicPages.lar file the selection Public Pages is made.

- -
- -
- -

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

-

After successful importing, the same steps shall be repeated for the PrivatePages.lar file.

- -
- -
- -

Make sure that Private Pages is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

- -
- -
- -

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:

- -
- -
- -

You can close the left menu area by clicking on the upper left icon:

- -
- -
- -

Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

-

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

- -
- -
- -

Import User Accounts for Testing

-

Click the SW360 Admin menu which is_the right and selection the User item.

- -
- -
- -

At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a user account import file to import in the sw360vagrant project in the folder shared. After the user have been imported successfully, they should appear in the table view.

- -
- -
- -

After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):

- -
- -
- -

Real Login

-

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.

- -
- -
- -

After the successful login, SW360 will look as follows.

- -
- -
- - - - -
- Last modified July 8, 2022: fix(content): Import legacy screenshots for Deploy73 (c558e8f) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Sign in_the icon_the upper left corner. If you did not change the values in configuration."> +

Initial Setup of Liferay 7.3 and sw360

After successful installation, the vagrant ends like the following terminal output:

Then if you open the server with the URL https://localhost:8443/ the following screen should appear:

Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

Sign in_the icon_the upper left corner. If you did not change the values in configuration.rbthe default login is setup@sw360.org and sw360fossy.

After login the sw360 is not setup, thus the server does not display much, but a screen like the following:

User and Login Settings in Liferay

Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:

In this area, go for Security > Password Policies:

Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.

Then, go: in Configuration > Instance Settings > Users >

In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.

Finally, sice Liferay 7.3 some of the bundled modules need to be activated:

  • jquery
  • font awesome

In oder to do this, please select from the Configuration > System Settings > Third Party and go to jquery, select the enablement and click on Update:

Do the same for Font Awesome:

Note that you need to reload the browser or load a new browser window to take changes to effect.

Setup SW360 for Liferay: Import *.lar Files

For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

In order to go ahead, switch to the SW360 area where you can apply site settings:

The go into > Publishing > Import which shows like this:

Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

As for import settings, follow the selection as shown on the screenshot. It is very important that for the PublicPages.lar file the selection Public Pages is made.

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

After successful importing, the same steps shall be repeated for the PrivatePages.lar file.

Make sure that Private Pages is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:

You can close the left menu area by clicking on the upper left icon:

Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

Import User Accounts for Testing

Click the SW360 Admin menu which is_the right and selection the User item.

At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a user account import file to import in the sw360vagrant project in the folder shared. After the user have been imported successfully, they should appear in the table view.

After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):

Real Login

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.

After the successful login, SW360 will look as follows.

Last modified July 8, 2022: fix(content): Import legacy screenshots for Deploy73 (c558e8f)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/deploy-liferay7/index.html b/docs/deployment/legacy/deploy-liferay7/index.html index 4a2bc8f..824478c 100644 --- a/docs/deployment/legacy/deploy-liferay7/index.html +++ b/docs/deployment/legacy/deploy-liferay7/index.html @@ -1,941 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Initial Setup of Liferay 7.2 and sw360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Initial Setup of Liferay 7.2 and sw360

- -
- - - - - - - - - - - - - -
-

Starting SW360 for the First Time

-

So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.

-

Until then, some tasks need to be done manually, after everything has been built up:

-
    -
  • import *.lar files
    • -
  • set password policies not to change after first login (it is annoying when developing)
    • -
  • set the default area to be SW360 when users login to liferay
    • -
  • apply some more settings, like users cannot create accounts on their own
    • -
-

Setup Login

-

After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

- -
- -
- -

Sign in_the icon_the upper left corner. If you did not change the values in configuration.rbthe default login is setup@sw360.org and sw360fossy.

- -
- -
- -

User Settings in SW360

-

Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users > Password Policies and disable change Required if you wish to do so. Click on Save to save the selection.

- -
- -
- -

Then, in Configuration > Instance Settings > Users > Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection.

- -
- -
- -

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in.

- -
- -
- -

Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.

- -
- -
- -

Import *.lar Files

-

Then, in the SW360 area > Publishing > Import klick on the plus sign in order to import the *.lar file for public pages.

- -
- -
- -

As for import settings, follow the selection as shown on the screenshot. It is very important that for the PublicPages.lar file the selection Public Pages is made.

- -
- -
- -

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.

- -
- -
- -

Overwriting and the write as current user needs to be selected.

- -
- -
- -

After successful importing the following view should appear.

- -
- -
- -

The same steps shall be repeated for the PrivatePages.lar file.

- -
- -
- -

Make sure that Private Pages is selected. Follow the other selections made as shown on the screenshots.

- -
- -
- -

Importing permissions …

- -
- -
- -

Mirror with overwriting, use the current author …

- -
- -
- -

Then the successful result should be shown like this:

- -
- -
- -

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

-

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

- -
- -
- -

Import User Accounts for Testing

-

Assuming you are still logged in, the main view of SW360 looks as follows:

- -
- -
- -

Click the SW360 Admin menu which is_the right and selection the User item.

- -
- -
- -

At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.

- -
- -
- -

You can find a user file to import in the sw360vagrant project in the folder shared.

- -
- -
- -

After the user have been imported successfully, they should appear in the table view.

- -
- -
- -

After the user have been imported successfully, they should appear in the table view.

-

Real Login

-

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.

- -
- -
- -

After the successful login, SW360 will look as follows.

- -
- -
- -

After the successful login, SW360 will look as in the following screenshot.

- -
- -
- -

For example, click on Projects to see that no projects have been created so far …

- -
- -
- - - - -
- Last modified July 8, 2022: fix(content): Import legacy screenshots for Deploy7 (c5bf4e6) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Initial Setup of Liferay 7.2 and sw360 | Eclipse SW360 +

Initial Setup of Liferay 7.2 and sw360

Starting SW360 for the First Time

So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.

Until then, some tasks need to be done manually, after everything has been built up:

  • import *.lar files
  • set password policies not to change after first login (it is annoying when developing)
  • set the default area to be SW360 when users login to liferay
  • apply some more settings, like users cannot create accounts on their own

Setup Login

After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

Sign in_the icon_the upper left corner. If you did not change the values in configuration.rbthe default login is setup@sw360.org and sw360fossy.

User Settings in SW360

Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users > Password Policies and disable change Required if you wish to do so. Click on Save to save the selection.

Then, in Configuration > Instance Settings > Users > Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection.

Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in.

Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.

Import *.lar Files

Then, in the SW360 area > Publishing > Import klick on the plus sign in order to import the *.lar file for public pages.

As for import settings, follow the selection as shown on the screenshot. It is very important that for the PublicPages.lar file the selection Public Pages is made.

Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.

Overwriting and the write as current user needs to be selected.

After successful importing the following view should appear.

The same steps shall be repeated for the PrivatePages.lar file.

Make sure that Private Pages is selected. Follow the other selections made as shown on the screenshots.

Importing permissions …

Mirror with overwriting, use the current author …

Then the successful result should be shown like this:

If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

Import User Accounts for Testing

Assuming you are still logged in, the main view of SW360 looks as follows:

Click the SW360 Admin menu which is_the right and selection the User item.

At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.

You can find a user file to import in the sw360vagrant project in the folder shared.

After the user have been imported successfully, they should appear in the table view.

After the user have been imported successfully, they should appear in the table view.

Real Login

One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.

After the successful login, SW360 will look as follows.

After the successful login, SW360 will look as in the following screenshot.

For example, click on Projects to see that no projects have been created so far …

Last modified July 8, 2022: fix(content): Import legacy screenshots for Deploy7 (c5bf4e6)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/deploy-natively-11/index.html b/docs/deployment/legacy/deploy-natively-11/index.html index 9ea6797..46ec921 100644 --- a/docs/deployment/legacy/deploy-natively-11/index.html +++ b/docs/deployment/legacy/deploy-natively-11/index.html @@ -1,928 +1,133 @@ - - - - - - - - - - - - - - - - - - - - -Ubuntu 18.04 LTS, Java 11 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Ubuntu 18.04 LTS, Java 11

-
Bare metal deployment with Ubuntu 18.04 LTS and Java 11
-
- - - - - - - - - - - - - -
-

Introduction

-

We are covering the update for ubuntu 18.04 LTS here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. The author of this guide also uses macosx and homebrew which also works fairly well.

-

Please note that during the time, the dependencies are updated and the version info might change.

-

Overview

-

The installation consists of quite some tasks, as an overview:

-
    -
  1. Java 11
    2. -
  2. Postgresql, if we want to use it instead of hypersonic db
    3. -
  3. CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well
    4. -
  4. Thrift to 0.13, later updated to 0.14
    5. -
  5. Liferay CE 7.3.3 and 7.3.4 has been also tested
    6. -
  6. Adjust /etc/ini.d/tomcat with path of new liferay
    7. -
  7. Adjust $liferay_install variable
    8. -
  8. add Java prerequisites to OSGi container
    9. -
  9. Install couchdb-lucene (2.1)
    10. -
  10. Deploy new version of sw360
    11. -
  11. Go ahead with Liferay steps
    12. -
-

Initial steps

-

In order to “calibrate the system” just run the update / upgrade cycle once:

-

# sudo apt update

-

# sudo apt upgrade

-

PostgreSQL

-

You can go ahead install postgresql 10:

-

sudo apt install postgresql-10

-

or whatever package version is suitable here, for example version 12 for ubuntu 20.04.

-

The configuration for Liferay will come later.

-

CouchDB

-

CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:

-

curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -

-

The add the repo to the sources:

-

echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list

-

Then, add its contents to the package database by updating apt:

-

sudo apt-get update -y

-

Ultimately install CouchDB, we tried with 2.1.2 install:

-

sudo apt-get install -y couchdb=2.1.2~bionic

-

The installer will ask a couple of questions:

-
    -
  1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
    2. -
  2. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in couchdb.properties and place it centrally in /etc/sw360
    3. -
-

In case you added an admin accidentally and would like to remove it,

-

Thrift

-

For thrift, we need version 0.13. The installation script in scripts/install-thrift.sh will help you:

-

sudo ./install-thrift.sh

-

In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13

-

OpenJDK 11

-

First check, what is installed.

-

# sudo apt list openjdk* --installed

-

Then you could check what is available:

-

# sudo apt list openjdk*

-

And install OpenJDK 11

-

# sudo apt install openjdk-11-jdk

-

Then the $JAVA_HOME needs to be updated, most likely in /etc/environment. Please check for your installation how to set the $JAVA_HOME correctly (most likely: JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64).

-

Liferay CE 7.3.3

-

Download Liferay from this link

-

https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz

-

and unpack it, ideally in the /opt directory, so resulting path would look like /opt/liferay-ce-portal-7.3.3-ga4.

-

Then, you need to update the $LIFERAY_INSTALL in /etc/environment from LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.

-

Auto Start

-

For auto start, you need an according init.d entry. It could be a file like /etc/init.d/tomcat. The file could be created if not there already, with the following contents:

-
#!/bin/bash
-
-### BEGIN INIT INFO
-# Provides:        tomcat7
-# Required-Start:  $network
-# Required-Stop:   $network
-# Default-Start:   2 3 4 5
-# Default-Stop:    0 1 6
-# Short-Description: Start/Stop Tomcat server
-### END INIT INFO
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-start() {
- su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh
-}
-
-stop() {
- su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh
-}
-
-case $1 in
-  start|stop) $1;;
-  restart) stop; start;;
-  *) echo "Run as $0 <start|stop|restart>"; exit 1;;
-esac
-

Te user siemagrant is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user.

-

Adjust Memory

-

When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in $LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh should be adapted again.

-

PostgreSQL instead of Hypersonic

-

Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in portal-ext.properties. Please do not forget to create the user and the database in the database server first.

-

Install Prerequisites

-

There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you.

-

https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh

-

An URL for libtrift is:

-

https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar

-

An URL for commons-compress is:

-

https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar

-

If you have downloaded every thing, copy them to the deploy folder of your liferay installation:

-
# cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/
-# cp commons-lang-2.4.jar $LIFERAY_HOME/deploy
-# cp commons-io-2.6.jar $LIFERAY_HOME/deploy
-# cp commons-csv-1.4.jar $LIFERAY_HOME/deploy
-# cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy
-# cp commons-codec-1.12.jar $LIFERAY_HOME/deploy
-# cp commons-compress-1.20.jar $LIFERAY_HOME/deploy
-# cp commons-logging-1.2.jar $LIFERAY_HOME/deploy
-# cp gson-2.8.5.jar $LIFERAY_HOME/deploy
-# cp guava-21.0.jar $LIFERAY_HOME/deploy
-# cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy
-# cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy
-# cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy
-

if you use PostgreSQL as your database, you need to install postgres.jar in Liferay.

-
# wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar
-# cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext
-

[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database.

-

Install Couchdb Lucene

-

SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

-

Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be couchdb-lucene:

-

# wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz

-

Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:

-

https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh

-

Please note that the patching issue is well known in the project and it is unclear why it is not merged:

- -

Deploy New SW360

-

You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using:

-

mvn clean install -DskipTests

-

This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory:

-
# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests
-

Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

-
# cd rest
-# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
-

Final Steps in Liferay

-

Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here:

-

https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3

- - - -
- Last modified November 24, 2022: upd: New base bare metal guide. (d886cf1) -
- -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Ubuntu 18.04 LTS, Java 11 | Eclipse SW360 +

Ubuntu 18.04 LTS, Java 11

Bare metal deployment with Ubuntu 18.04 LTS and Java 11

Introduction

We are covering the update for ubuntu 18.04 LTS here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. The author of this guide also uses macosx and homebrew which also works fairly well.

Please note that during the time, the dependencies are updated and the version info might change.

Overview

The installation consists of quite some tasks, as an overview:

  1. Java 11
  2. Postgresql, if we want to use it instead of hypersonic db
  3. CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well
  4. Thrift to 0.13, later updated to 0.14
  5. Liferay CE 7.3.3 and 7.3.4 has been also tested
  6. Adjust /etc/ini.d/tomcat with path of new liferay
  7. Adjust $liferay_install variable
  8. add Java prerequisites to OSGi container
  9. Install couchdb-lucene (2.1)
  10. Deploy new version of sw360
  11. Go ahead with Liferay steps

Initial steps

In order to “calibrate the system” just run the update / upgrade cycle once:

# sudo apt update

# sudo apt upgrade

PostgreSQL

You can go ahead install postgresql 10:

sudo apt install postgresql-10

or whatever package version is suitable here, for example version 12 for ubuntu 20.04.

The configuration for Liferay will come later.

CouchDB

CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:

curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -

The add the repo to the sources:

echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list

Then, add its contents to the package database by updating apt:

sudo apt-get update -y

Ultimately install CouchDB, we tried with 2.1.2 install:

sudo apt-get install -y couchdb=2.1.2~bionic

The installer will ask a couple of questions:

  1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
  2. Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in couchdb.properties and place it centrally in /etc/sw360

In case you added an admin accidentally and would like to remove it,

Thrift

For thrift, we need version 0.13. The installation script in scripts/install-thrift.sh will help you:

sudo ./install-thrift.sh

In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13

OpenJDK 11

First check, what is installed.

# sudo apt list openjdk* --installed

Then you could check what is available:

# sudo apt list openjdk*

And install OpenJDK 11

# sudo apt install openjdk-11-jdk

Then the $JAVA_HOME needs to be updated, most likely in /etc/environment. Please check for your installation how to set the $JAVA_HOME correctly (most likely: JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64).

Liferay CE 7.3.3

Download Liferay from this link

https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz

and unpack it, ideally in the /opt directory, so resulting path would look like /opt/liferay-ce-portal-7.3.3-ga4.

Then, you need to update the $LIFERAY_INSTALL in /etc/environment from LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.

Auto Start

For auto start, you need an according init.d entry. It could be a file like /etc/init.d/tomcat. The file could be created if not there already, with the following contents:

#!/bin/bash
+
+### BEGIN INIT INFO
+# Provides:        tomcat7
+# Required-Start:  $network
+# Required-Stop:   $network
+# Default-Start:   2 3 4 5
+# Default-Stop:    0 1 6
+# Short-Description: Start/Stop Tomcat server
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+start() {
+ su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh
+}
+
+stop() {
+ su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh
+}
+
+case $1 in
+  start|stop) $1;;
+  restart) stop; start;;
+  *) echo "Run as $0 <start|stop|restart>"; exit 1;;
+esac
+

Te user siemagrant is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user.

Adjust Memory

When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in $LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh should be adapted again.

PostgreSQL instead of Hypersonic

Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in portal-ext.properties. Please do not forget to create the user and the database in the database server first.

Install Prerequisites

There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you.

https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh

An URL for libtrift is:

https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar

An URL for commons-compress is:

https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar

If you have downloaded every thing, copy them to the deploy folder of your liferay installation:

# cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/
+# cp commons-lang-2.4.jar $LIFERAY_HOME/deploy
+# cp commons-io-2.6.jar $LIFERAY_HOME/deploy
+# cp commons-csv-1.4.jar $LIFERAY_HOME/deploy
+# cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy
+# cp commons-codec-1.12.jar $LIFERAY_HOME/deploy
+# cp commons-compress-1.20.jar $LIFERAY_HOME/deploy
+# cp commons-logging-1.2.jar $LIFERAY_HOME/deploy
+# cp gson-2.8.5.jar $LIFERAY_HOME/deploy
+# cp guava-21.0.jar $LIFERAY_HOME/deploy
+# cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy
+# cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy
+# cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy
+

if you use PostgreSQL as your database, you need to install postgres.jar in Liferay.

# wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar
+# cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext
+

[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database.

Install Couchdb Lucene

SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be couchdb-lucene:

# wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz

Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:

https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh

Please note that the patching issue is well known in the project and it is unclear why it is not merged:

Deploy New SW360

You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using:

mvn clean install -DskipTests

This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory:

# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests
+

Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

# cd rest
+# mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
+

Final Steps in Liferay

Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here:

https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3

Last modified November 24, 2022: upd: New base bare metal guide. (d886cf1)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/index.html b/docs/deployment/legacy/index.html index f63c612..c5d96cc 100644 --- a/docs/deployment/legacy/index.html +++ b/docs/deployment/legacy/index.html @@ -1,812 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Legacy Deployment Guides | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Legacy Deployment Guides

-
SW360 Legacy deployment guides
-
- - - - - - - - - - - - - -
- -
- - - - - - - - -
- - -
-
- Native Install -
-

SW360 Native Install Deployment

-
- - -
-
- Initial Setup of Liferay 6.2 and sw360 -
-

-
- - -
-
- Initial Setup of Liferay 7.2 and sw360 -
-

-
- - -
-
- Initial Setup of Liferay 7.3 and sw360 -
-

-
- - -
-
- Ubuntu 18.04 LTS, Java 11 -
-

Bare metal deployment with Ubuntu 18.04 LTS and Java 11

-
- - -
- - - -
- Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6) -
- -
- -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Legacy Deployment Guides | Eclipse SW360 +

Legacy Deployment Guides

SW360 Legacy deployment guides
Native Install

SW360 Native Install Deployment

Initial Setup of Liferay 6.2 and sw360

Initial Setup of Liferay 7.2 and sw360

Initial Setup of Liferay 7.3 and sw360

Ubuntu 18.04 LTS, Java 11

Bare metal deployment with Ubuntu 18.04 LTS and Java 11

Last modified June 28, 2022: fix(docs): Move content to proper areas (8d4a6e6)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/index.xml b/docs/deployment/legacy/index.xml index 7b07af6..715899b 100644 --- a/docs/deployment/legacy/index.xml +++ b/docs/deployment/legacy/index.xml @@ -1,657 +1,472 @@ - - - Eclipse SW360 – Legacy Deployment Guides - https://www.eclipse.org/sw360/docs/deployment/legacy/ - Recent content in Legacy Deployment Guides on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Native Install - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/ - - - - - - - - - Docs: Initial Setup of Liferay 6.2 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ - - - - <h3 id="liferay-administrator-steps">Liferay administrator steps</h3> -<p>This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the <a href="https://github.com/sw360/sw360vagrant">sw360vagrant</a> or the <a href="https://github.com/sw360/sw360chores">sw360chores</a> deployment, the default setup user credentials are <code>setup@sw360.org</code> with the unsafe password <code>sw360fossy</code>.</p> -<ol> -<li> -<p>Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)</p> -</li> -<li> -<p>Go to</p> -<p>Menu Admin -&gt; Item Control Panel -&gt; Section Users, Password Policies -&gt; Default Password Policy -&gt; Actions -&gt; Edit</p> -</li> -<li> -<p>Then</p> -<p>uncheck <code>Change Required</code> and then -save</p> -</li> -<li> -<p>Then we need to grant new users the right to see SW360</p> -<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Default User Associations</p> -<p>check <code>Apply to Existing Users</code> -write in Sites: <code>SW360 </code> -save (on the right)</p> -</li> -<li> -<p>Do not allow stranger to create accounts &hellip;</p> -<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Authentication</p> -<p>uncheck <code>Allow strangers to create ...</code> -uncheck <code>Allow strangers to verify ...</code> -save (on the right)</p> -</li> -<li> -<p>Then, to deactivate self registration</p> -<p>Control Panel -&gt; Authentication -&gt; remove checkmarks for creating accounts by strangers -save (on the right)</p> -<p>Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)</p> -</li> -<li> -<p>Then we go to</p> -<p>Admin -&gt; Pages</p> -</li> -<li> -<p>and import the lar files from</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>frontend/configuration/public_pages.lar -</span></span><span style="display:flex;"><span>frontend/configuration/private_pages.lar -</span></span></code></pre></div><p>for the respective pages, using the tabs <code>Public Pages</code> and <code>Private Pages</code>. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.</p> -</li> -<li> -<p>( DO NOT CHECK Pages -&gt; Change -&gt; Delete Missing Pages)</p> -<p>We check on first page</p> -<p>Application Configuration -&gt; Choose Applications (leave all checked)</p> -<p>Permissions -&gt; Permissions</p> -<p>Permissions -&gt; Permissions Assigned to Roles</p> -<p>=&gt; Click Continue</p> -</li> -<li> -<p>We check on second page of the import agent:</p> -<p>Update Data -&gt; Mirror with overwriting</p> -<p>Authorship of the Content -&gt; Use the Current User as Author</p> -</li> -<li> -<p>If this was successful we can go to</p> -<p>Private Pages -&gt; users</p> -</li> -<li> -<p>We can then import a csv file that looks like that</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash -</span></span><span style="display:flex;"><span> user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK -</span></span></code></pre></div></li> -</ol> -<p>Note that</p> -<pre><code>1. The GID must be unique +Eclipse SW360 – Legacy Deployment Guideshttps://www.eclipse.org/sw360/docs/deployment/legacy/Recent content in Legacy Deployment Guides on Eclipse SW360Hugo -- gohugo.ioDocs: Native Installhttps://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/Docs: Initial Setup of Liferay 6.2 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ +<h3 id="liferay-administrator-steps">Liferay administrator steps</h3> +<p>This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the <a href="https://github.com/sw360/sw360vagrant">sw360vagrant</a> or the <a href="https://github.com/sw360/sw360chores">sw360chores</a> deployment, the default setup user credentials are <code>setup@sw360.org</code> with the unsafe password <code>sw360fossy</code>.</p> +<ol> +<li> +<p>Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)</p> +</li> +<li> +<p>Go to</p> +<p>Menu Admin -&gt; Item Control Panel -&gt; Section Users, Password Policies -&gt; Default Password Policy -&gt; Actions -&gt; Edit</p> +</li> +<li> +<p>Then</p> +<p>uncheck <code>Change Required</code> and then +save</p> +</li> +<li> +<p>Then we need to grant new users the right to see SW360</p> +<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Default User Associations</p> +<p>check <code>Apply to Existing Users</code> +write in Sites: <code>SW360 </code> +save (on the right)</p> +</li> +<li> +<p>Do not allow stranger to create accounts &hellip;</p> +<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Authentication</p> +<p>uncheck <code>Allow strangers to create ...</code> +uncheck <code>Allow strangers to verify ...</code> +save (on the right)</p> +</li> +<li> +<p>Then, to deactivate self registration</p> +<p>Control Panel -&gt; Authentication -&gt; remove checkmarks for creating accounts by strangers +save (on the right)</p> +<p>Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)</p> +</li> +<li> +<p>Then we go to</p> +<p>Admin -&gt; Pages</p> +</li> +<li> +<p>and import the lar files from</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>frontend/configuration/public_pages.lar +</span></span><span style="display:flex;"><span>frontend/configuration/private_pages.lar +</span></span></code></pre></div><p>for the respective pages, using the tabs <code>Public Pages</code> and <code>Private Pages</code>. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.</p> +</li> +<li> +<p>( DO NOT CHECK Pages -&gt; Change -&gt; Delete Missing Pages)</p> +<p>We check on first page</p> +<p>Application Configuration -&gt; Choose Applications (leave all checked)</p> +<p>Permissions -&gt; Permissions</p> +<p>Permissions -&gt; Permissions Assigned to Roles</p> +<p>=&gt; Click Continue</p> +</li> +<li> +<p>We check on second page of the import agent:</p> +<p>Update Data -&gt; Mirror with overwriting</p> +<p>Authorship of the Content -&gt; Use the Current User as Author</p> +</li> +<li> +<p>If this was successful we can go to</p> +<p>Private Pages -&gt; users</p> +</li> +<li> +<p>We can then import a csv file that looks like that</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash +</span></span><span style="display:flex;"><span> user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK +</span></span></code></pre></div></li> +</ol> +<p>Note that</p> +<pre><code>1. The GID must be unique 1. The hash here means &quot;t&quot; 1. The GID is called external Id in the thrift-based datamodel -</code></pre> -<h3 id="some-notes-and-troubleshooting">Some notes and troubleshooting</h3> -<h4 id="check-liferay-configuration-options">Check Liferay Configuration Options</h4> -<p>There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:</p> -<ul> -<li>Auto login or self registration functionality</li> -<li>Site statistics</li> -<li>Password policies</li> -<li>Configurability options</li> -<li>many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options.</li> -</ul> -<h4 id="liferay-crashes-at-startup-with-exception-dockbar">Liferay crashes at startup with exception: Dockbar</h4> -<p>If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem &hellip;).</p> -<h4 id="strange-behavior">Strange behavior</h4> -<p>If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;$CATALINA_OPTS -Xms2048m -Xmx2048m -</span></span><span style="display:flex;"><span>- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m -</span></span><span style="display:flex;"><span>- -XX:MaxPermSize=512m&#34; -</span></span></code></pre></div><p>if you run Java prior to 8.</p> -<h4 id="surfing-to-the-main-page-shows-blank-page-with-exception-message">Surfing to the main page shows blank page with exception message</h4> -<p>If the &ldquo;null pointer page&rdquo; shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).</p> - - - - - - Docs: Initial Setup of Liferay 7.2 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ - - - - <h1 id="starting-sw360-for-the-first-time">Starting SW360 for the First Time</h1> -<p>So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.</p> -<p>Until then, some tasks need to be done manually, after everything has been built up:</p> -<ul> -<li>import *.lar files</li> -<li>set password policies not to change after first login (it is annoying when developing)</li> -<li>set the default area to be SW360 when users login to liferay</li> -<li>apply some more settings, like users cannot create accounts on their own</li> -</ul> -<h1 id="setup-login">Setup Login</h1> -<p>After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png"/> -</figure> - -<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png"/> -</figure> - -<h1 id="user-settings-in-sw360">User Settings in SW360</h1> -<p>Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users &gt; Password Policies and disable <code>change Required</code> if you wish to do so. Click on Save to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt; <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png"/> -</figure> - -<p>Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png"/> -</figure> - -<h1 id="import-lar-files">Import *.lar Files</h1> -<p>Then, in the <code>SW360</code> area &gt; <code>Publishing</code> &gt; <code>Import</code> klick on the plus sign in order to import the *.lar file for public pages.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png"/> -</figure> - -<p>Overwriting and the write as current user needs to be selected.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png"/> -</figure> - -<p>After successful importing the following view should appear.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png"/> -</figure> - -<p>The same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png"/> -</figure> - -<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshots.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png"/> -</figure> - -<p>Importing permissions &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png"/> -</figure> - -<p>Mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png"/> -</figure> - -<p>Then the successful result should be shown like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png"/> -</figure> - -<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> -<p>Assuming you are still logged in, the main view of SW360 looks as follows:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png"/> -</figure> - -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png"/> -</figure> - -<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png"/> -</figure> - -<p>You can find a user file to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view.</p> -<h1 id="real-login">Real Login</h1> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png"/> -</figure> - -<p>After the successful login, SW360 will look as in the following screenshot.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png"/> -</figure> - -<p>For example, click on <code>Projects</code> to see that no projects have been created so far &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png"/> -</figure> - - - - - - - Docs: Initial Setup of Liferay 7.3 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ - - - - <p>After successful installation, the vagrant ends like the following terminal output:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png"/> -</figure> - -<p>Then if you open the server with the URL <code>https://localhost:8443/</code> the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png"/> -</figure> - -<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> -<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png"/> -</figure> - -<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png"/> -</figure> - -<h1 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h1> -<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png"/> -</figure> - -<p>In this area, go for Security &gt; Password Policies:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png"/> -</figure> - -<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png"/> -</figure> - -<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png"/> -</figure> - -<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png"/> -</figure> - -<p>Finally, sice Liferay 7.3 some of the bundled modules need to be activated:</p> -<ul> -<li>jquery</li> -<li>font awesome</li> -</ul> -<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png"/> -</figure> - -<p>Do the same for Font Awesome:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png"/> -</figure> - -<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> -<h1 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h1> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> -<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png"/> -</figure> - -<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png"/> -</figure> - -<p>You can close the left menu area by clicking on the upper left icon:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png"/> -</figure> - -<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png"/> -</figure> - -<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png"/> -</figure> - -<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png"/> -</figure> - -<h1 id="real-login">Real Login</h1> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png"/> -</figure> - - - - - - - Docs: Ubuntu 18.04 LTS, Java 11 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/ - - - - <h2 id="introduction">Introduction</h2> -<p>We are covering the update for ubuntu 18.04 LTS here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. The author of this guide also uses macosx and homebrew which also works fairly well.</p> -<p>Please note that during the time, the dependencies are updated and the version info might change.</p> -<h2 id="overview">Overview</h2> -<p>The installation consists of quite some tasks, as an overview:</p> -<ol start="5"> -<li>Java 11</li> -<li>Postgresql, if we want to use it instead of hypersonic db</li> -<li>CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well</li> -<li>Thrift to 0.13, later updated to 0.14</li> -<li>Liferay CE 7.3.3 and 7.3.4 has been also tested</li> -<li>Adjust <code>/etc/ini.d/tomcat</code> with path of new liferay</li> -<li>Adjust <code>$liferay_install</code> variable</li> -<li>add Java prerequisites to OSGi container</li> -<li>Install couchdb-lucene (2.1)</li> -<li>Deploy new version of sw360</li> -<li>Go ahead with Liferay steps</li> -</ol> -<h2 id="initial-steps">Initial steps</h2> -<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> -<p><code># sudo apt update</code></p> -<p><code># sudo apt upgrade</code></p> -<h2 id="postgresql">PostgreSQL</h2> -<p>You can go ahead install postgresql 10:</p> -<p><code>sudo apt install postgresql-10</code></p> -<p>or whatever package version is suitable here, for example version 12 for ubuntu 20.04.</p> -<p>The configuration for Liferay will come later.</p> -<h2 id="couchdb">CouchDB</h2> -<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:</p> -<p><code>curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -</code></p> -<p>The add the repo to the sources:</p> -<p><code>echo &quot;deb https://apache.bintray.com/couchdb-deb bionic main&quot; | sudo tee -a /etc/apt/sources.list</code></p> -<p>Then, add its contents to the package database by updating apt:</p> -<p><code>sudo apt-get update -y</code></p> -<p>Ultimately install CouchDB, we tried with 2.1.2 install:</p> -<p><code>sudo apt-get install -y couchdb=2.1.2~bionic</code></p> -<p>The installer will ask a couple of questions:</p> -<ol> -<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> -<li>Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> -</ol> -<p>In case you added an admin accidentally and would like to remove it,</p> -<h2 id="thrift">Thrift</h2> -<p>For thrift, we need version 0.13. The installation script in <code>scripts/install-thrift.sh</code> will help you:</p> -<p><code>sudo ./install-thrift.sh</code></p> -<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13</p> -<h2 id="openjdk-11">OpenJDK 11</h2> -<p>First check, what is installed.</p> -<p><code># sudo apt list openjdk* --installed</code></p> -<p>Then you could check what is available:</p> -<p><code># sudo apt list openjdk*</code></p> -<p>And install OpenJDK 11</p> -<p><code># sudo apt install openjdk-11-jdk</code></p> -<p>Then the <code>$JAVA_HOME</code> needs to be updated, most likely in <code>/etc/environment</code>. Please check for your installation how to set the <code>$JAVA_HOME</code> correctly (most likely: <code>JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64</code>).</p> -<h2 id="liferay-ce-733">Liferay CE 7.3.3</h2> -<p>Download Liferay from this link</p> -<p><a href="https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz">https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz</a></p> -<p>and unpack it, ideally in the <code>/opt</code> directory, so resulting path would look like <code>/opt/liferay-ce-portal-7.3.3-ga4</code>.</p> -<p>Then, you need to update the <code>$LIFERAY_INSTALL</code> in <code>/etc/environment</code> from <code>LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ </code> to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.</p> -<h3 id="auto-start">Auto Start</h3> -<p>For auto start, you need an according init.d entry. It could be a file like <code>/etc/init.d/tomcat</code>. The file could be created if not there already, with the following contents:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash -</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### BEGIN INIT INFO</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Provides: tomcat7</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Start: $network</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Stop: $network</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Start: 2 3 4 5</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Stop: 0 1 6</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Short-Description: Start/Stop Tomcat server</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### END INIT INFO</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#033">PATH</span><span style="color:#555">=</span>/sbin:/bin:/usr/sbin:/usr/bin -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>start<span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>stop<span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">case</span> <span style="color:#033">$1</span> in -</span></span><span style="display:flex;"><span> start|stop<span style="color:#555">)</span> <span style="color:#033">$1</span>;; -</span></span><span style="display:flex;"><span> restart<span style="color:#555">)</span> stop; start;; -</span></span><span style="display:flex;"><span> *<span style="color:#555">)</span> <span style="color:#366">echo</span> <span style="color:#c30">&#34;Run as </span><span style="color:#033">$0</span><span style="color:#c30"> &lt;start|stop|restart&gt;&#34;</span>; <span style="color:#366">exit</span> 1;; -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">esac</span> -</span></span></code></pre></div><p>Te user <code>siemagrant</code> is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user.</p> -<h3 id="adjust-memory">Adjust Memory</h3> -<p>When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in <code>$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh</code> should be adapted again.</p> -<h3 id="postgresql-instead-of-hypersonic">PostgreSQL instead of Hypersonic</h3> -<p>Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in <code>portal-ext.properties</code>. Please do not forget to create the user and the database in the database server first.</p> -<h2 id="install-prerequisites">Install Prerequisites</h2> -<p>There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you.</p> -<p><a href="https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh">https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh</a></p> -<p>An URL for libtrift is:</p> -<p><a href="https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar">https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar</a></p> -<p>An URL for commons-compress is:</p> -<p><a href="https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar">https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar</a></p> -<p>If you have downloaded every thing, copy them to the <code>deploy</code> folder of your liferay installation:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ -</span></span><span style="display:flex;"><span># cp commons-lang-2.4.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-io-2.6.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-csv-1.4.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-codec-1.12.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-compress-1.20.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp commons-logging-1.2.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp gson-2.8.5.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp guava-21.0.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span># cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy -</span></span></code></pre></div><p>if you use PostgreSQL as your database, you need to install postgres.jar in Liferay.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar -</span></span><span style="display:flex;"><span># cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext -</span></span></code></pre></div><p>[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database.</p> -<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> -<p>Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be <code>couchdb-lucene</code>:</p> -<p><code># wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz</code></p> -<p>Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:</p> -<p><a href="https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh">https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh</a></p> -<p>Please note that the patching issue is well known in the project and it is unclear why it is not merged:</p> -<ul> -<li><a href="https://github.com/rnewson/couchdb-lucene/issues/161">https://github.com/rnewson/couchdb-lucene/issues/161</a> &ldquo;allow context-root other than &ldquo;/&rdquo; when running in servlet container&rdquo;</li> -<li><a href="https://github.com/rnewson/couchdb-lucene/pull/162">https://github.com/rnewson/couchdb-lucene/pull/162</a></li> -<li><a href="https://github.com/rnewson/couchdb-lucene/pull/152">https://github.com/rnewson/couchdb-lucene/pull/152</a></li> -</ul> -<h2 id="deploy-new-sw360">Deploy New SW360</h2> -<p>You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using:</p> -<p><code>mvn clean install -DskipTests</code></p> -<p>This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>DskipTests -</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> cd rest -</span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> -</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> -<p>Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here:</p> -<p><a href="https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3">https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3</a></p> - - - - - - +</code></pre> +<h3 id="some-notes-and-troubleshooting">Some notes and troubleshooting</h3> +<h4 id="check-liferay-configuration-options">Check Liferay Configuration Options</h4> +<p>There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:</p> +<ul> +<li>Auto login or self registration functionality</li> +<li>Site statistics</li> +<li>Password policies</li> +<li>Configurability options</li> +<li>many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options.</li> +</ul> +<h4 id="liferay-crashes-at-startup-with-exception-dockbar">Liferay crashes at startup with exception: Dockbar</h4> +<p>If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem &hellip;).</p> +<h4 id="strange-behavior">Strange behavior</h4> +<p>If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;$CATALINA_OPTS -Xms2048m -Xmx2048m +</span></span><span style="display:flex;"><span>- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m +</span></span><span style="display:flex;"><span>- -XX:MaxPermSize=512m&#34; +</span></span></code></pre></div><p>if you run Java prior to 8.</p> +<h4 id="surfing-to-the-main-page-shows-blank-page-with-exception-message">Surfing to the main page shows blank page with exception message</h4> +<p>If the &ldquo;null pointer page&rdquo; shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).</p>Docs: Initial Setup of Liferay 7.2 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ +<h1 id="starting-sw360-for-the-first-time">Starting SW360 for the First Time</h1> +<p>So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.</p> +<p>Until then, some tasks need to be done manually, after everything has been built up:</p> +<ul> +<li>import *.lar files</li> +<li>set password policies not to change after first login (it is annoying when developing)</li> +<li>set the default area to be SW360 when users login to liferay</li> +<li>apply some more settings, like users cannot create accounts on their own</li> +</ul> +<h1 id="setup-login">Setup Login</h1> +<p>After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png"/> +</figure> +<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png"/> +</figure> +<h1 id="user-settings-in-sw360">User Settings in SW360</h1> +<p>Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users &gt; Password Policies and disable <code>change Required</code> if you wish to do so. Click on Save to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt; <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png"/> +</figure> +<p>Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png"/> +</figure> +<h1 id="import-lar-files">Import *.lar Files</h1> +<p>Then, in the <code>SW360</code> area &gt; <code>Publishing</code> &gt; <code>Import</code> klick on the plus sign in order to import the *.lar file for public pages.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png"/> +</figure> +<p>Overwriting and the write as current user needs to be selected.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png"/> +</figure> +<p>After successful importing the following view should appear.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png"/> +</figure> +<p>The same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png"/> +</figure> +<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshots.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png"/> +</figure> +<p>Importing permissions &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png"/> +</figure> +<p>Mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png"/> +</figure> +<p>Then the successful result should be shown like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png"/> +</figure> +<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> +<p>Assuming you are still logged in, the main view of SW360 looks as follows:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png"/> +</figure> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png"/> +</figure> +<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png"/> +</figure> +<p>You can find a user file to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view.</p> +<h1 id="real-login">Real Login</h1> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png"/> +</figure> +<p>After the successful login, SW360 will look as in the following screenshot.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png"/> +</figure> +<p>For example, click on <code>Projects</code> to see that no projects have been created so far &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png"/> +</figure>Docs: Initial Setup of Liferay 7.3 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ +<p>After successful installation, the vagrant ends like the following terminal output:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png"/> +</figure> +<p>Then if you open the server with the URL <code>https://localhost:8443/</code> the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png"/> +</figure> +<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png"/> +</figure> +<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png"/> +</figure> +<h1 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h1> +<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png"/> +</figure> +<p>In this area, go for Security &gt; Password Policies:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png"/> +</figure> +<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png"/> +</figure> +<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png"/> +</figure> +<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png"/> +</figure> +<p>Finally, sice Liferay 7.3 some of the bundled modules need to be activated:</p> +<ul> +<li>jquery</li> +<li>font awesome</li> +</ul> +<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png"/> +</figure> +<p>Do the same for Font Awesome:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png"/> +</figure> +<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> +<h1 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h1> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png"/> +</figure> +<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png"/> +</figure> +<p>You can close the left menu area by clicking on the upper left icon:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png"/> +</figure> +<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png"/> +</figure> +<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png"/> +</figure> +<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png"/> +</figure> +<h1 id="real-login">Real Login</h1> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png"/> +</figure>Docs: Ubuntu 18.04 LTS, Java 11https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/ +<h2 id="introduction">Introduction</h2> +<p>We are covering the update for ubuntu 18.04 LTS here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases. The author of this guide also uses macosx and homebrew which also works fairly well.</p> +<p>Please note that during the time, the dependencies are updated and the version info might change.</p> +<h2 id="overview">Overview</h2> +<p>The installation consists of quite some tasks, as an overview:</p> +<ol start="5"> +<li>Java 11</li> +<li>Postgresql, if we want to use it instead of hypersonic db</li> +<li>CouchDB 2.X at the time of starting this guide, but 3.1.X seems to work well</li> +<li>Thrift to 0.13, later updated to 0.14</li> +<li>Liferay CE 7.3.3 and 7.3.4 has been also tested</li> +<li>Adjust <code>/etc/ini.d/tomcat</code> with path of new liferay</li> +<li>Adjust <code>$liferay_install</code> variable</li> +<li>add Java prerequisites to OSGi container</li> +<li>Install couchdb-lucene (2.1)</li> +<li>Deploy new version of sw360</li> +<li>Go ahead with Liferay steps</li> +</ol> +<h2 id="initial-steps">Initial steps</h2> +<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> +<p><code># sudo apt update</code></p> +<p><code># sudo apt upgrade</code></p> +<h2 id="postgresql">PostgreSQL</h2> +<p>You can go ahead install postgresql 10:</p> +<p><code>sudo apt install postgresql-10</code></p> +<p>or whatever package version is suitable here, for example version 12 for ubuntu 20.04.</p> +<p>The configuration for Liferay will come later.</p> +<h2 id="couchdb">CouchDB</h2> +<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDB package repository to install it, first the key for signing:</p> +<p><code>curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -</code></p> +<p>The add the repo to the sources:</p> +<p><code>echo &quot;deb https://apache.bintray.com/couchdb-deb bionic main&quot; | sudo tee -a /etc/apt/sources.list</code></p> +<p>Then, add its contents to the package database by updating apt:</p> +<p><code>sudo apt-get update -y</code></p> +<p>Ultimately install CouchDB, we tried with 2.1.2 install:</p> +<p><code>sudo apt-get install -y couchdb=2.1.2~bionic</code></p> +<p>The installer will ask a couple of questions:</p> +<ol> +<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> +<li>Admin user: For fresh installation for sure a very good idea. You can set the password at sw360 for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> +</ol> +<p>In case you added an admin accidentally and would like to remove it,</p> +<h2 id="thrift">Thrift</h2> +<p>For thrift, we need version 0.13. The installation script in <code>scripts/install-thrift.sh</code> will help you:</p> +<p><code>sudo ./install-thrift.sh</code></p> +<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.13</p> +<h2 id="openjdk-11">OpenJDK 11</h2> +<p>First check, what is installed.</p> +<p><code># sudo apt list openjdk* --installed</code></p> +<p>Then you could check what is available:</p> +<p><code># sudo apt list openjdk*</code></p> +<p>And install OpenJDK 11</p> +<p><code># sudo apt install openjdk-11-jdk</code></p> +<p>Then the <code>$JAVA_HOME</code> needs to be updated, most likely in <code>/etc/environment</code>. Please check for your installation how to set the <code>$JAVA_HOME</code> correctly (most likely: <code>JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64</code>).</p> +<h2 id="liferay-ce-733">Liferay CE 7.3.3</h2> +<p>Download Liferay from this link</p> +<p><a href="https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz">https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz</a></p> +<p>and unpack it, ideally in the <code>/opt</code> directory, so resulting path would look like <code>/opt/liferay-ce-portal-7.3.3-ga4</code>.</p> +<p>Then, you need to update the <code>$LIFERAY_INSTALL</code> in <code>/etc/environment</code> from <code>LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ </code> to `LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.</p> +<h3 id="auto-start">Auto Start</h3> +<p>For auto start, you need an according init.d entry. It could be a file like <code>/etc/init.d/tomcat</code>. The file could be created if not there already, with the following contents:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash +</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### BEGIN INIT INFO</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Provides: tomcat7</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Start: $network</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Stop: $network</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Start: 2 3 4 5</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Stop: 0 1 6</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Short-Description: Start/Stop Tomcat server</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### END INIT INFO</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#033">PATH</span><span style="color:#555">=</span>/sbin:/bin:/usr/sbin:/usr/bin +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>start<span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>stop<span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">case</span> <span style="color:#033">$1</span> in +</span></span><span style="display:flex;"><span> start|stop<span style="color:#555">)</span> <span style="color:#033">$1</span>;; +</span></span><span style="display:flex;"><span> restart<span style="color:#555">)</span> stop; start;; +</span></span><span style="display:flex;"><span> *<span style="color:#555">)</span> <span style="color:#366">echo</span> <span style="color:#c30">&#34;Run as </span><span style="color:#033">$0</span><span style="color:#c30"> &lt;start|stop|restart&gt;&#34;</span>; <span style="color:#366">exit</span> 1;; +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">esac</span> +</span></span></code></pre></div><p>Te user <code>siemagrant</code> is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server should run under. In the ideal case, it is unprivileged user.</p> +<h3 id="adjust-memory">Adjust Memory</h3> +<p>When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in <code>$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh</code> should be adapted again.</p> +<h3 id="postgresql-instead-of-hypersonic">PostgreSQL instead of Hypersonic</h3> +<p>Liferay CE comes with the hypersonic database. Just for making a long-term setup in the berginning, we are advising to use postgresql from the start. The settings for postgrsql can be found in <code>portal-ext.properties</code>. Please do not forget to create the user and the database in the database server first.</p> +<h2 id="install-prerequisites">Install Prerequisites</h2> +<p>There are some install libraries to be downloaded and installed as OSGi modules. You can check the download script from the sw360vaghrant project for list of URLs that help you.</p> +<p><a href="https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh">https://github.com/sw360/sw360vagrant/blob/master/download-packages.sh</a></p> +<p>An URL for libtrift is:</p> +<p><a href="https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar">https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar</a></p> +<p>An URL for commons-compress is:</p> +<p><a href="https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar">https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar</a></p> +<p>If you have downloaded every thing, copy them to the <code>deploy</code> folder of your liferay installation:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># cp libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +</span></span><span style="display:flex;"><span># cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-io-2.6.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-collections4-4.4.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp gson-2.8.5.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp guava-21.0.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp jackson-annotations-2.11.3.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp jackson-core-2.11.3.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span># cp jackson-databind-2.11.3.jar $LIFERAY_HOME/deploy +</span></span></code></pre></div><p>if you use PostgreSQL as your database, you need to install postgres.jar in Liferay.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># wget https://jdbc.postgresql.org/download/postgresql-42.2.9.jar postgresql-42.2.9.jar +</span></span><span style="display:flex;"><span># cp postgresql-42.2.9.jar $LIFERAY_HOME/tomcat-9.0.33/lib/ext +</span></span></code></pre></div><p>[Note] In case you use other database with Liferay, you need to set other jar file of corresponding database.</p> +<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main issue here is that it requires a patch for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> +<p>Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be <code>couchdb-lucene</code>:</p> +<p><code># wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz</code></p> +<p>Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:</p> +<p><a href="https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh">https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh</a></p> +<p>Please note that the patching issue is well known in the project and it is unclear why it is not merged:</p> +<ul> +<li><a href="https://github.com/rnewson/couchdb-lucene/issues/161">https://github.com/rnewson/couchdb-lucene/issues/161</a> &ldquo;allow context-root other than &ldquo;/&rdquo; when running in servlet container&rdquo;</li> +<li><a href="https://github.com/rnewson/couchdb-lucene/pull/162">https://github.com/rnewson/couchdb-lucene/pull/162</a></li> +<li><a href="https://github.com/rnewson/couchdb-lucene/pull/152">https://github.com/rnewson/couchdb-lucene/pull/152</a></li> +</ul> +<h2 id="deploy-new-sw360">Deploy New SW360</h2> +<p>You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 (or later) or some few commits before that. Then build in the sw360 project root using:</p> +<p><code>mvn clean install -DskipTests</code></p> +<p>This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same directory:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>DskipTests +</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> cd rest +</span></span><span style="display:flex;"><span><span style="color:#a00;background-color:#faa">#</span> mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> +</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> +<p>Liferay CE 7.3 will need to have some manual steps applied in order to complete the setup. Unfortunately, these cannot be automated (if you know how, please let us know). For earlier versions of Liferay, please refer to the main wiki page. For Liferay CE 7.3.3 please continue here:</p> +<p><a href="https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3">https://github.com/eclipse/sw360/wiki/Deploy-Liferay7.3</a></p> \ No newline at end of file diff --git a/docs/deployment/legacy/nativeinstall/index.html b/docs/deployment/legacy/nativeinstall/index.html index ba40344..76e809e 100644 --- a/docs/deployment/legacy/nativeinstall/index.html +++ b/docs/deployment/legacy/nativeinstall/index.html @@ -1,790 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Native Install | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Native Install

-
SW360 Native Install Deployment
-
- - - - - - - - - - - - - -
- -
- - - - - - - - -
- - -
-
- Native Install v14 and v16 -
-

Native-Install-Version-14-and-Version-16

-
- - -
-
- Native Install v17 -
-

Native-Install-Version-17

-
- - -
- - - -
- Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
- -
- -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Native Install | Eclipse SW360 +

Native Install

SW360 Native Install Deployment
Native Install v14 and v16

Native-Install-Version-14-and-Version-16

Native Install v17

Native-Install-Version-17

Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
+ + + \ No newline at end of file diff --git a/docs/deployment/legacy/nativeinstall/index.xml b/docs/deployment/legacy/nativeinstall/index.xml index a9405a5..2fd35e0 100644 --- a/docs/deployment/legacy/nativeinstall/index.xml +++ b/docs/deployment/legacy/nativeinstall/index.xml @@ -1,2570 +1,2394 @@ - - - Eclipse SW360 – Native Install - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/ - Recent content in Native Install on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Native Install v14 and v16 - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/ - - - - <h1 id="how-to-install-and-run-sw360-v1600">How to install and run SW360 v16.0.0</h1> -<h1 id="these-instructions-worked-on-ubuntu-2004-and-has-detailed-explanations-for-newcomers">These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.</h1> -<h3 id="this-is-a-guide-with-detailed-explanation-of-how-to-install-and-run-sw360-natively-on-you-local-machine">This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.</h3> -<h3 id="it-includes-installation-of-all-dependencies-manually-which-will-not-use-docker-or-other-container-system-during-the-installation-or-run">It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.</h3> -<p>SW360 is an Open Source project. The <a href="https://www.eclipse.org/sw360/docs/">SW360</a> repository and <a href="https://github.com/eclipse/sw360.website">SW360 website</a> repositories are published on GitHub.</p> -<h2 id="in-this-file-you-will-find-how-to">In this file you will find how to:</h2> -<ul> -<li>Install SW360 and its dependencies</li> -<li>Run SW360 and its dependencies</li> -<li>Check all services are working</li> -<li>Be aware of cautions and notes</li> -</ul> -<h2 id="what-does-sw360-use-to-construct-the-ui">What does SW360 use to construct the UI.</h2> -<ul> -<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a> - Java is a class-based, object-oriented programming language.</li> -<li><a href="https://maven.apache.org/install.html">Maven</a> - Maven is a build automation tool for Java projects.</li> -<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a> - Liferay is a Java-based web application platform for the development of customizable portals and websites. -And Apache Tomcat provides a &ldquo;pure Java&rdquo; HTTP web server environment in which Java code can run.</li> -<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a> - PostgreSQL or Postgres, is a relational database management system.</li> -<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">Couchdb</a> - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API.</li> -<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a> - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures).</li> -</ul> -<h2 id="1-install-sw360-and-its-dependencies">1. Install SW360 and its dependencies</h2> -<h3 id="11-clone-the-sw360-github-repository-and-checkout-to-stable-version">1.1 Clone the SW360 Github repository and checkout to stable version.</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360/ -</span></span><span style="display:flex;"><span>$ git checkout sw360-16.0.0-M1 -</span></span></code></pre></div><blockquote> -<p>Check if you have correct repository version</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git branch -</span></span></code></pre></div><h3 id="12-install-java-maven">1.2. Install Java, Maven</h3> -<blockquote> -<p>Install java and maven:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install openjdk-11-jre-headless -</span></span></code></pre></div><blockquote> -<p>You may use this &ldquo;$ sudo apt install default-jdk&rdquo; command instead. -Check if java is installed:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ java --version <span style="color:#555">[</span>check<span style="color:#555">]</span> -</span></span></code></pre></div><blockquote> -<p>Install maven:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update -</span></span><span style="display:flex;"><span>$ sudo apt install maven -</span></span></code></pre></div><blockquote> -<p>Check if Maven is installed:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn --version -</span></span></code></pre></div><h3 id="13-install-liferay-portal-and-its-dependencies">1.3. Install Liferay portal and its dependencies</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ ./scripts/docker-config/download_dependencies.sh -</span></span><span style="display:flex;"><span>$ ls -la ./deps <span style="color:#555">[</span>check <span style="color:#069;font-weight:bold">if</span> all dependencies have proper sizes<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span>$ ./scripts/install-thrift.sh -</span></span><span style="display:flex;"><span>$ thrift --version <span style="color:#555">[</span>check<span style="color:#555">]</span> -</span></span></code></pre></div><blockquote> -<p>After this step, check whether the &ldquo;./deps/jars/libthriftxxx.jar&rdquo; has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -</span></span><span style="display:flex;"><span>$ mv libthrift-0.16.0.jar ./deps/jars -</span></span></code></pre></div><blockquote> -<p>Once the correct Thrift library is found, install Liferay and copy dependency &ldquo;.jar&rdquo; files under &ldquo;liferay_xxx/osgi/modules&rdquo; folder:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz -</span></span><span style="display:flex;"><span>$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/ -</span></span></code></pre></div><blockquote> -<p>Now set all environment variables of SW360 path to your local &ldquo;.bashrc&rdquo;: -You may use other text editor instead of vim.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc -</span></span></code></pre></div><blockquote> -<p>Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">JAVA_HOME</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>dirname <span style="color:#069;font-weight:bold">$(</span>dirname <span style="color:#069;font-weight:bold">$(</span>readlink -f <span style="color:#069;font-weight:bold">$(</span>which java<span style="color:#069;font-weight:bold">))))</span> -</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$PATH</span>:<span style="color:#033">$JAVA_HOME</span>/bin -</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL</span><span style="color:#555">=</span><span style="color:#c30">&#34;/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#555">=</span><span style="color:#c30">&#34;{absolute path to sw360 repository folder}/sw360&#34;</span> -</span></span></code></pre></div><blockquote> -<p>Save the .bashrc file and run it:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">source</span> ~/.bashrc -</span></span></code></pre></div><h3 id="14-make-and-build-sw360">1.4. Make and build SW360</h3> -<blockquote> -<p>Go to sw360 repository folder firstly.</p> -</blockquote> -<blockquote> -<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim frontend/configuration/setenv.sh -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># The following settings should be adapted to your needs</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_MEMORY_MIN</span><span style="color:#555">=</span><span style="color:#c30">&#34;3g&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_MEMORY_MAX</span><span style="color:#555">=</span><span style="color:#c30">&#34;6g&#34;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># The following settings should not be touched unless you know what you are doing</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Misconfiguration may be lead to an unusable instance.</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dfile.encoding=UTF8&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Duser.timezone=GMT&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Xms</span><span style="color:#a00">${</span><span style="color:#033">JAVA_MEMORY_MIN</span><span style="color:#a00">}</span><span style="color:#c30"> -Xmx</span><span style="color:#a00">${</span><span style="color:#033">JAVA_MEMORY_MAX</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:+UseG1GC&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:+CMSParallelRemarkEnabled&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:SurvivorRatio=20&#34;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dlog4j2.formatMsgNoLookups=true&#34;</span> -</span></span></code></pre></div><blockquote> -<p>Then we can type the following command to install: -&ldquo;sudo&rdquo; might not be necessary, and this will take time, around 5 min]</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean -</span></span><span style="display:flex;"><span>$ sudo mvn install -DskipTests -</span></span></code></pre></div><blockquote> -<p>If the installation was successful, then need to deploy the project to be able to run. -Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just &ldquo;tomcat-9.0.33&rdquo;.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo mvn package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/deploy -Dbackend.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/tomcat-<span style="color:#555">{</span>existing version 9.0.33<span style="color:#555">}</span>/webapps -Drest.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/tomcat-<span style="color:#555">{</span>existing version 9.0.33<span style="color:#555">}</span>/webapps -DskipTests -</span></span></code></pre></div><blockquote> -<p>This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. +Eclipse SW360 – Native Installhttps://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/Recent content in Native Install on Eclipse SW360Hugo -- gohugo.ioDocs: Native Install v14 and v16https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/ +<h1 id="how-to-install-and-run-sw360-v1600">How to install and run SW360 v16.0.0</h1> +<h1 id="these-instructions-worked-on-ubuntu-2004-and-has-detailed-explanations-for-newcomers">These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.</h1> +<h3 id="this-is-a-guide-with-detailed-explanation-of-how-to-install-and-run-sw360-natively-on-you-local-machine">This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.</h3> +<h3 id="it-includes-installation-of-all-dependencies-manually-which-will-not-use-docker-or-other-container-system-during-the-installation-or-run">It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.</h3> +<p>SW360 is an Open Source project. The <a href="https://www.eclipse.org/sw360/docs/">SW360</a> repository and <a href="https://github.com/eclipse/sw360.website">SW360 website</a> repositories are published on GitHub.</p> +<h2 id="in-this-file-you-will-find-how-to">In this file you will find how to:</h2> +<ul> +<li>Install SW360 and its dependencies</li> +<li>Run SW360 and its dependencies</li> +<li>Check all services are working</li> +<li>Be aware of cautions and notes</li> +</ul> +<h2 id="what-does-sw360-use-to-construct-the-ui">What does SW360 use to construct the UI.</h2> +<ul> +<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a> - Java is a class-based, object-oriented programming language.</li> +<li><a href="https://maven.apache.org/install.html">Maven</a> - Maven is a build automation tool for Java projects.</li> +<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a> - Liferay is a Java-based web application platform for the development of customizable portals and websites. +And Apache Tomcat provides a &ldquo;pure Java&rdquo; HTTP web server environment in which Java code can run.</li> +<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a> - PostgreSQL or Postgres, is a relational database management system.</li> +<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">Couchdb</a> - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API.</li> +<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a> - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures).</li> +</ul> +<h2 id="1-install-sw360-and-its-dependencies">1. Install SW360 and its dependencies</h2> +<h3 id="11-clone-the-sw360-github-repository-and-checkout-to-stable-version">1.1 Clone the SW360 Github repository and checkout to stable version.</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360/ +</span></span><span style="display:flex;"><span>$ git checkout sw360-16.0.0-M1 +</span></span></code></pre></div><blockquote> +<p>Check if you have correct repository version</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git branch +</span></span></code></pre></div><h3 id="12-install-java-maven">1.2. Install Java, Maven</h3> +<blockquote> +<p>Install java and maven:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install openjdk-11-jre-headless +</span></span></code></pre></div><blockquote> +<p>You may use this &ldquo;$ sudo apt install default-jdk&rdquo; command instead. +Check if java is installed:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ java --version <span style="color:#555">[</span>check<span style="color:#555">]</span> +</span></span></code></pre></div><blockquote> +<p>Install maven:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update +</span></span><span style="display:flex;"><span>$ sudo apt install maven +</span></span></code></pre></div><blockquote> +<p>Check if Maven is installed:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn --version +</span></span></code></pre></div><h3 id="13-install-liferay-portal-and-its-dependencies">1.3. Install Liferay portal and its dependencies</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ ./scripts/docker-config/download_dependencies.sh +</span></span><span style="display:flex;"><span>$ ls -la ./deps <span style="color:#555">[</span>check <span style="color:#069;font-weight:bold">if</span> all dependencies have proper sizes<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span>$ ./scripts/install-thrift.sh +</span></span><span style="display:flex;"><span>$ thrift --version <span style="color:#555">[</span>check<span style="color:#555">]</span> +</span></span></code></pre></div><blockquote> +<p>After this step, check whether the &ldquo;./deps/jars/libthriftxxx.jar&rdquo; has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar +</span></span><span style="display:flex;"><span>$ mv libthrift-0.16.0.jar ./deps/jars +</span></span></code></pre></div><blockquote> +<p>Once the correct Thrift library is found, install Liferay and copy dependency &ldquo;.jar&rdquo; files under &ldquo;liferay_xxx/osgi/modules&rdquo; folder:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz +</span></span><span style="display:flex;"><span>$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/ +</span></span></code></pre></div><blockquote> +<p>Now set all environment variables of SW360 path to your local &ldquo;.bashrc&rdquo;: +You may use other text editor instead of vim.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc +</span></span></code></pre></div><blockquote> +<p>Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">JAVA_HOME</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>dirname <span style="color:#069;font-weight:bold">$(</span>dirname <span style="color:#069;font-weight:bold">$(</span>readlink -f <span style="color:#069;font-weight:bold">$(</span>which java<span style="color:#069;font-weight:bold">))))</span> +</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$PATH</span>:<span style="color:#033">$JAVA_HOME</span>/bin +</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL</span><span style="color:#555">=</span><span style="color:#c30">&#34;/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#366">export</span> <span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#555">=</span><span style="color:#c30">&#34;{absolute path to sw360 repository folder}/sw360&#34;</span> +</span></span></code></pre></div><blockquote> +<p>Save the .bashrc file and run it:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">source</span> ~/.bashrc +</span></span></code></pre></div><h3 id="14-make-and-build-sw360">1.4. Make and build SW360</h3> +<blockquote> +<p>Go to sw360 repository folder firstly.</p> +</blockquote> +<blockquote> +<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim frontend/configuration/setenv.sh +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># The following settings should be adapted to your needs</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_MEMORY_MIN</span><span style="color:#555">=</span><span style="color:#c30">&#34;3g&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_MEMORY_MAX</span><span style="color:#555">=</span><span style="color:#c30">&#34;6g&#34;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># The following settings should not be touched unless you know what you are doing</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Misconfiguration may be lead to an unusable instance.</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dfile.encoding=UTF8&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Duser.timezone=GMT&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Xms</span><span style="color:#a00">${</span><span style="color:#033">JAVA_MEMORY_MIN</span><span style="color:#a00">}</span><span style="color:#c30"> -Xmx</span><span style="color:#a00">${</span><span style="color:#033">JAVA_MEMORY_MAX</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:+UseG1GC&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:+CMSParallelRemarkEnabled&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -XX:SurvivorRatio=20&#34;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#033">JAVA_OPTS</span><span style="color:#555">=</span><span style="color:#c30">&#34;</span><span style="color:#033">$JAVA_OPTS</span><span style="color:#c30"> -Dlog4j2.formatMsgNoLookups=true&#34;</span> +</span></span></code></pre></div><blockquote> +<p>Then we can type the following command to install: +&ldquo;sudo&rdquo; might not be necessary, and this will take time, around 5 min]</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean +</span></span><span style="display:flex;"><span>$ sudo mvn install -DskipTests +</span></span></code></pre></div><blockquote> +<p>If the installation was successful, then need to deploy the project to be able to run. +Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just &ldquo;tomcat-9.0.33&rdquo;.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo mvn package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/deploy -Dbackend.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/tomcat-<span style="color:#555">{</span>existing version 9.0.33<span style="color:#555">}</span>/webapps -Drest.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/tomcat-<span style="color:#555">{</span>existing version 9.0.33<span style="color:#555">}</span>/webapps -DskipTests +</span></span></code></pre></div><blockquote> +<p>This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. This will take time, around 5 - 10 min. -After deploying the project, you should copy the portal-ext.properties to the place of the Liferay.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cp frontend/configuration/portal-ext.properties <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/ -</span></span></code></pre></div><blockquote> -<p>Then modify the file: setup.wizard.enabled=false -&gt; setup.wizard.enabled=true -Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cp -r scripts/docker-config/etc_sw360/* /etc/sw360/ -</span></span></code></pre></div><blockquote> -<p>After this step, you should be able to run Tomcat server and see the index page of SW360 portal. <a href="http://localhost:8080">Check SW360</a></p> -</blockquote> -<h3 id="15-install-postgresql">1.5. Install PostgreSQL</h3> -<blockquote> -<p>Install PostgerSQL manually, you can install through &ldquo;apt install&rdquo; too:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install zlib1g-dev -y -</span></span><span style="display:flex;"><span>$ sudo apt install libreadline-dev -y -</span></span><span style="display:flex;"><span>$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz -</span></span><span style="display:flex;"><span>$ tar -xvf postgresql-10.14.tar.gz -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> postgresql-10.14/ -</span></span><span style="display:flex;"><span>$ mkdir -p /PATH_TO/sw360postgres -</span></span><span style="display:flex;"><span>$ ./configure -prefix<span style="color:#555">=</span>/PATH_TO/sw360postgres -</span></span><span style="display:flex;"><span>$ make -</span></span><span style="display:flex;"><span>$ sudo make install -</span></span></code></pre></div><blockquote> -<p>Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc -</span></span></code></pre></div><blockquote> -<p>Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as &ldquo;/home/username&rdquo;:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/bin:<span style="color:#033">$PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGDATA</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/data -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LD_LIBRARY_PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/lib -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGPORT</span><span style="color:#555">=</span><span style="color:#f60">5432</span> -</span></span></code></pre></div><blockquote> -<p>Check if paths have been set, result must be the absolute paths:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGDATA</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$LD_LIBRARY_PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGPORT</span> -</span></span></code></pre></div><blockquote> -<p>After paths are set, postgres service can be run:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /PATH_TO/sw360postgres/bin -</span></span><span style="display:flex;"><span>$ ./initdb --encoding<span style="color:#555">=</span>UTF8 --no-locale -</span></span><span style="display:flex;"><span>$ ./pg_ctl start -</span></span></code></pre></div><blockquote> -<p>You will see that the server has started. -Note: If you installed through &ldquo;apt install&rdquo; then start the postgres service by following command, where after @ comes the installed version, if postgres isn&rsquo;t running you won&rsquo;t be able to connect to the server, and the error message is not explaining well that server isn&rsquo;t actually running at the moment:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo systemctl status postgresql@12-main.service -</span></span><span style="display:flex;"><span>sudo systemctl start postgresql@12-main.service -</span></span></code></pre></div><p>Normally, Default postgres creates user &ldquo;postgres&rdquo; with &ldquo;postgres&rdquo; password, use that to enter PostgreSQL terminal:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo -i -u postgres -</span></span><span style="display:flex;"><span>$ psql -</span></span></code></pre></div><blockquote> -<p>You will be logged in as user named &ldquo;postgres&rdquo;.</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql postgres -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \du</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># create database lportal;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER USER postgres WITH PASSWORD &#39;sw360fossy&#39;;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER ROLE postgres with superuser;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \q</span> -</span></span></code></pre></div><blockquote> -<p>Connect to postgres shell, and check users information</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql -d lportal -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \du</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \dt</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \l</span> -</span></span></code></pre></div><h3 id="16-install-couch-db">1.6. Install Couch DB</h3> -<blockquote> -<p>To install from aptitute type:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update -</span></span><span style="display:flex;"><span>$ sudo apt install -y couchdb -</span></span></code></pre></div><blockquote> -<p>You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials.</p> -</blockquote> -<blockquote> -<p>After, run CouchDb service, check if it&rsquo;s working:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service -</span></span></code></pre></div><blockquote> -<p>Check if CouchDB is responding:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ curl localhost:5984 -</span></span></code></pre></div><blockquote> -<p>This should return json containing version information -You can use &ldquo;start/stop/status/restart&rdquo; command with systemctl for controlling CouchDB service.</p> -</blockquote> -<h3 id="17-install-cve-search">1.7. Install CVE-Search</h3> -<blockquote> -<p>Follow these detailed instructions:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#555">[</span>https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst<span style="color:#555">]</span> -</span></span></code></pre></div><blockquote> -<p>To connect it to SW360, see following instructions:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ -</span></span></code></pre></div><h5 id="notes">Notes:</h5> -<ul> -<li>In the instruction be careful with setting apt link for mongodb, if somehow it destroys your &ldquo;sudo apt update&rdquo; command, go to &ldquo;/etc/apt/sources.list&rdquo; file and comment out the broken line, that&rsquo;s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.</li> -</ul> -<h3 id="18-configure-sw360">1.8. Configure SW360</h3> -<blockquote> -<p>Before going to configuration page, need to start the Liferay Tomcat server:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#555">{</span>path to sw360 installation<span style="color:#555">}</span>/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh -</span></span></code></pre></div><blockquote> -<p>You can use &hellip;bin/shutdown.sh script to stop the server. +After deploying the project, you should copy the portal-ext.properties to the place of the Liferay.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cp frontend/configuration/portal-ext.properties <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL</span><span style="color:#a00">}</span>/ +</span></span></code></pre></div><blockquote> +<p>Then modify the file: setup.wizard.enabled=false -&gt; setup.wizard.enabled=true +Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>cp -r scripts/docker-config/etc_sw360/* /etc/sw360/ +</span></span></code></pre></div><blockquote> +<p>After this step, you should be able to run Tomcat server and see the index page of SW360 portal. <a href="http://localhost:8080">Check SW360</a></p> +</blockquote> +<h3 id="15-install-postgresql">1.5. Install PostgreSQL</h3> +<blockquote> +<p>Install PostgerSQL manually, you can install through &ldquo;apt install&rdquo; too:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install zlib1g-dev -y +</span></span><span style="display:flex;"><span>$ sudo apt install libreadline-dev -y +</span></span><span style="display:flex;"><span>$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +</span></span><span style="display:flex;"><span>$ tar -xvf postgresql-10.14.tar.gz +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> postgresql-10.14/ +</span></span><span style="display:flex;"><span>$ mkdir -p /PATH_TO/sw360postgres +</span></span><span style="display:flex;"><span>$ ./configure -prefix<span style="color:#555">=</span>/PATH_TO/sw360postgres +</span></span><span style="display:flex;"><span>$ make +</span></span><span style="display:flex;"><span>$ sudo make install +</span></span></code></pre></div><blockquote> +<p>Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc +</span></span></code></pre></div><blockquote> +<p>Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as &ldquo;/home/username&rdquo;:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/bin:<span style="color:#033">$PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGDATA</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/data +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LD_LIBRARY_PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/lib +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGPORT</span><span style="color:#555">=</span><span style="color:#f60">5432</span> +</span></span></code></pre></div><blockquote> +<p>Check if paths have been set, result must be the absolute paths:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGDATA</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$LD_LIBRARY_PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGPORT</span> +</span></span></code></pre></div><blockquote> +<p>After paths are set, postgres service can be run:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /PATH_TO/sw360postgres/bin +</span></span><span style="display:flex;"><span>$ ./initdb --encoding<span style="color:#555">=</span>UTF8 --no-locale +</span></span><span style="display:flex;"><span>$ ./pg_ctl start +</span></span></code></pre></div><blockquote> +<p>You will see that the server has started. +Note: If you installed through &ldquo;apt install&rdquo; then start the postgres service by following command, where after @ comes the installed version, if postgres isn&rsquo;t running you won&rsquo;t be able to connect to the server, and the error message is not explaining well that server isn&rsquo;t actually running at the moment:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo systemctl status postgresql@12-main.service +</span></span><span style="display:flex;"><span>sudo systemctl start postgresql@12-main.service +</span></span></code></pre></div><p>Normally, Default postgres creates user &ldquo;postgres&rdquo; with &ldquo;postgres&rdquo; password, use that to enter PostgreSQL terminal:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo -i -u postgres +</span></span><span style="display:flex;"><span>$ psql +</span></span></code></pre></div><blockquote> +<p>You will be logged in as user named &ldquo;postgres&rdquo;.</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql postgres +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \du</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># create database lportal;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER USER postgres WITH PASSWORD &#39;sw360fossy&#39;;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER ROLE postgres with superuser;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \q</span> +</span></span></code></pre></div><blockquote> +<p>Connect to postgres shell, and check users information</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql -d lportal +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \du</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \dt</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \l</span> +</span></span></code></pre></div><h3 id="16-install-couch-db">1.6. Install Couch DB</h3> +<blockquote> +<p>To install from aptitute type:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update +</span></span><span style="display:flex;"><span>$ sudo apt install -y couchdb +</span></span></code></pre></div><blockquote> +<p>You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials.</p> +</blockquote> +<blockquote> +<p>After, run CouchDb service, check if it&rsquo;s working:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service +</span></span></code></pre></div><blockquote> +<p>Check if CouchDB is responding:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ curl localhost:5984 +</span></span></code></pre></div><blockquote> +<p>This should return json containing version information +You can use &ldquo;start/stop/status/restart&rdquo; command with systemctl for controlling CouchDB service.</p> +</blockquote> +<h3 id="17-install-cve-search">1.7. Install CVE-Search</h3> +<blockquote> +<p>Follow these detailed instructions:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#555">[</span>https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst<span style="color:#555">]</span> +</span></span></code></pre></div><blockquote> +<p>To connect it to SW360, see following instructions:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +</span></span></code></pre></div><h5 id="notes">Notes:</h5> +<ul> +<li>In the instruction be careful with setting apt link for mongodb, if somehow it destroys your &ldquo;sudo apt update&rdquo; command, go to &ldquo;/etc/apt/sources.list&rdquo; file and comment out the broken line, that&rsquo;s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.</li> +</ul> +<h3 id="18-configure-sw360">1.8. Configure SW360</h3> +<blockquote> +<p>Before going to configuration page, need to start the Liferay Tomcat server:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#555">{</span>path to sw360 installation<span style="color:#555">}</span>/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +</span></span></code></pre></div><blockquote> +<p>You can use &hellip;bin/shutdown.sh script to stop the server. If startup.sh script responded &ldquo;Tomcat started. Then you are close to see SW360 portal page: -To do so, open this url from your browser:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>http://127.0.0.1:8080 -</span></span></code></pre></div><blockquote> -<p>This will take time, around 5 min. -If you can see liferay page, then go to the following links to configure SW360 portal.</p> -</blockquote> -<ul> -<li><a href="https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A">https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A</a> - instructions in Japanese.</li> -<li><a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> - instrutions in English</li> -</ul> -<h5 id="notes-1">Notes:</h5> -<ul> -<li> -<p>Probably your postgres user and password are different, then replace the configurations &ldquo;deps/liferay-ce-portal-7.3.4-ga5/portal-setup-wizard.properties&rdquo; file or add the new user into postgres with required credentials.</p> -</li> -<li> -<p>After creating user, if you can&rsquo;t sign in to SW360 portal <a href="https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png">https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png</a> try to login with &ldquo;test&rdquo; password and the same email &ldquo;<a href="mailto:setup@sw360.org">setup@sw360.org</a>&rdquo; as you set in during configuration.</p> -</li> -</ul> -<h2 id="2-run-sw360-and-its-dependencies">2. Run SW360 and its dependencies</h2> -<h3 id="21-run-dependencies">2.1. Run dependencies</h3> -<blockquote> -<p>Turn on the CouchDB and Postgres services</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service -</span></span><span style="display:flex;"><span>$ sudo systemctl start postgres@@12-main.service -</span></span></code></pre></div><blockquote> -<p>Check if both are running:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl status couchdb.service -</span></span><span style="display:flex;"><span>$ sudo systemctl status postgres@@12-main.service -</span></span></code></pre></div><blockquote> -<p>You should be able to see something like this:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>... systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started PostgreSQL Cluster 12-main. -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span>... halt systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started Apache CouchDB. -</span></span></code></pre></div><blockquote> -<p>Run Liferay portal</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh -</span></span></code></pre></div><blockquote> -<p>Make sure to type correct path to the startup.sh file.</p> -</blockquote> -<h3 id="23-run-sw360">2.3. Run SW360</h3> -<blockquote> -<p>Open the localhost:8080 page from the browser +To do so, open this url from your browser:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>http://127.0.0.1:8080 +</span></span></code></pre></div><blockquote> +<p>This will take time, around 5 min. +If you can see liferay page, then go to the following links to configure SW360 portal.</p> +</blockquote> +<ul> +<li><a href="https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A">https://qiita.com/K-Hama/items/1582b4e1bf248025eabb#liferaygui%E8%A8%AD%E5%AE%9A</a> - instructions in Japanese.</li> +<li><a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> - instrutions in English</li> +</ul> +<h5 id="notes-1">Notes:</h5> +<ul> +<li> +<p>Probably your postgres user and password are different, then replace the configurations &ldquo;deps/liferay-ce-portal-7.3.4-ga5/portal-setup-wizard.properties&rdquo; file or add the new user into postgres with required credentials.</p> +</li> +<li> +<p>After creating user, if you can&rsquo;t sign in to SW360 portal <a href="https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png">https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png</a> try to login with &ldquo;test&rdquo; password and the same email &ldquo;<a href="mailto:setup@sw360.org">setup@sw360.org</a>&rdquo; as you set in during configuration.</p> +</li> +</ul> +<h2 id="2-run-sw360-and-its-dependencies">2. Run SW360 and its dependencies</h2> +<h3 id="21-run-dependencies">2.1. Run dependencies</h3> +<blockquote> +<p>Turn on the CouchDB and Postgres services</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service +</span></span><span style="display:flex;"><span>$ sudo systemctl start postgres@@12-main.service +</span></span></code></pre></div><blockquote> +<p>Check if both are running:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl status couchdb.service +</span></span><span style="display:flex;"><span>$ sudo systemctl status postgres@@12-main.service +</span></span></code></pre></div><blockquote> +<p>You should be able to see something like this:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>... systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started PostgreSQL Cluster 12-main. +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span>... halt systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started Apache CouchDB. +</span></span></code></pre></div><blockquote> +<p>Run Liferay portal</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh +</span></span></code></pre></div><blockquote> +<p>Make sure to type correct path to the startup.sh file.</p> +</blockquote> +<h3 id="23-run-sw360">2.3. Run SW360</h3> +<blockquote> +<p>Open the localhost:8080 page from the browser If all the previous steps were successfuly done you will be able to see this page: -<a href="https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png">https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png</a> -Now enjoy SW360 portal!</p> -</blockquote> -<h2 id="check-all-services-are-working">Check all services are working</h2> -<p>To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line:</p> -<table> -<thead> -<tr> -<th>Service</th> -<th>URL/Port</th> -<th>Notes</th> -</tr> -</thead> -<tbody> -<tr> -<td>Tomcat</td> -<td>http://127.0.0.1:8080</td> -<td>When Tomcat is installed without liferay it uses same 8080 port</td> -</tr> -<tr> -<td>Liferay</td> -<td>http://127.0.0.1:8080</td> -<td>If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page.</td> -</tr> -<tr> -<td>PostgreSQL</td> -<td>http://127.0.0.1:5432</td> -<td></td> -</tr> -<tr> -<td>CouchDB</td> -<td>http://127.0.0.1:5984/_utils</td> -<td></td> -</tr> -<tr> -<td>CVE-Search</td> -<td>http://127.0.0.1:5000/admin</td> -<td></td> -</tr> -</tbody> -</table> -<h2 id="be-aware-of-cautions-and-notes">Be aware of cautions and notes</h2> -<blockquote> -<p>There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it&rsquo;s installation archive, that means you don&rsquo;t have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay.</p> -</blockquote> -<blockquote> -<p>If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it&rsquo;s version and reinstall it.</p> -</blockquote> -<blockquote> -<p>If you still face the problem with Thrift or Liferay page isn&rsquo;t responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again:</p> -</blockquote> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#033">THRIFT_VERSION</span><span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">THRIFT_VERSION</span><span style="color:#069;font-weight:bold">:-</span><span style="color:#033">0</span>.16.0<span style="color:#a00">}</span> -</span></span></code></pre></div><hr> -<h1 id="native-install-sw360-version-1400">Native Install SW360 Version-14.0.0</h1> -<h1 id="sw360-version-up-test">SW360 Version up test</h1> -<h2 id="1-overview">1. Overview</h2> -<h3 id="11-sw360-portal">1.1 SW360 Portal</h3> -<p>A software component catalogue application - designed to work with FOSSology.</p> -<p>SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. -It can manage SPDX files for maintaining the license conditions and maintain license information.</p> -<p>This material helps user to install SW360 14.0</p> -<h3 id="12-environment">1.2 Environment</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Ubuntu</td> -<td style="text-align:center">20.04</td> -</tr> -<tr> -<td style="text-align:left">Apt</td> -<td style="text-align:center">2.0.2</td> -</tr> -<tr> -<td style="text-align:left">Wget</td> -<td style="text-align:center">1.20.3</td> -</tr> -<tr> -<td style="text-align:left">Curl</td> -<td style="text-align:center">7.68.0</td> -</tr> -<tr> -<td style="text-align:left">Git</td> -<td style="text-align:center">2.25.1</td> -</tr> -<tr> -<td style="text-align:left">Maven</td> -<td style="text-align:center">3.6.0</td> -</tr> -<tr> -<td style="text-align:left">OpenJDK</td> -<td style="text-align:center">11.0.5</td> -</tr> -</tbody> -</table> -<h2 id="2install--config-proxy-for-environment">2.Install &amp; Config proxy for Environment</h2> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>2.1 Apt -</span></span><span style="display:flex;"><span>2.2 Wget -</span></span><span style="display:flex;"><span>2.3 Curl -</span></span><span style="display:flex;"><span>2.4 Git -</span></span><span style="display:flex;"><span>2.5 Maven -</span></span><span style="display:flex;"><span>2.6 OpenJDK -</span></span></code></pre></div><h3 id="21-apt">2.1 Apt</h3> -<h4 id="create-file-with-name-proxyconf-in-folder-etcaptaptconfd">Create file with name proxy.conf in folder <code>/etc/apt/apt.conf.d</code></h4> -<ul> -<li><code>$ sudo gedit /etc/apt/apt.conf.d/proxy.conf</code></li> -</ul> -<h4 id="add-the-following-line-few-files-proxyconf">Add the following line few files <code>proxy.conf</code></h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Acquire { -</span></span><span style="display:flex;"><span> HTTP::proxy &#34;http://username:password@server:port&#34;; -</span></span><span style="display:flex;"><span> HTTPS::proxy &#34;http://username:password@server:port&#34;; -</span></span><span style="display:flex;"><span> } -</span></span></code></pre></div><h3 id="22-wget">2.2 Wget</h3> -<h4 id="create-file-wgetrc">Create file <code>~/.wgetrc</code></h4> -<ul> -<li><code>$ sudo gedit ~/.wgetrc</code></li> -</ul> -<h4 id="add-the-following-line-few-files-wgetrc">Add the following line few files <code>~/.wgetrc</code></h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> use_proxy=yes -</span></span><span style="display:flex;"><span> http_proxy=http://username:password@server:port -</span></span><span style="display:flex;"><span> https_proxy=http://username:password@server:port -</span></span></code></pre></div><h3 id="23-curl">2.3 Curl</h3> -<h4 id="231-install-curl">2.3.1 Install Curl</h4> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install curl</code></li> -</ul> -<h4 id="232-config-proxy">2.3.2 Config proxy</h4> -<ul> -<li> -<p>Create file <code>~/.curlrc</code></p> -<ul> -<li><code>$ sudo gedit ~/.curlrc</code></li> -</ul> -</li> -<li> -<p>Add the following line few files <code>~/.curlrc</code></p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> proxy=http://username:password@server:port/ -</span></span></code></pre></div><h3 id="24-git">2.4 Git</h3> -<h4 id="241-install-git">2.4.1 Install Git</h4> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install git</code></li> -</ul> -<h4 id="242-config-proxy">2.4.2 Config proxy</h4> -<ul> -<li> -<p>Create file <code>~/.gitconfig</code></p> -<ul> -<li><code>$ sudo gedit ~/.gitconfig</code></li> -</ul> -</li> -<li> -<p>Add the following line few files <code>~/.gitconfig</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> [http] -</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port -</span></span><span style="display:flex;"><span> sslverify = false -</span></span><span style="display:flex;"><span> [https] -</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port -</span></span></code></pre></div></li> -</ul> -<h3 id="25-maven">2.5 Maven</h3> -<h4 id="251-install-maven">2.5.1 Install Maven</h4> -<p>*Go to back Home in Terminal</p> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install maven</code></li> -</ul> -<h4 id="252-config-proxy-for-maven">2.5.2 Config proxy for Maven</h4> -<ul> -<li>Create Folder with path <code>/home/user/.m2</code></li> -</ul> -<ul> -<li><code>$ mkdir /home/user/.m2</code></li> -</ul> -<ul> -<li>Create File in Folder <code>.m2</code></li> -</ul> -<ul> -<li><code>$ touch /home/user/.m2/settings.xml</code></li> -</ul> -<ul> -<li> -<p>Copy the following lines into tag <proxies></proxies></p> -<pre><code> &lt;settings&gt; - &lt;proxies&gt; - &lt;proxy&gt; - - &lt;id&gt;optional1&lt;/id&gt; - - &lt;active&gt;true&lt;/active&gt; - - &lt;protocol&gt;http&lt;/protocol&gt; - - &lt;username&gt;username&lt;/username&gt; - - &lt;password&gt;password&lt;/password&gt; - - &lt;host&gt;server&lt;/host&gt; - - &lt;port&gt;port&lt;/port&gt; - - &lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; - - &lt;/proxy&gt; - - &lt;proxy&gt; - - &lt;id&gt;optional1&lt;/id&gt; - - &lt;active&gt;true&lt;/active&gt; - - &lt;protocol&gt;http&lt;/protocol&gt; - - &lt;username&gt;username&lt;/username&gt; - - &lt;password&gt;password&lt;/password&gt; - - &lt;host&gt;server&lt;/host&gt; - - &lt;port&gt;port&lt;/port&gt; - - &lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; - - &lt;/proxy&gt; - &lt;/proxies&gt; - &lt;/settings&gt; -</code></pre> -</li> -</ul> -<h3 id="26-openjdk-11">2.6 OpenJDK 11</h3> -<ul> -<li>And install OpenJDK 11 -<ul> -<li><code>$ sudo apt install openjdk-11-jdk</code></li> -</ul> -</li> -<li>Check version: -<ul> -<li><code>$ java --version</code></li> -<li>Output:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> openjdk version &#34;11.0.15&#34; 2022-04-19 -</span></span><span style="display:flex;"><span> OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) -</span></span><span style="display:flex;"><span> OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) -</span></span></code></pre></div><ul> -<li>Install JDK successfully</li> -</ul> -</li> -</ul> -<h2 id="3-native-install-140-without-docker-compose">3. Native install 14.0 (without docker-compose)</h2> -<h3 id="the-installation-consists-of-some-tasks">The installation consists of some tasks::</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules -</span></span><span style="display:flex;"><span>3.2 Install Couchdb version 3.2.2 -</span></span><span style="display:flex;"><span>3.3 Install Couchdb Lucene -</span></span><span style="display:flex;"><span>3.4 Clone Project sw360 with version 14 -</span></span><span style="display:flex;"><span>3.5 Install Thrift version 14.0 -</span></span><span style="display:flex;"><span>3.6 Compiling and deploying -</span></span><span style="display:flex;"><span>3.7 Version Management Table -</span></span></code></pre></div><h3 id="31-install-a-liferay-community-edition-bundled-with-tomcat">3.1 Install A Liferay Community Edition bundled with Tomcat</h3> -<ul> -<li> -<p>Make folder <code>work</code> in path of work: <code>/home/user</code></p> -<ul> -<li><code>$ mkdir work</code></li> -</ul> -</li> -<li> -<p>Download Liferay Portal CE 7.3.4 GA5</p> -<ul> -<li><code>$ cd work</code></li> -<li><code>$ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz</code></li> -</ul> -</li> -<li> -<p>Extract downloaded file</p> -<ul> -<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz</code></li> -</ul> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -<li> -<p>Move to <code>${LIFERAY_INSTALL}/deploy</code> and Run command:</p> -<ul> -<li> -<p><code>$ cd ${LIFERAY_INSTALL}/deploy</code></p> -</li> -<li> -<p><code>wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar</code></p> -</li> -<li> -<p><code>wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar</code></p> -</li> -<li> -<p><code>wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar</code></p> -</li> -<li> -<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar</code></p> -</li> -<li> -<p><code> wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar</code></p> -</li> -<li> -<p><code> wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar</code></p> -</li> -</ul> -</li> -<li> -<p>Create <code>portal-ext.properties</code> file in <code>liferay-ce-portal-7.3.4-ga5</code> folder</p> -</li> -<li> -<p>Copy content from <a href="https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties">https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties</a> to portal-ext.properties</p> -</li> -</ul> -<ul> -<li> -<p>Edit <code>portal-ext.properties</code>: uncomment below lines</p> -<pre><code> # default.admin.password=sw360fossy - - # default.admin.screen.name=setup - - # default.admin.email.address.prefix=setup - - # default.admin.first.name=Setup - - # default.admin.last.name=Administrator -</code></pre> -</li> -</ul> -<ul> -<li> -<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic</code></p> -<ul> -<li><code>$ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*</code></li> -</ul> -</li> -<li> -<p>Move folder <code>liferay-ce-portal-7.3.4-ga5</code> to <code>/opt</code></p> -<ul> -<li><code>$ sudo mv liferay-ce-portal-7.3.4-ga5 /opt</code></li> -</ul> -</li> -</ul> -<h3 id="32-install-couchdb-version-322">3.2 Install Couchdb version 3.2.2</h3> -<ul> -<li> -<p>Run the following commands:</p> -<ul> -<li><code>$ sudo apt update &amp;&amp; sudo apt install -y curl apt-transport-https gnupg</code></li> -<li><code>$ curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg &gt;/dev/null 2&gt;&amp;1 </code></li> -<li><code>$ source /etc/os-release </code></li> -<li><code>$ echo &quot;deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main&quot; \ </code> -<code>| sudo tee /etc/apt/sources.list.d/couchdb.list &gt;/dev/null</code></li> -<li><code>$ sudo apt update </code></li> -<li><code>$ sudo apt install -y couchdb </code></li> -</ul> -</li> -<li> -<p>Config and Setup Couchdb follow images:</p> -<ul> -<li>Config Couchdb Type<br> +<a href="https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png">https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png</a> +Now enjoy SW360 portal!</p> +</blockquote> +<h2 id="check-all-services-are-working">Check all services are working</h2> +<p>To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line:</p> +<table> +<thead> +<tr> +<th>Service</th> +<th>URL/Port</th> +<th>Notes</th> +</tr> +</thead> +<tbody> +<tr> +<td>Tomcat</td> +<td>http://127.0.0.1:8080</td> +<td>When Tomcat is installed without liferay it uses same 8080 port</td> +</tr> +<tr> +<td>Liferay</td> +<td>http://127.0.0.1:8080</td> +<td>If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page.</td> +</tr> +<tr> +<td>PostgreSQL</td> +<td>http://127.0.0.1:5432</td> +<td></td> +</tr> +<tr> +<td>CouchDB</td> +<td>http://127.0.0.1:5984/_utils</td> +<td></td> +</tr> +<tr> +<td>CVE-Search</td> +<td>http://127.0.0.1:5000/admin</td> +<td></td> +</tr> +</tbody> +</table> +<h2 id="be-aware-of-cautions-and-notes">Be aware of cautions and notes</h2> +<blockquote> +<p>There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it&rsquo;s installation archive, that means you don&rsquo;t have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay.</p> +</blockquote> +<blockquote> +<p>If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it&rsquo;s version and reinstall it.</p> +</blockquote> +<blockquote> +<p>If you still face the problem with Thrift or Liferay page isn&rsquo;t responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again:</p> +</blockquote> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#033">THRIFT_VERSION</span><span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">THRIFT_VERSION</span><span style="color:#069;font-weight:bold">:-</span><span style="color:#033">0</span>.16.0<span style="color:#a00">}</span> +</span></span></code></pre></div><hr> +<h1 id="native-install-sw360-version-1400">Native Install SW360 Version-14.0.0</h1> +<h1 id="sw360-version-up-test">SW360 Version up test</h1> +<h2 id="1-overview">1. Overview</h2> +<h3 id="11-sw360-portal">1.1 SW360 Portal</h3> +<p>A software component catalogue application - designed to work with FOSSology.</p> +<p>SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information.</p> +<p>This material helps user to install SW360 14.0</p> +<h3 id="12-environment">1.2 Environment</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Ubuntu</td> +<td style="text-align:center">20.04</td> +</tr> +<tr> +<td style="text-align:left">Apt</td> +<td style="text-align:center">2.0.2</td> +</tr> +<tr> +<td style="text-align:left">Wget</td> +<td style="text-align:center">1.20.3</td> +</tr> +<tr> +<td style="text-align:left">Curl</td> +<td style="text-align:center">7.68.0</td> +</tr> +<tr> +<td style="text-align:left">Git</td> +<td style="text-align:center">2.25.1</td> +</tr> +<tr> +<td style="text-align:left">Maven</td> +<td style="text-align:center">3.6.0</td> +</tr> +<tr> +<td style="text-align:left">OpenJDK</td> +<td style="text-align:center">11.0.5</td> +</tr> +</tbody> +</table> +<h2 id="2install--config-proxy-for-environment">2.Install &amp; Config proxy for Environment</h2> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>2.1 Apt +</span></span><span style="display:flex;"><span>2.2 Wget +</span></span><span style="display:flex;"><span>2.3 Curl +</span></span><span style="display:flex;"><span>2.4 Git +</span></span><span style="display:flex;"><span>2.5 Maven +</span></span><span style="display:flex;"><span>2.6 OpenJDK +</span></span></code></pre></div><h3 id="21-apt">2.1 Apt</h3> +<h4 id="create-file-with-name-proxyconf-in-folder-etcaptaptconfd">Create file with name proxy.conf in folder <code>/etc/apt/apt.conf.d</code></h4> +<ul> +<li><code>$ sudo gedit /etc/apt/apt.conf.d/proxy.conf</code></li> +</ul> +<h4 id="add-the-following-line-few-files-proxyconf">Add the following line few files <code>proxy.conf</code></h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Acquire { +</span></span><span style="display:flex;"><span> HTTP::proxy &#34;http://username:password@server:port&#34;; +</span></span><span style="display:flex;"><span> HTTPS::proxy &#34;http://username:password@server:port&#34;; +</span></span><span style="display:flex;"><span> } +</span></span></code></pre></div><h3 id="22-wget">2.2 Wget</h3> +<h4 id="create-file-wgetrc">Create file <code>~/.wgetrc</code></h4> +<ul> +<li><code>$ sudo gedit ~/.wgetrc</code></li> +</ul> +<h4 id="add-the-following-line-few-files-wgetrc">Add the following line few files <code>~/.wgetrc</code></h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> use_proxy=yes +</span></span><span style="display:flex;"><span> http_proxy=http://username:password@server:port +</span></span><span style="display:flex;"><span> https_proxy=http://username:password@server:port +</span></span></code></pre></div><h3 id="23-curl">2.3 Curl</h3> +<h4 id="231-install-curl">2.3.1 Install Curl</h4> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install curl</code></li> +</ul> +<h4 id="232-config-proxy">2.3.2 Config proxy</h4> +<ul> +<li> +<p>Create file <code>~/.curlrc</code></p> +<ul> +<li><code>$ sudo gedit ~/.curlrc</code></li> +</ul> +</li> +<li> +<p>Add the following line few files <code>~/.curlrc</code></p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> proxy=http://username:password@server:port/ +</span></span></code></pre></div><h3 id="24-git">2.4 Git</h3> +<h4 id="241-install-git">2.4.1 Install Git</h4> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install git</code></li> +</ul> +<h4 id="242-config-proxy">2.4.2 Config proxy</h4> +<ul> +<li> +<p>Create file <code>~/.gitconfig</code></p> +<ul> +<li><code>$ sudo gedit ~/.gitconfig</code></li> +</ul> +</li> +<li> +<p>Add the following line few files <code>~/.gitconfig</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> [http] +</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port +</span></span><span style="display:flex;"><span> sslverify = false +</span></span><span style="display:flex;"><span> [https] +</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port +</span></span></code></pre></div></li> +</ul> +<h3 id="25-maven">2.5 Maven</h3> +<h4 id="251-install-maven">2.5.1 Install Maven</h4> +<p>*Go to back Home in Terminal</p> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install maven</code></li> +</ul> +<h4 id="252-config-proxy-for-maven">2.5.2 Config proxy for Maven</h4> +<ul> +<li>Create Folder with path <code>/home/user/.m2</code></li> +</ul> +<ul> +<li><code>$ mkdir /home/user/.m2</code></li> +</ul> +<ul> +<li>Create File in Folder <code>.m2</code></li> +</ul> +<ul> +<li><code>$ touch /home/user/.m2/settings.xml</code></li> +</ul> +<ul> +<li> +<p>Copy the following lines into tag <proxies></proxies></p> +<pre><code> &lt;settings&gt; +&lt;proxies&gt; +&lt;proxy&gt; +&lt;id&gt;optional1&lt;/id&gt; +&lt;active&gt;true&lt;/active&gt; +&lt;protocol&gt;http&lt;/protocol&gt; +&lt;username&gt;username&lt;/username&gt; +&lt;password&gt;password&lt;/password&gt; +&lt;host&gt;server&lt;/host&gt; +&lt;port&gt;port&lt;/port&gt; +&lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; +&lt;/proxy&gt; +&lt;proxy&gt; +&lt;id&gt;optional1&lt;/id&gt; +&lt;active&gt;true&lt;/active&gt; +&lt;protocol&gt;http&lt;/protocol&gt; +&lt;username&gt;username&lt;/username&gt; +&lt;password&gt;password&lt;/password&gt; +&lt;host&gt;server&lt;/host&gt; +&lt;port&gt;port&lt;/port&gt; +&lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; +&lt;/proxy&gt; +&lt;/proxies&gt; +&lt;/settings&gt; +</code></pre> +</li> +</ul> +<h3 id="26-openjdk-11">2.6 OpenJDK 11</h3> +<ul> +<li>And install OpenJDK 11 +<ul> +<li><code>$ sudo apt install openjdk-11-jdk</code></li> +</ul> +</li> +<li>Check version: +<ul> +<li><code>$ java --version</code></li> +<li>Output:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> openjdk version &#34;11.0.15&#34; 2022-04-19 +</span></span><span style="display:flex;"><span> OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) +</span></span><span style="display:flex;"><span> OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) +</span></span></code></pre></div><ul> +<li>Install JDK successfully</li> +</ul> +</li> +</ul> +<h2 id="3-native-install-140-without-docker-compose">3. Native install 14.0 (without docker-compose)</h2> +<h3 id="the-installation-consists-of-some-tasks">The installation consists of some tasks::</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +</span></span><span style="display:flex;"><span>3.2 Install Couchdb version 3.2.2 +</span></span><span style="display:flex;"><span>3.3 Install Couchdb Lucene +</span></span><span style="display:flex;"><span>3.4 Clone Project sw360 with version 14 +</span></span><span style="display:flex;"><span>3.5 Install Thrift version 14.0 +</span></span><span style="display:flex;"><span>3.6 Compiling and deploying +</span></span><span style="display:flex;"><span>3.7 Version Management Table +</span></span></code></pre></div><h3 id="31-install-a-liferay-community-edition-bundled-with-tomcat">3.1 Install A Liferay Community Edition bundled with Tomcat</h3> +<ul> +<li> +<p>Make folder <code>work</code> in path of work: <code>/home/user</code></p> +<ul> +<li><code>$ mkdir work</code></li> +</ul> +</li> +<li> +<p>Download Liferay Portal CE 7.3.4 GA5</p> +<ul> +<li><code>$ cd work</code></li> +<li><code>$ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz</code></li> +</ul> +</li> +<li> +<p>Extract downloaded file</p> +<ul> +<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz</code></li> +</ul> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +<li> +<p>Move to <code>${LIFERAY_INSTALL}/deploy</code> and Run command:</p> +<ul> +<li> +<p><code>$ cd ${LIFERAY_INSTALL}/deploy</code></p> +</li> +<li> +<p><code>wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar</code></p> +</li> +<li> +<p><code>wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar</code></p> +</li> +<li> +<p><code>wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar</code></p> +</li> +<li> +<p><code> wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar</code></p> +</li> +<li> +<p><code> wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar</code></p> +</li> +<li> +<p><code> wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar</code></p> +</li> +</ul> +</li> +<li> +<p>Create <code>portal-ext.properties</code> file in <code>liferay-ce-portal-7.3.4-ga5</code> folder</p> +</li> +<li> +<p>Copy content from <a href="https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties">https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties</a> to portal-ext.properties</p> +</li> +</ul> +<ul> +<li> +<p>Edit <code>portal-ext.properties</code>: uncomment below lines</p> +<pre><code> # default.admin.password=sw360fossy +# default.admin.screen.name=setup +# default.admin.email.address.prefix=setup +# default.admin.first.name=Setup +# default.admin.last.name=Administrator +</code></pre> +</li> +</ul> +<ul> +<li> +<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic</code></p> +<ul> +<li><code>$ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*</code></li> +</ul> +</li> +<li> +<p>Move folder <code>liferay-ce-portal-7.3.4-ga5</code> to <code>/opt</code></p> +<ul> +<li><code>$ sudo mv liferay-ce-portal-7.3.4-ga5 /opt</code></li> +</ul> +</li> +</ul> +<h3 id="32-install-couchdb-version-322">3.2 Install Couchdb version 3.2.2</h3> +<ul> +<li> +<p>Run the following commands:</p> +<ul> +<li><code>$ sudo apt update &amp;&amp; sudo apt install -y curl apt-transport-https gnupg</code></li> +<li><code>$ curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg &gt;/dev/null 2&gt;&amp;1 </code></li> +<li><code>$ source /etc/os-release </code></li> +<li><code>$ echo &quot;deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main&quot; \ </code> +<code>| sudo tee /etc/apt/sources.list.d/couchdb.list &gt;/dev/null</code></li> +<li><code>$ sudo apt update </code></li> +<li><code>$ sudo apt install -y couchdb </code></li> +</ul> +</li> +<li> +<p>Config and Setup Couchdb follow images:</p> +<ul> +<li>Config Couchdb Type<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigTypeCouchdb.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigTypeCouchdb.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Type Couchdb</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/ConfigTypeCouchdb.jpg ) --> -<p> </p> -<ul> -<li>Config node name<br> +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigTypeCouchdb.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigTypeCouchdb.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Type Couchdb</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/ConfigTypeCouchdb.jpg ) --> +<p> </p> +<ul> +<li>Config node name<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigDomainCouchdb.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigDomainCouchdb.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Domain Couchdb</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/ConfigDomainCouchdb.jpg) --> -<ul> -<li>Set up magic cookie<br> +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigDomainCouchdb.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigDomainCouchdb.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Domain Couchdb</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/ConfigDomainCouchdb.jpg) --> +<ul> +<li>Set up magic cookie<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupMagicCookie.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupMagicCookie.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Setup Magic Cookie</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/SetupMagicCookie.jpg) --> -<ul> -<li>Config bind address<br> +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupMagicCookie.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupMagicCookie.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Setup Magic Cookie</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/SetupMagicCookie.jpg) --> +<ul> +<li>Config bind address<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigIPCouchdb.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigIPCouchdb.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">IP Couchdb</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/ConfigIPCouchdb.jpg) --> -<ul> -<li>Set up Couchdb Password<br> +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigIPCouchdb.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/ConfigIPCouchdb.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">IP Couchdb</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/ConfigIPCouchdb.jpg) --> +<ul> +<li>Set up Couchdb Password<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupPassword.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupPassword.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Setup Password</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/SetupPassword.jpg) --> -<ul> -<li>Repeat Password<br> +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupPassword.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/SetupPassword.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Setup Password</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/SetupPassword.jpg) --> +<ul> +<li>Repeat Password<br>   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/RepeatPassword.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/RepeatPassword.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Repeat Password</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/RepeatPassword.jpg) --> -<ul> -<li>Start and status of Couchdb +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/RepeatPassword.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/RepeatPassword.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Repeat Password</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/RepeatPassword.jpg) --> +<ul> +<li>Start and status of Couchdb   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStartCouchdb.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStartCouchdb.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Status Start Couchdb</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/StatusStartCouchdb.jpg) --> -<ul> -<li>Stop and status of Couchdb +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStartCouchdb.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStartCouchdb.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Status Start Couchdb</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/StatusStartCouchdb.jpg) --> +<ul> +<li>Stop and status of Couchdb   -<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> -<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> -<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> - - <a href="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStopCouchdb.jpg" data-lightbox="x" class="mb-5"> - <div class="card"> - <img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStopCouchdb.jpg" alt="Card image cap" /> - <div class="card-body"> - <h5 class="card-title">Status Stop Couchdb</h5> - <p class="card-text"> - - </p> - </div> - </div> -</a> - - - -</div> -</li> -</ul> - <!-- ![](./assets/img/StatusStopCouchdb.jpg) --> -</li> -<li> -<p>Url and account when config couchdb</p> -<ul> -<li>Username: <code>admin</code></li> -<li>Password: <code>password</code></li> -<li>Url: <code>http://localhost:5984/_utils</code></li> -</ul> -</li> -<li> -<p>Command Line When Start, Stop, check status Couchdb</p> -<ul> -<li>Start Couchdb: <code>$ sudo service couchdb start</code></li> -<li>Stop Couchdb: <code>$ sudo service couchdb stop</code></li> -<li>Check status: <code>$ sudo service couchdb status</code></li> -</ul> -</li> -</ul> -<h3 id="33-install-couchdb-lucene">3.3 Install Couchdb Lucene</h3> -<ul> -<li> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> -</li> -<li> -<p>Run command download Couchdb Lucene</p> -<ul> -<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Note Extract liferay To folder <code>work</code> with path of work: <code>/home/user/work</code></p> -<ul> -<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Run command:</p> -<ul> -<li><code>cd couchdb-lucene-2.1.0</code></li> -<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> -<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> -<li><code>mvn clean install war:war</code></li> -<li><code>cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/webapps/couchdb-lucene.war</code></li> -</ul> -</li> -</ul> -<h3 id="34-clone-sw360-with-version-1400">3.4 Clone sw360 with version 14.0.0</h3> -<ul> -<li> -<p>Clone sw360 source code to folder <code>work</code> with path: <code>/home/user/work</code></p> -<ul> -<li><code>$ git clone https://github.com/eclipse/sw360</code></li> -</ul> -</li> -<li> -<p>Checkout to tag 14.0.0 version</p> -<ul> -<li><code>$ cd sw360</code></li> -<li><code>$ git checkout sw360-14.0.0-M1</code></li> -</ul> -</li> -</ul> -<h3 id="35-install-thrift-version-014">3.5 Install Thrift version 0.14</h3> -<ul> -<li> -<p>For thrift, we need version 0.14. The installation script in Path: <code>SW360_REPOSITORY/scripts/install-thrift.sh</code></p> -</li> -<li> -<p>Run command:</p> -<ul> -<li><code>$ chmod +x install-thrift.sh</code></li> -<li><code>$ sudo ./install-thrift.sh</code></li> -</ul> -</li> -</ul> -<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14</p> -<ul> -<li> -<p>Check version thrift</p> -<ul> -<li> -<p><code>$ thrift --version</code></p> -</li> -<li> -<p>Output:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Thrift version 0.14.0 -</span></span></code></pre></div><ul> -<li>Install Thrift successfully</li> -</ul> -</li> -</ul> -<h3 id="36-compile-and-deploy">3.6 Compile and deploy</h3> -<ul> -<li> -<p>Start couchdb</p> -<ul> -<li><code>$ sudo service couchdb start</code></li> -</ul> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ cd /home/user/work/sw360</code></li> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -</ul> -<ol> -<li> -<p>To clean everything and install without running the tests</p> -<ul> -<li><code>$ mvn clean install -DskipTests </code></li> -</ul> -</li> -<li> -<p>For deployment run the command</p> -<ul> -<li><code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests</code></li> -</ul> -</li> -</ol> -<h4 id="361-start-and-configure-liferay">3.6.1 Start and Configure Liferay</h4> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> -</ul> -</li> -<li> -<p>Url SW360 : <code>https://localhost:8080</code></p> -</li> -</ul> -<h4 id="362-configure-liferay-portal">3.6.2 Configure Liferay Portal</h4> -<ul> -<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> -</ul> -<ul> -<li>Import users -<ol> -<li>Open the panel on the left side by clicking the button on the top left.</li> -<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> -<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> -<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> -<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very -beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> -* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> -</ol> -</li> -</ul> -<h3 id="37-version-management-table-sw360-140">3.7 Version Management Table (sw360 14.0)</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.3.4</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.33</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.14.0</td> -</tr> -<tr> -<td style="text-align:left">SW360</td> -<td style="text-align:center">14.0.0</td> -</tr> -</tbody> -</table> -<h3 id="38-config-couchdb-with-sw360-sw360-140">3.8 Config couchdb with Sw360 (sw360 14.0)</h3> -<ul> -<li> -<p>Create folder <code>sw360</code> in path <code>/etc/</code></p> -<ul> -<li><code>sudo mkdir sw360</code></li> -</ul> -</li> -<li> -<p>Create 2 folder <code>authorization</code> and <code>rest</code> in path <code>/etc/sw360</code></p> -<ul> -<li><code>sudo mkdir authorization</code></li> -<li><code>sudo mkdir rest</code></li> -</ul> -</li> -<li> -<p>Create file <code>application.yml</code> in path <code>/etc/sw360/authorizaton</code> with content:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made -</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # Port to open in standalone mode -</span></span><span style="display:flex;"><span> server: -</span></span><span style="display:flex;"><span> port: 8090 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # Connection to the couch databases. Will be used to store client credentials -</span></span><span style="display:flex;"><span> couchdb: -</span></span><span style="display:flex;"><span> url: http://localhost:5984 -</span></span><span style="display:flex;"><span> database: sw360oauthclients -</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password -</span></span><span style="display:flex;"><span> username: admin -</span></span><span style="display:flex;"><span> password: password -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> jwt: -</span></span><span style="display:flex;"><span> secretkey: sw360SecretKey -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> spring: -</span></span><span style="display:flex;"><span> jackson: -</span></span><span style="display:flex;"><span> serialization: -</span></span><span style="display:flex;"><span> indent_output: true -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # Common SW360 properties -</span></span><span style="display:flex;"><span> sw360: -</span></span><span style="display:flex;"><span> # The url of the Liferay instance -</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} -</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for -</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} -</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> security: -</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO -</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server -</span></span><span style="display:flex;"><span> customheader: -</span></span><span style="display:flex;"><span> headername: -</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here -</span></span><span style="display:flex;"><span> enabled: false -</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers -</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server -</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker -</span></span><span style="display:flex;"><span> email: authenticated-email -</span></span><span style="display:flex;"><span> extid: authenticated-extid -</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span></code></pre></div><ul> -<li>Create file <code>application.yml</code> in path <code>/etc/sw360/rest</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2017. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span> # Copyright Bosch.IO GmbH 2020 -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made -</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> server: -</span></span><span style="display:flex;"><span> port: 8091 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> management: -</span></span><span style="display:flex;"><span> endpoints: -</span></span><span style="display:flex;"><span> enabled-by-default: false -</span></span><span style="display:flex;"><span> web: -</span></span><span style="display:flex;"><span> base-path: -</span></span><span style="display:flex;"><span> endpoint: -</span></span><span style="display:flex;"><span> health: -</span></span><span style="display:flex;"><span> enabled: true -</span></span><span style="display:flex;"><span> show-details: always -</span></span><span style="display:flex;"><span> info: -</span></span><span style="display:flex;"><span> enabled: true -</span></span><span style="display:flex;"><span> web: -</span></span><span style="display:flex;"><span> base-path: / -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> spring: -</span></span><span style="display:flex;"><span> servlet: -</span></span><span style="display:flex;"><span> multipart: -</span></span><span style="display:flex;"><span> max-file-size: 500MB -</span></span><span style="display:flex;"><span> max-request-size: 600MB -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # logging: -</span></span><span style="display:flex;"><span> # level: -</span></span><span style="display:flex;"><span> # org.springframework.web: DEBUG -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> security: -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span><span style="display:flex;"><span> jwt: -</span></span><span style="display:flex;"><span> keyValue: | -</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- -</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy -</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ -</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ -</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg -</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da -</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ -</span></span><span style="display:flex;"><span> PQIDAQAB -</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> sw360: -</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} -</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org -</span></span><span style="display:flex;"><span> test-user-password: sw360-password -</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span></code></pre></div><ul> -<li>Create file <code>couchdb.properties</code> in path <code>/etc/sw360</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2020. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made -</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> couchdb.url = http://localhost:5984 -</span></span><span style="display:flex;"><span> couchdb.user = admin -</span></span><span style="display:flex;"><span> couchdb.password = password -</span></span><span style="display:flex;"><span> couchdb.database = sw360db -</span></span><span style="display:flex;"><span> couchdb.usersdb = sw360users -</span></span><span style="display:flex;"><span> couchdb.attachments = sw360attachments -</span></span><span style="display:flex;"><span> lucenesearch.limit = 10000 -</span></span></code></pre></div><ul> -<li>Create file <code>sw360.properties</code> and <code>/etc/sw360</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made -</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span> # -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # common property file for the backend services -</span></span><span style="display:flex;"><span> backend.url= http://localhost:8080 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> licenseinfo.spdxparser.use-license-info-from-files=true -</span></span><span style="display:flex;"><span> mainline.state.enabled.for.user=false -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # settings for the mail utility: -</span></span><span style="display:flex;"><span> # if host is not set, e-mailing is disabled -</span></span><span style="display:flex;"><span> MailUtil_host= -</span></span><span style="display:flex;"><span> MailUtil_from=__No_Reply__@sw360.org -</span></span><span style="display:flex;"><span> MailUtil_port=25 -</span></span><span style="display:flex;"><span> MailUtil_enableStarttls= -</span></span><span style="display:flex;"><span> MailUtil_enableSsl= -</span></span><span style="display:flex;"><span> MailUtil_isAuthenticationNecessary= -</span></span><span style="display:flex;"><span> MailUtil_login= -</span></span><span style="display:flex;"><span> MailUtil_password= -</span></span><span style="display:flex;"><span> MailUtil_enableDebug= -</span></span><span style="display:flex;"><span> MailUtil_supportMailAddress= -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> # text patterns for mail utility -</span></span><span style="display:flex;"><span> defaultBegin = \ -</span></span><span style="display:flex;"><span> *** This is an automatically generated email, please do not reply. ***\n\n\ -</span></span><span style="display:flex;"><span> Dear SW360-user,\n\n -</span></span><span style="display:flex;"><span> defaultEnd = \ -</span></span><span style="display:flex;"><span> With best regards,\n\ -</span></span><span style="display:flex;"><span> SW360-support -</span></span><span style="display:flex;"><span> unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: -</span></span><span style="display:flex;"><span> unsubscribeNoticeAfter =. *** -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> subjectForNewModerationRequest= New moderation request -</span></span><span style="display:flex;"><span> subjectForUpdateModerationRequest= Update on moderation request -</span></span><span style="display:flex;"><span> subjectForAcceptedModerationRequest= Your moderation request has been accepted -</span></span><span style="display:flex;"><span> subjectForDeclinedModerationRequest= Your moderation request has been declined -</span></span><span style="display:flex;"><span> subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined -</span></span><span style="display:flex;"><span> subjectForNewComponent= New component created -</span></span><span style="display:flex;"><span> subjectForUpdateComponent= Component updated -</span></span><span style="display:flex;"><span> subjectForNewRelease= New release created -</span></span><span style="display:flex;"><span> subjectForUpdateRelease= Release updated -</span></span><span style="display:flex;"><span> subjectForNewProject= New project created -</span></span><span style="display:flex;"><span> subjectForUpdateProject= Project updated -</span></span><span style="display:flex;"><span> subjectForNewClearingRequest= New clearing request &lt;%s&gt; for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span> subjectForClearingRequestComment= New comment added in clearing request &lt;%s&gt; for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span> subjectForUpdatedClearingRequest= Your clearing request &lt;%s&gt; has been updated for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span> subjectForClosedClearingRequest= Your clearing request &lt;%s&gt; has been closed for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span> subjectForRejectedClearingRequest= Your clearing request &lt;%s&gt; has been rejected for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span> subjectForUpdatedProjectWithClearingRequest= Project &lt;%s&gt; with clearing request &lt;%s&gt; updated -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n -</span></span><span style="display:flex;"><span> textForUpdateModerationRequest= \ -</span></span><span style="display:flex;"><span> one of the moderation requests previously added to your \ -</span></span><span style="display:flex;"><span> SW360-account has been updated.\n\n -</span></span><span style="display:flex;"><span> textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n -</span></span><span style="display:flex;"><span> textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n -</span></span><span style="display:flex;"><span> textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n -</span></span><span style="display:flex;"><span> textForNewComponent= a new component %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span> textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span> textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span> textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span> textForNewProject= a new project %s %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span> textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span> textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n -</span></span><span style="display:flex;"><span> textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n -</span></span><span style="display:flex;"><span> #attachment.store.file.system.location=/opt/sw360tempattachments -</span></span><span style="display:flex;"><span> #enable.attachment.store.to.file.system=false -</span></span><span style="display:flex;"><span> #attachment.store.file.system.permission=rwx------ -</span></span><span style="display:flex;"><span> #attachemnt.delete.no.of.days=30 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. -</span></span><span style="display:flex;"><span> #sw360changelog.config.file.location=/etc/sw360/log4j2.xml -</span></span><span style="display:flex;"><span> enable.sw360.change.log=false -</span></span><span style="display:flex;"><span> sw360changelog.output.path=sw360changelog/sw360changelog -</span></span></code></pre></div><h2 id="references-for-more-information">References for more information</h2> -<ul> -<li><a href="https://www.eclipse.org/sw360/docs/">SW360</a></li> -<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a></li> -<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a></li> -<li><a href="https://maven.apache.org/install.html">Maven</a></li> -<li><a href="https://thrift.apache.org/">Thrift</a></li> -<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a></li> -<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a></li> -<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">CouchDB</a></li> -</ul> -<h2 id="license">License</h2> -<p>[SPDX-License-Identifier: EPL-2.0]</p> - - - - - - Docs: Native Install v17 - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/ - - - - <h1 id="how-to-install-and-run-sw360-v1700">How to install and run SW360 v17.0.0</h1> -<h1 id="these-instructions-worked-on-ubuntu-2004-and-has-detailed-explanations-for-newcomers">These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.</h1> -<h2 id="this-is-a-guide-with-detailed-explanation-of-how-to-install-and-run-sw360-natively-on-you-local-machine">This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.</h2> -<h2 id="it-includes-installation-of-all-dependencies-manually-which-will-not-use-docker-or-other-container-system-during-the-installation-or-run">It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.</h2> -<p>SW360 is an Open Source project. The <a href="https://www.eclipse.org/sw360/docs/">SW360</a> repository and <a href="https://github.com/eclipse/sw360.website">SW360 website</a> repositories are published on GitHub.</p> -<h2 id="1-overview">1. Overview</h2> -<h3 id="11-sw360-portal">1.1 SW360 Portal</h3> -<p>A software component catalogue application - designed to work with FOSSology.</p> -<p>SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. -It can manage SPDX files for maintaining the license conditions and maintain license information.</p> -<p>This material helps user to install SW360 17.0.0</p> -<h3 id="12-environment">1.2 Environment</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Ubuntu</td> -<td style="text-align:center">20.04</td> -</tr> -<tr> -<td style="text-align:left">Apt</td> -<td style="text-align:center">2.0.2</td> -</tr> -<tr> -<td style="text-align:left">Wget</td> -<td style="text-align:center">1.20.3</td> -</tr> -<tr> -<td style="text-align:left">Curl</td> -<td style="text-align:center">7.68.0</td> -</tr> -<tr> -<td style="text-align:left">Git</td> -<td style="text-align:center">2.25.1</td> -</tr> -<tr> -<td style="text-align:left">Maven</td> -<td style="text-align:center">3.6.0</td> -</tr> -<tr> -<td style="text-align:left">OpenJDK</td> -<td style="text-align:center">11.0.5</td> -</tr> -</tbody> -</table> -<h2 id="2install--config-proxy-for-environment">2.Install &amp; Config proxy for Environment</h2> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>2.1 Apt -</span></span><span style="display:flex;"><span>2.2 Wget -</span></span><span style="display:flex;"><span>2.3 Curl -</span></span><span style="display:flex;"><span>2.4 Git -</span></span><span style="display:flex;"><span>2.5 Maven -</span></span><span style="display:flex;"><span>2.6 OpenJDK -</span></span></code></pre></div><h3 id="21-apt">2.1 Apt</h3> -<h4 id="create-file-with-name-proxyconf-in-folder-etcaptaptconfd">Create file with name proxy.conf in folder <code>/etc/apt/apt.conf.d</code></h4> -<ul> -<li><code>$ sudo gedit /etc/apt/apt.conf.d/proxy.conf</code></li> -</ul> -<h4 id="add-the-following-line-few-files-proxyconf">Add the following line few files <code>proxy.conf</code></h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Acquire { -</span></span><span style="display:flex;"><span> HTTP::proxy &#34;http://username:password@server:port&#34;; -</span></span><span style="display:flex;"><span> HTTPS::proxy &#34;http://username:password@server:port&#34;; -</span></span><span style="display:flex;"><span> } -</span></span></code></pre></div><h3 id="22-wget">2.2 Wget</h3> -<h4 id="create-file-wgetrc">Create file <code>~/.wgetrc</code></h4> -<ul> -<li><code>$ sudo gedit ~/.wgetrc</code></li> -</ul> -<h4 id="add-the-following-line-few-files-wgetrc">Add the following line few files <code>~/.wgetrc</code></h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> use_proxy=yes -</span></span><span style="display:flex;"><span> http_proxy=http://username:password@server:port -</span></span><span style="display:flex;"><span> https_proxy=http://username:password@server:port -</span></span></code></pre></div><h3 id="23-curl">2.3 Curl</h3> -<h4 id="231-install-curl">2.3.1 Install Curl</h4> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install curl</code></li> -</ul> -<h4 id="232-config-proxy">2.3.2 Config proxy</h4> -<ul> -<li> -<p>Create file <code>~/.curlrc</code></p> -<ul> -<li><code>$ sudo gedit ~/.curlrc</code></li> -</ul> -</li> -<li> -<p>Add the following line few files <code>~/.curlrc</code></p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> proxy=http://username:password@server:port/ -</span></span></code></pre></div><h3 id="24-git">2.4 Git</h3> -<h4 id="241-install-git">2.4.1 Install Git</h4> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install git</code></li> -</ul> -<h4 id="242-config-proxy">2.4.2 Config proxy</h4> -<ul> -<li> -<p>Create file <code>~/.gitconfig</code></p> -<ul> -<li><code>$ sudo gedit ~/.gitconfig</code></li> -</ul> -</li> -<li> -<p>Add the following line few files <code>~/.gitconfig</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> [http] -</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port -</span></span><span style="display:flex;"><span> sslverify = false -</span></span><span style="display:flex;"><span> [https] -</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port -</span></span></code></pre></div></li> -</ul> -<h3 id="25-maven">2.5 Maven</h3> -<h4 id="251-install-maven">2.5.1 Install Maven</h4> -<p>*Go to back Home in Terminal</p> -<ul> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install maven</code></li> -</ul> -<h4 id="252-config-proxy-for-maven">2.5.2 Config proxy for Maven</h4> -<ul> -<li>Create Folder with path <code>/home/user/.m2</code></li> -</ul> -<ul> -<li><code>$ mkdir /home/user/.m2</code></li> -</ul> -<ul> -<li>Create File in Folder <code>.m2</code></li> -</ul> -<ul> -<li><code>$ touch /home/user/.m2/settings.xml</code></li> -</ul> -<ul> -<li> -<p>Copy the following lines into tag <proxies></proxies></p> -<pre><code> &lt;settings&gt; - &lt;proxies&gt; - &lt;proxy&gt; - - &lt;id&gt;optional1&lt;/id&gt; - - &lt;active&gt;true&lt;/active&gt; - - &lt;protocol&gt;http&lt;/protocol&gt; - - &lt;username&gt;username&lt;/username&gt; - - &lt;password&gt;password&lt;/password&gt; - - &lt;host&gt;server&lt;/host&gt; - - &lt;port&gt;port&lt;/port&gt; - - &lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; - - &lt;/proxy&gt; - - &lt;proxy&gt; - - &lt;id&gt;optional1&lt;/id&gt; - - &lt;active&gt;true&lt;/active&gt; - - &lt;protocol&gt;http&lt;/protocol&gt; - - &lt;username&gt;username&lt;/username&gt; - - &lt;password&gt;password&lt;/password&gt; - - &lt;host&gt;server&lt;/host&gt; - - &lt;port&gt;port&lt;/port&gt; - - &lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; - - &lt;/proxy&gt; - &lt;/proxies&gt; - &lt;/settings&gt; -</code></pre> -</li> -</ul> -<h3 id="26-openjdk-11">2.6 OpenJDK 11</h3> -<ul> -<li>And install OpenJDK 11 -<ul> -<li><code>$ sudo apt install openjdk-11-jdk</code></li> -</ul> -</li> -<li>Check version: -<ul> -<li><code>$ java --version</code></li> -<li>Output:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> openjdk version &#34;11.0.15&#34; 2022-04-19 -</span></span><span style="display:flex;"><span> OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) -</span></span><span style="display:flex;"><span> OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) -</span></span></code></pre></div><ul> -<li>Install JDK successfully</li> -</ul> -</li> -</ul> -<h2 id="3-native-install-1700-without-docker-compose">3. Native install 17.0.0 (without docker-compose)</h2> -<h3 id="the-installation-consists-of-some-tasks">The installation consists of some tasks::</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules -</span></span><span style="display:flex;"><span>3.2 Install Couchdb version 3.2.2 -</span></span><span style="display:flex;"><span>3.3 Install Couchdb Lucene -</span></span><span style="display:flex;"><span>3.4 Clone Project sw360 with version 17.0.0 -</span></span><span style="display:flex;"><span>3.5 Install Thrift version 16.0 -</span></span><span style="display:flex;"><span>3.6 Compiling and deploying -</span></span><span style="display:flex;"><span>3.7 Version Management Table -</span></span></code></pre></div><h3 id="31-install-a-liferay-community-edition-bundled-with-tomcat">3.1 Install A Liferay Community Edition bundled with Tomcat</h3> -<ul> -<li> -<p>Make folder <code>work</code> in path of work: <code>/home/user</code></p> -<ul> -<li><code>$ mkdir work</code></li> -</ul> -</li> -<li> -<p>Download Liferay Portal CE 7.4.3.18 GA18</p> -<ul> -<li><code>$ cd work</code></li> -<li><code>$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> -</ul> -</li> -<li> -<p>Extract downloaded file</p> -<ul> -<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> -</ul> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> -</ul> -</li> -<li> -<p>Create <code>portal-ext.properties</code> file in <code>liferay-ce-portal-7.4.3.18-ga18</code> folder</p> -</li> -<li> -<p>Copy content from <a href="https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties">https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties</a> to portal-ext.properties</p> -</li> -</ul> -<ul> -<li> -<p>Edit <code>portal-ext.properties</code>: uncomment below lines</p> -<pre><code> # default.admin.password=sw360fossy - - # default.admin.screen.name=setup - - # default.admin.email.address.prefix=setup - - # default.admin.first.name=Setup - - # default.admin.last.name=Administrator -</code></pre> -</li> -<li> -<p>Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Postgres configuration -</span></span><span style="display:flex;"><span> jdbc.default.driverClassName=org.postgresql.Driver -</span></span><span style="display:flex;"><span> jdbc.default.url=jdbc:postgresql://localhost:5432/lportal -</span></span><span style="display:flex;"><span> jdbc.default.username=${postgres_user} -</span></span><span style="display:flex;"><span> jdbc.default.password=${postgres_password} -</span></span></code></pre></div><ul> -<li>Add lines to setup passsword policies</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Passsword policies -</span></span><span style="display:flex;"><span> passwords.default.policy.change.required=false -</span></span><span style="display:flex;"><span> company.security.send.password.reset.link=false -</span></span><span style="display:flex;"><span> company.security.auto.login=false -</span></span><span style="display:flex;"><span> company.security.auth.type=emailAddress -</span></span><span style="display:flex;"><span> company.security.strangers=false -</span></span><span style="display:flex;"><span> company.security.strangers.with.mx=false -</span></span><span style="display:flex;"><span> company.security.strangers.verify=false -</span></span></code></pre></div><ul> -<li> -<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic</code></p> -<ul> -<li><code>$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*</code></li> -</ul> -</li> -<li> -<p>Move folder <code>liferay-ce-portal-7.4.3.18-ga18</code> to <code>/opt</code></p> -<ul> -<li><code>$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt</code></li> -</ul> -</li> -</ul> -<h3 id="32-install-database">3.2 Install Database</h3> -<h4 id="321-install-couch-db">3.2.1 Install Couch DB</h4> -<ul> -<li>To install from aptitute type:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update -</span></span><span style="display:flex;"><span>$ sudo apt install -y couchdb -</span></span></code></pre></div><ul> -<li> -<p>You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials.</p> -</li> -<li> -<p>After, run CouchDb service, check if it&rsquo;s working:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service -</span></span></code></pre></div><ul> -<li>Check if CouchDB is responding:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ curl localhost:5984 -</span></span></code></pre></div><ul> -<li>This should return json containing version information</li> -<li>You can use &ldquo;start/stop/status/restart&rdquo; command with systemctl for controlling CouchDB service.</li> -</ul> -<h4 id="install-couchdb-lucene">Install Couchdb Lucene</h4> -<ul> -<li> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> -</li> -<li> -<p>Run command download Couchdb Lucene</p> -<ul> -<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Note extract couchdb-lucene to folder <code>work</code> with path of work: <code>/home/user/work</code></p> -<ul> -<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Run command:</p> -<ul> -<li><code>cd couchdb-lucene-2.1.0</code></li> -<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> -<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> -<li><code>mvn clean install war:war</code></li> -<li><code>cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war</code></li> -</ul> -</li> -</ul> -<h3 id="322-install-postgresql">3.2.2 Install PostgreSQL</h3> -<ul> -<li>Install PostgerSQL manually, you can install through &ldquo;apt install&rdquo; too:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install zlib1g-dev -y -</span></span><span style="display:flex;"><span>$ sudo apt install libreadline-dev -y -</span></span><span style="display:flex;"><span>$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz -</span></span><span style="display:flex;"><span>$ tar -xvf postgresql-10.14.tar.gz -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> postgresql-10.14/ -</span></span><span style="display:flex;"><span>$ mkdir -p /PATH_TO/sw360postgres -</span></span><span style="display:flex;"><span>$ ./configure -prefix<span style="color:#555">=</span>/PATH_TO/sw360postgres -</span></span><span style="display:flex;"><span>$ make -</span></span><span style="display:flex;"><span>$ sudo make install -</span></span></code></pre></div><ul> -<li>Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc -</span></span></code></pre></div><ul> -<li>Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as &ldquo;/home/username&rdquo;:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/bin:<span style="color:#033">$PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGDATA</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/data -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LD_LIBRARY_PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/lib -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGPORT</span><span style="color:#555">=</span><span style="color:#f60">5432</span> -</span></span></code></pre></div><ul> -<li>Check if paths have been set, result must be the absolute paths:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGDATA</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$LD_LIBRARY_PATH</span> -</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGPORT</span> -</span></span></code></pre></div><ul> -<li>After paths are set, postgres service can be run:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /PATH_TO/sw360postgres/bin -</span></span><span style="display:flex;"><span>$ ./initdb --encoding<span style="color:#555">=</span>UTF8 --no-locale -</span></span><span style="display:flex;"><span>$ ./pg_ctl start -</span></span></code></pre></div><ul> -<li>You will see that the server has started.</li> -<li>Note: If you installed through &ldquo;apt install&rdquo; then start the postgres service by following command, where after @ comes the installed version, if postgres isn&rsquo;t running you won&rsquo;t be able to connect to the server, and the error message is not explaining well that server isn&rsquo;t actually running at the moment:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo systemctl status postgresql@12-main.service -</span></span><span style="display:flex;"><span>sudo systemctl start postgresql@12-main.service -</span></span></code></pre></div><ul> -<li>Postgres will create an user with username ${ubuntu_user} (username login to ubuntu)</li> -<li>Use theses command to change password of user ${ubuntu_user} in postgres sql.</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql postgres -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \du</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># create database lportal;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER USER ${ubuntu_user} WITH PASSWORD &#39;sw360fossy&#39;;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER ROLE ${ubuntu_user} with superuser;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \q</span> -</span></span></code></pre></div><ul> -<li>Connect to postgres shell, and check users information</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql -d lportal -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \du</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \dt</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \l</span> -</span></span></code></pre></div><h3 id="33-install-cve-search">3.3 Install CVE-Search</h3> -<ul> -<li>Follow these detailed instructions:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#555">[</span>https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst<span style="color:#555">]</span> -</span></span></code></pre></div><ul> -<li>To connect it to SW360, see following instructions:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ -</span></span></code></pre></div><h5 id="notes">Notes:</h5> -<ul> -<li>In the instruction be careful with setting apt link for mongodb, if somehow it destroys your &ldquo;sudo apt update&rdquo; command, go to &ldquo;/etc/apt/sources.list&rdquo; file and comment out the broken line, that&rsquo;s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.</li> -</ul> -<h3 id="34-clone-sw360-with-version-1700">3.4 Clone sw360 with version 17.0.0</h3> -<ul> -<li> -<p>Clone sw360 source code to folder <code>work</code> with path: <code>/home/user/work</code></p> -<ul> -<li><code>$ git clone https://github.com/eclipse/sw360</code></li> -</ul> -</li> -<li> -<p>Checkout to tag 17.0.0 version</p> -<ul> -<li><code>$ cd sw360</code></li> -<li><code>$ git checkout sw360-17.0.0-M1</code></li> -</ul> -</li> -<li> -<p>export path to repository sw360</p> -<ul> -<li><code>$ export SW360_REPOSITORY=/home/user/work/sw360</code></li> -</ul> -</li> -</ul> -<h3 id="35-install-thrift-version-016">3.5 Install Thrift version 0.16</h3> -<ul> -<li> -<p>For thrift, we need version 0.16. The installation script in Path: <code>${SW360_REPOSITORY}/scripts/install-thrift.sh</code></p> -</li> -<li> -<p>Run command to install libraries:</p> -<ul> -<li><code>$ sudo apt-get install -y clang-tidy</code></li> -<li><code>$ sudo apt-get install flex</code></li> -<li><code>$ sudo apt-get install -y clang-tools</code></li> -<li><code>$ sudo apt-get install bison</code></li> -<li><code>$ sudo apt-get install cmake</code></li> -</ul> -</li> -<li> -<p>Run command:</p> -<ul> -<li><code>$ chmod +x install-thrift.sh</code></li> -<li><code>$ sudo ./install-thrift.sh</code></li> -</ul> -</li> -</ul> -<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16</p> -<ul> -<li> -<p>Check version thrift</p> -<ul> -<li> -<p><code>$ thrift --version</code></p> -</li> -<li> -<p>Output:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Thrift version 0.16.0 -</span></span></code></pre></div><ul> -<li>Install Thrift successfully</li> -</ul> -</li> -</ul> -<h3 id="36-config-properties-files-with-sw360-sw360-1700">3.6 Config properties files with Sw360 (sw360 17.0.0)</h3> -<ul> -<li> -<p>Create folder <code>sw360</code> in path <code>/etc/</code></p> -<ul> -<li><code>sudo mkdir sw360</code></li> -</ul> -</li> -<li> -<p>Create 2 folder <code>authorization</code> and <code>rest</code> in path <code>/etc/sw360</code></p> -<ul> -<li><code>sudo mkdir authorization</code></li> -<li><code>sudo mkdir rest</code></li> -</ul> -</li> -<li> -<p>Create file <code>application.yml</code> in path <code>/etc/sw360/authorizaton</code> with content:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># This program and the accompanying materials are made -</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Port to open in standalone mode -</span></span><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8090 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials -</span></span><span style="display:flex;"><span>couchdb: -</span></span><span style="display:flex;"><span> url: http://localhost:5984 -</span></span><span style="display:flex;"><span> database: sw360oauthclients -</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password -</span></span><span style="display:flex;"><span> username: admin -</span></span><span style="display:flex;"><span> password: password -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>jwt: -</span></span><span style="display:flex;"><span> secretkey: sw360SecretKey -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> jackson: -</span></span><span style="display:flex;"><span> serialization: -</span></span><span style="display:flex;"><span> indent_output: true -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Common SW360 properties -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> # The url of the Liferay instance -</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} -</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for -</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} -</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO -</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server -</span></span><span style="display:flex;"><span> customheader: -</span></span><span style="display:flex;"><span> headername: -</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here -</span></span><span style="display:flex;"><span> enabled: false -</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers -</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server -</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker -</span></span><span style="display:flex;"><span> email: authenticated-email -</span></span><span style="display:flex;"><span> extid: authenticated-extid -</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span></code></pre></div><ul> -<li>Create file <code>application.yml</code> in path <code>/etc/sw360/rest</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2017. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span># Copyright Bosch.IO GmbH 2020 -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># This program and the accompanying materials are made -</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8091 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>management: -</span></span><span style="display:flex;"><span> endpoints: -</span></span><span style="display:flex;"><span> enabled-by-default: false -</span></span><span style="display:flex;"><span> web: -</span></span><span style="display:flex;"><span> base-path: -</span></span><span style="display:flex;"><span> endpoint: -</span></span><span style="display:flex;"><span> health: -</span></span><span style="display:flex;"><span> enabled: true -</span></span><span style="display:flex;"><span> show-details: always -</span></span><span style="display:flex;"><span> info: -</span></span><span style="display:flex;"><span> enabled: true -</span></span><span style="display:flex;"><span> web: -</span></span><span style="display:flex;"><span> base-path: / -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> servlet: -</span></span><span style="display:flex;"><span> multipart: -</span></span><span style="display:flex;"><span> max-file-size: 500MB -</span></span><span style="display:flex;"><span> max-request-size: 600MB -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># logging: -</span></span><span style="display:flex;"><span># level: -</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span><span style="display:flex;"><span> jwt: -</span></span><span style="display:flex;"><span> keyValue: | -</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- -</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy -</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ -</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ -</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg -</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da -</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ -</span></span><span style="display:flex;"><span> PQIDAQAB -</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} -</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org -</span></span><span style="display:flex;"><span> test-user-password: sw360-password -</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span></code></pre></div><ul> -<li>Create file <code>couchdb.properties</code> in path <code>/etc/sw360</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2020. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># This program and the accompanying materials are made -</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>couchdb.url = http://localhost:5984 -</span></span><span style="display:flex;"><span>couchdb.user = admin -</span></span><span style="display:flex;"><span>couchdb.password = password -</span></span><span style="display:flex;"><span>couchdb.database = sw360db -</span></span><span style="display:flex;"><span>couchdb.usersdb = sw360users -</span></span><span style="display:flex;"><span>couchdb.attachments = sw360attachments -</span></span><span style="display:flex;"><span>lucenesearch.limit = 10000 -</span></span></code></pre></div><ul> -<li>Create file <code>sw360.properties</code> and <code>/etc/sw360</code> with content:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># This program and the accompanying materials are made -</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 -</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span># -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># common property file for the backend services -</span></span><span style="display:flex;"><span>backend.url= http://localhost:8080 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>licenseinfo.spdxparser.use-license-info-from-files=true -</span></span><span style="display:flex;"><span>mainline.state.enabled.for.user=false -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># settings for the mail utility: -</span></span><span style="display:flex;"><span># if host is not set, e-mailing is disabled -</span></span><span style="display:flex;"><span>MailUtil_host= -</span></span><span style="display:flex;"><span>MailUtil_from=__No_Reply__@sw360.org -</span></span><span style="display:flex;"><span>MailUtil_port=25 -</span></span><span style="display:flex;"><span>MailUtil_enableStarttls= -</span></span><span style="display:flex;"><span>MailUtil_enableSsl= -</span></span><span style="display:flex;"><span>MailUtil_isAuthenticationNecessary= -</span></span><span style="display:flex;"><span>MailUtil_login= -</span></span><span style="display:flex;"><span>MailUtil_password= -</span></span><span style="display:flex;"><span>MailUtil_enableDebug= -</span></span><span style="display:flex;"><span>MailUtil_supportMailAddress= -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># text patterns for mail utility -</span></span><span style="display:flex;"><span>defaultBegin = \ -</span></span><span style="display:flex;"><span>*** This is an automatically generated email, please do not reply. ***\n\n\ -</span></span><span style="display:flex;"><span>Dear SW360-user,\n\n -</span></span><span style="display:flex;"><span>defaultEnd = \ -</span></span><span style="display:flex;"><span>With best regards,\n\ -</span></span><span style="display:flex;"><span>SW360-support -</span></span><span style="display:flex;"><span>unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: -</span></span><span style="display:flex;"><span>unsubscribeNoticeAfter =. *** -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>subjectForNewModerationRequest= New moderation request -</span></span><span style="display:flex;"><span>subjectForUpdateModerationRequest= Update on moderation request -</span></span><span style="display:flex;"><span>subjectForAcceptedModerationRequest= Your moderation request has been accepted -</span></span><span style="display:flex;"><span>subjectForDeclinedModerationRequest= Your moderation request has been declined -</span></span><span style="display:flex;"><span>subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined -</span></span><span style="display:flex;"><span>subjectForNewComponent= New component created -</span></span><span style="display:flex;"><span>subjectForUpdateComponent= Component updated -</span></span><span style="display:flex;"><span>subjectForNewRelease= New release created -</span></span><span style="display:flex;"><span>subjectForUpdateRelease= Release updated -</span></span><span style="display:flex;"><span>subjectForNewProject= New project created -</span></span><span style="display:flex;"><span>subjectForUpdateProject= Project updated -</span></span><span style="display:flex;"><span>subjectForNewClearingRequest= New clearing request &lt;%s&gt; for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span>subjectForClearingRequestComment= New comment added in clearing request &lt;%s&gt; for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span>subjectForUpdatedClearingRequest= Your clearing request &lt;%s&gt; has been updated for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span>subjectForClosedClearingRequest= Your clearing request &lt;%s&gt; has been closed for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span>subjectForRejectedClearingRequest= Your clearing request &lt;%s&gt; has been rejected for Project &lt;%s&gt; -</span></span><span style="display:flex;"><span>subjectForUpdatedProjectWithClearingRequest= Project &lt;%s&gt; with clearing request &lt;%s&gt; updated -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n -</span></span><span style="display:flex;"><span>textForUpdateModerationRequest= \ -</span></span><span style="display:flex;"><span>one of the moderation requests previously added to your \ -</span></span><span style="display:flex;"><span>SW360-account has been updated.\n\n -</span></span><span style="display:flex;"><span>textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n -</span></span><span style="display:flex;"><span>textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n -</span></span><span style="display:flex;"><span>textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n -</span></span><span style="display:flex;"><span>textForNewComponent= a new component %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span>textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span>textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span>textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span>textForNewProject= a new project %s %s, in which you take part, has been created.\n\n -</span></span><span style="display:flex;"><span>textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n -</span></span><span style="display:flex;"><span>textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n -</span></span><span style="display:flex;"><span>textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n -</span></span><span style="display:flex;"><span>#attachment.store.file.system.location=/opt/sw360tempattachments -</span></span><span style="display:flex;"><span>#enable.attachment.store.to.file.system=false -</span></span><span style="display:flex;"><span>#attachment.store.file.system.permission=rwx------ -</span></span><span style="display:flex;"><span>#attachemnt.delete.no.of.days=30 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. -</span></span><span style="display:flex;"><span>#sw360changelog.config.file.location=/etc/sw360/log4j2.xml -</span></span><span style="display:flex;"><span>enable.sw360.change.log=false -</span></span><span style="display:flex;"><span>sw360changelog.output.path=sw360changelog/sw360changelog -</span></span></code></pre></div><ul> -<li>Configure the sw360ChangeLog path</li> -</ul> -<h4 id="1-create-log4j2xml-file">1. Create log4j2.xml file</h4> -<ul> -<li>Based on log4j2.xml file from <a href="https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml">https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml</a>, update the content as below, then place this file to etc/sw360 folder.</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>&lt;?xml version=&#34;1.0&#34; encoding=&#34;UTF-8&#34;?&gt; -</span></span><span style="display:flex;"><span>&lt;!-- -</span></span><span style="display:flex;"><span>~ Copyright (c) Bosch.IO GmbH 2020. -</span></span><span style="display:flex;"><span>~ -</span></span><span style="display:flex;"><span>~ All rights reserved. This program and the accompanying materials -</span></span><span style="display:flex;"><span>~ are made available under the terms of the Eclipse Public License v2.0 -</span></span><span style="display:flex;"><span>~ which accompanies this distribution, and is available at -</span></span><span style="display:flex;"><span>~ http://www.eclipse.org/legal/epl-v20.html -</span></span><span style="display:flex;"><span>~ -</span></span><span style="display:flex;"><span>~ SPDX-License-Identifier: EPL-2.0 -</span></span><span style="display:flex;"><span>--&gt; -</span></span><span style="display:flex;"><span>&lt;Configuration status=&#34;WARN&#34;&gt; -</span></span><span style="display:flex;"><span> &lt;Appenders&gt; -</span></span><span style="display:flex;"><span> &lt;Console name=&#34;Console&#34; target=&#34;SYSTEM_OUT&#34;&gt; -</span></span><span style="display:flex;"><span> &lt;PatternLayout pattern=&#34;%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;/Console&gt; -</span></span><span style="display:flex;"><span> &lt;!-- environment variables can be set in the format of &#34;$ {env: LOG_ROOT}&#34; --&gt; -</span></span><span style="display:flex;"><span> &lt;RollingFile name=&#34;ChangeLogFile&#34; fileName=&#34;${env:FILE_PATH}/sw360changelog.log&#34; -</span></span><span style="display:flex;"><span> filePattern=&#34;${env:FILE_PATH}/sw360changelog-%d{yyyy-MM-dd}-%i.log&#34; &gt; -</span></span><span style="display:flex;"><span> &lt;PatternLayout pattern=&#34;%m%n&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;Policies&gt; -</span></span><span style="display:flex;"><span> &lt;SizeBasedTriggeringPolicy size=&#34;10MB&#34; /&gt; -</span></span><span style="display:flex;"><span> &lt;/Policies&gt; -</span></span><span style="display:flex;"><span> &lt;DefaultRolloverStrategy max=&#34;10&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;/RollingFile&gt; -</span></span><span style="display:flex;"><span> &lt;/Appenders&gt; -</span></span><span style="display:flex;"><span> &lt;Loggers&gt; -</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;org.eclipse.sw360&#34; level=&#34;info&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;sw360changelog&#34; level=&#34;debug&#34; &gt; -</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;ChangeLogFile&#34; /&gt; -</span></span><span style="display:flex;"><span> &lt;/Logger&gt; -</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;org.eclipse.sw360&#34; level=&#34;debug&#34; additivity=&#34;false&#34;&gt; -</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;Console&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;/Logger&gt; -</span></span><span style="display:flex;"><span> &lt;Root level=&#34;warn&#34;&gt; -</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;ChangeLogFile&#34;/&gt; -</span></span><span style="display:flex;"><span> &lt;/Root&gt; -</span></span><span style="display:flex;"><span> &lt;/Loggers&gt; -</span></span><span style="display:flex;"><span>&lt;/Configuration&gt; -</span></span></code></pre></div><ul> -<li> -<p>Set the environment variable for the changelog directory (<code>${env:FILE_PATH}/sw360changelog.log</code>)</p> -<ul> -<li> -<p>Create Folder <code>sw360changelog</code> in <code>var/log/</code>:</p> -<ul> -<li><code>$ sudo mkdir sw360changelog </code></li> -</ul> -</li> -<li> -<p>If <code>/var/log/sw360changelog</code> folder requires permission, set permission for this folder:</p> -<ul> -<li><code>$ sudo chown -R $USER:$USER /var/log/sw360changelog</code></li> -</ul> -</li> -<li> -<p><code>$ export FILE_PATH=/var/log/sw360changelog</code></p> -</li> -</ul> -</li> -<li> -<p>NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable</p> -</li> -</ul> -<h4 id="2-enable-changelog-config">2. Enable changelog config</h4> -<p>Add the following lines to the sw360.properties file (or uncomment if they are existing)</p> -<ul> -<li><code>sw360changelog.config.file.location=/etc/sw360/log4j2.xml</code></li> -<li><code>enable.sw360.change.log=true</code></li> -</ul> -<h4 id="3-compile-and-deploy">3. Compile and deploy</h4> -<ul> -<li> -<p>Set <code>sw360.liferay.company.id = 20099</code> in <code>sw360.properties</code> file</p> -</li> -<li> -<p>Set the environment variable for the LIFERAY_INSTALL directory</p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> -</ul> -</li> -<li> -<p>Note: Should add -DskipTests when building sw360 to avoid test data write to log file</p> -</li> -<li> -<p>To clean everything and install without running the tests</p> -<ul> -<li><code>$ mvn clean install -DskipTests</code></li> -</ul> -</li> -<li> -<p>For deployment, run the command</p> -<ul> -<li><code>$ cd /home/user/work/sw360</code></li> -<li><code>$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests</code></li> -</ul> -</li> -</ul> -<h4 id="4-start-and-configure-liferay">4. Start and configure Liferay</h4> -<ul> -<li> -<p>Set the environment variable for the LIFERAY_INSTALL directory</p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> -</ul> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*</code></li> -</ul> -</li> -<li> -<p>SW360 URL: <code>https://localhost:8080</code></p> -</li> -</ul> -<h4 id="5-how-to-check-the-logs">5. How to check the logs</h4> -<ul> -<li>Edit (update) a project, component, or release in SW360.</li> -<li>Then check the logs in <code>${FILE_PATH}/sw360changelog/sw360changelog.log</code> file -\</li> -</ul> -<h3 id="37-compile-and-deploy">3.7 Compile and deploy</h3> -<ul> -<li>Start Database</li> -<li>Turn on the CouchDB and Postgres services</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service -</span></span><span style="display:flex;"><span>$ sudo systemctl start postgres@@12-main.service -</span></span></code></pre></div><ul> -<li>Check if both are running:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl status couchdb.service -</span></span><span style="display:flex;"><span>$ sudo systemctl status postgres@@12-main.service -</span></span></code></pre></div><ul> -<li>You should be able to see something like this:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>... systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started PostgreSQL Cluster 12-main. -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span>... halt systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started Apache CouchDB. -</span></span></code></pre></div><ul> -<li> -<p>install python and pip</p> -<ul> -<li><code>$ sudo apt-get install python3 -y</code></li> -<li><code>$ sudo -E apt-get install python3-pip -y</code></li> -</ul> -</li> -<li> -<p>install mkdocs</p> -<ul> -<li>Without proxy: -<ul> -<li><code>$ sudo -E pip3 install mkdocs</code></li> -<li><code>$ sudo -E pip3 install mkdocs-material</code></li> -</ul> -</li> -<li>Via proxy: -<ul> -<li><code>$ sudo -E pip3 install --proxy=&quot;http://username:password@hostname:port&quot; mkdocs</code></li> -<li><code>$ sudo -E pip3 install --proxy=&quot;http://username:password@hostname:port&quot; mkdocs-material</code></li> -</ul> -</li> -</ul> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ cd /home/user/work/sw360</code></li> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> -</ul> -</li> -</ul> -<ol> -<li> -<p>To clean everything and install without running the tests</p> -<ul> -<li><code>$ mvn clean install -DskipTests </code></li> -</ul> -</li> -<li> -<p>For deployment run the command</p> -<ul> -<li><code>mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false</code></li> -</ul> -</li> -</ol> -<h4 id="371-start-and-configure-liferay">3.7.1 Start and Configure Liferay</h4> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> -</ul> -</li> -<li> -<p>After run command &ldquo;mvn clean install -DskipTests&rdquo; above, copy dependency in folder <code>/home/user/work/sw360/utils/jars</code> to <code>${LIFERAY_INSTALL}/osgi/modules</code></p> -<ul> -<li><code>$ cd /home/user/work/sw360/utils/jars</code></li> -<li><code>$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/</code></li> -</ul> -</li> -<li> -<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.</p> -<ul> -<li><code>$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh</code></li> -<li><code>$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/</code></li> -</ul> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out</code></li> -</ul> -</li> -<li> -<p>Url SW360 : <code>https://localhost:8080</code></p> -</li> -</ul> -<h4 id="372-configure-liferay-portal">3.7.2 Configure Liferay Portal</h4> -<ul> -<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> -</ul> -<ul> -<li> -<p>Import users</p> -<ol> -<li>Open the panel on the left side by clicking the button on the top left.</li> -<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> -<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> -<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> -<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very -beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> -* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> -</ol> -</li> -<li> -<p>Setup liferay:</p> -</li> -</ul> -<p>After successful , Then if you open the server with the URL <code>https://localhost:8080/</code> the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/1.png"/> -</figure> - -<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/2.png"/> -</figure> - -<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/3.png"/> -</figure> - -<h4 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h4> -<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/4.png"/> -</figure> - -<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/6.png"/> -</figure> - -<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/7.png"/> -</figure> - -<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/8.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/9.png"/> -</figure> - -<p>Finally, sice Liferay 7.4 some of the bundled modules need to be activated:</p> -<ul> -<li>jquery</li> -<li>font awesome</li> -</ul> -<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/10.png"/> -</figure> - -<p>Do the same for Font Awesome:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/11.png"/> -</figure> - -<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> -<h4 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h4> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> -<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/12.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> -</figure> - -<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/18.png"/> -</figure> - -<p>You can close the left menu area by clicking on the upper left icon:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/19.png"/> -</figure> - -<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/20.png"/> -</figure> - -<h4 id="import-user-accounts-for-testing">Import User Accounts for Testing</h4> -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/21.png"/> -</figure> - -<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/22.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/23.png"/> -</figure> - -<h4 id="real-login">Real Login</h4> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/24.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/25.png"/> -</figure> - -<h3 id="38-version-management-table-sw360-1700">3.8 Version Management Table (sw360 17.0.0)</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.4.3.18</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.56</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.16.0</td> -</tr> -<tr> -<td style="text-align:left">SW360</td> -<td style="text-align:center">17.0.0</td> -</tr> -</tbody> -</table> -<h2 id="references-for-more-information">References for more information</h2> -<ul> -<li><a href="https://www.eclipse.org/sw360/docs/">SW360</a></li> -<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a></li> -<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a></li> -<li><a href="https://maven.apache.org/install.html">Maven</a></li> -<li><a href="https://thrift.apache.org/">Thrift</a></li> -<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a></li> -<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a></li> -<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">CouchDB</a></li> -</ul> -<h2 id="license">License</h2> -<p>[SPDX-License-Identifier: EPL-2.0]</p> - - - - - - +<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/css/lightbox.min.css" integrity="sha256-tBxlolRHP9uMsEFKVk+hk//ekOlXOixLKvye5W2WR5c=" crossorigin="anonymous" /> +<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/lightbox2/2.11.1/js/lightbox.min.js" integrity="sha256-CtKylYan+AJuoH8jrMht1+1PMhMqrKnB8K5g012WN5I=" crossorigin="anonymous"></script><div class="card-deck"> +<a href="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStopCouchdb.jpg" data-lightbox="x" class="mb-5"> +<div class="card"> +<img class="card-img-top" src="https://www.eclipse.org/sw360/sw360/img/couchdb/StatusStopCouchdb.jpg" alt="Card image cap" /> +<div class="card-body"> +<h5 class="card-title">Status Stop Couchdb</h5> +<p class="card-text"> +</p> +</div> +</div> +</a> +</div> +</li> +</ul> +<!-- ![](./assets/img/StatusStopCouchdb.jpg) --> +</li> +<li> +<p>Url and account when config couchdb</p> +<ul> +<li>Username: <code>admin</code></li> +<li>Password: <code>password</code></li> +<li>Url: <code>http://localhost:5984/_utils</code></li> +</ul> +</li> +<li> +<p>Command Line When Start, Stop, check status Couchdb</p> +<ul> +<li>Start Couchdb: <code>$ sudo service couchdb start</code></li> +<li>Stop Couchdb: <code>$ sudo service couchdb stop</code></li> +<li>Check status: <code>$ sudo service couchdb status</code></li> +</ul> +</li> +</ul> +<h3 id="33-install-couchdb-lucene">3.3 Install Couchdb Lucene</h3> +<ul> +<li> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> +</li> +<li> +<p>Run command download Couchdb Lucene</p> +<ul> +<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Note Extract liferay To folder <code>work</code> with path of work: <code>/home/user/work</code></p> +<ul> +<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Run command:</p> +<ul> +<li><code>cd couchdb-lucene-2.1.0</code></li> +<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> +<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> +<li><code>mvn clean install war:war</code></li> +<li><code>cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/webapps/couchdb-lucene.war</code></li> +</ul> +</li> +</ul> +<h3 id="34-clone-sw360-with-version-1400">3.4 Clone sw360 with version 14.0.0</h3> +<ul> +<li> +<p>Clone sw360 source code to folder <code>work</code> with path: <code>/home/user/work</code></p> +<ul> +<li><code>$ git clone https://github.com/eclipse/sw360</code></li> +</ul> +</li> +<li> +<p>Checkout to tag 14.0.0 version</p> +<ul> +<li><code>$ cd sw360</code></li> +<li><code>$ git checkout sw360-14.0.0-M1</code></li> +</ul> +</li> +</ul> +<h3 id="35-install-thrift-version-014">3.5 Install Thrift version 0.14</h3> +<ul> +<li> +<p>For thrift, we need version 0.14. The installation script in Path: <code>SW360_REPOSITORY/scripts/install-thrift.sh</code></p> +</li> +<li> +<p>Run command:</p> +<ul> +<li><code>$ chmod +x install-thrift.sh</code></li> +<li><code>$ sudo ./install-thrift.sh</code></li> +</ul> +</li> +</ul> +<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14</p> +<ul> +<li> +<p>Check version thrift</p> +<ul> +<li> +<p><code>$ thrift --version</code></p> +</li> +<li> +<p>Output:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Thrift version 0.14.0 +</span></span></code></pre></div><ul> +<li>Install Thrift successfully</li> +</ul> +</li> +</ul> +<h3 id="36-compile-and-deploy">3.6 Compile and deploy</h3> +<ul> +<li> +<p>Start couchdb</p> +<ul> +<li><code>$ sudo service couchdb start</code></li> +</ul> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ cd /home/user/work/sw360</code></li> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +</ul> +<ol> +<li> +<p>To clean everything and install without running the tests</p> +<ul> +<li><code>$ mvn clean install -DskipTests </code></li> +</ul> +</li> +<li> +<p>For deployment run the command</p> +<ul> +<li><code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests</code></li> +</ul> +</li> +</ol> +<h4 id="361-start-and-configure-liferay">3.6.1 Start and Configure Liferay</h4> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> +</ul> +</li> +<li> +<p>Url SW360 : <code>https://localhost:8080</code></p> +</li> +</ul> +<h4 id="362-configure-liferay-portal">3.6.2 Configure Liferay Portal</h4> +<ul> +<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> +</ul> +<ul> +<li>Import users +<ol> +<li>Open the panel on the left side by clicking the button on the top left.</li> +<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> +<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> +<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> +<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very +beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> +* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> +</ol> +</li> +</ul> +<h3 id="37-version-management-table-sw360-140">3.7 Version Management Table (sw360 14.0)</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.3.4</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.33</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.14.0</td> +</tr> +<tr> +<td style="text-align:left">SW360</td> +<td style="text-align:center">14.0.0</td> +</tr> +</tbody> +</table> +<h3 id="38-config-couchdb-with-sw360-sw360-140">3.8 Config couchdb with Sw360 (sw360 14.0)</h3> +<ul> +<li> +<p>Create folder <code>sw360</code> in path <code>/etc/</code></p> +<ul> +<li><code>sudo mkdir sw360</code></li> +</ul> +</li> +<li> +<p>Create 2 folder <code>authorization</code> and <code>rest</code> in path <code>/etc/sw360</code></p> +<ul> +<li><code>sudo mkdir authorization</code></li> +<li><code>sudo mkdir rest</code></li> +</ul> +</li> +<li> +<p>Create file <code>application.yml</code> in path <code>/etc/sw360/authorizaton</code> with content:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made +</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # Port to open in standalone mode +</span></span><span style="display:flex;"><span> server: +</span></span><span style="display:flex;"><span> port: 8090 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # Connection to the couch databases. Will be used to store client credentials +</span></span><span style="display:flex;"><span> couchdb: +</span></span><span style="display:flex;"><span> url: http://localhost:5984 +</span></span><span style="display:flex;"><span> database: sw360oauthclients +</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password +</span></span><span style="display:flex;"><span> username: admin +</span></span><span style="display:flex;"><span> password: password +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> jwt: +</span></span><span style="display:flex;"><span> secretkey: sw360SecretKey +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> spring: +</span></span><span style="display:flex;"><span> jackson: +</span></span><span style="display:flex;"><span> serialization: +</span></span><span style="display:flex;"><span> indent_output: true +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # Common SW360 properties +</span></span><span style="display:flex;"><span> sw360: +</span></span><span style="display:flex;"><span> # The url of the Liferay instance +</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} +</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for +</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} +</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> security: +</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO +</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server +</span></span><span style="display:flex;"><span> customheader: +</span></span><span style="display:flex;"><span> headername: +</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here +</span></span><span style="display:flex;"><span> enabled: false +</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers +</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server +</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker +</span></span><span style="display:flex;"><span> email: authenticated-email +</span></span><span style="display:flex;"><span> extid: authenticated-extid +</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span></code></pre></div><ul> +<li>Create file <code>application.yml</code> in path <code>/etc/sw360/rest</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span> # Copyright Bosch.IO GmbH 2020 +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made +</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> server: +</span></span><span style="display:flex;"><span> port: 8091 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> management: +</span></span><span style="display:flex;"><span> endpoints: +</span></span><span style="display:flex;"><span> enabled-by-default: false +</span></span><span style="display:flex;"><span> web: +</span></span><span style="display:flex;"><span> base-path: +</span></span><span style="display:flex;"><span> endpoint: +</span></span><span style="display:flex;"><span> health: +</span></span><span style="display:flex;"><span> enabled: true +</span></span><span style="display:flex;"><span> show-details: always +</span></span><span style="display:flex;"><span> info: +</span></span><span style="display:flex;"><span> enabled: true +</span></span><span style="display:flex;"><span> web: +</span></span><span style="display:flex;"><span> base-path: / +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> spring: +</span></span><span style="display:flex;"><span> servlet: +</span></span><span style="display:flex;"><span> multipart: +</span></span><span style="display:flex;"><span> max-file-size: 500MB +</span></span><span style="display:flex;"><span> max-request-size: 600MB +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # logging: +</span></span><span style="display:flex;"><span> # level: +</span></span><span style="display:flex;"><span> # org.springframework.web: DEBUG +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> security: +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span><span style="display:flex;"><span> jwt: +</span></span><span style="display:flex;"><span> keyValue: | +</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- +</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy +</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ +</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ +</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg +</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da +</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ +</span></span><span style="display:flex;"><span> PQIDAQAB +</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> sw360: +</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} +</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org +</span></span><span style="display:flex;"><span> test-user-password: sw360-password +</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span></code></pre></div><ul> +<li>Create file <code>couchdb.properties</code> in path <code>/etc/sw360</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made +</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> couchdb.url = http://localhost:5984 +</span></span><span style="display:flex;"><span> couchdb.user = admin +</span></span><span style="display:flex;"><span> couchdb.password = password +</span></span><span style="display:flex;"><span> couchdb.database = sw360db +</span></span><span style="display:flex;"><span> couchdb.usersdb = sw360users +</span></span><span style="display:flex;"><span> couchdb.attachments = sw360attachments +</span></span><span style="display:flex;"><span> lucenesearch.limit = 10000 +</span></span></code></pre></div><ul> +<li>Create file <code>sw360.properties</code> and <code>/etc/sw360</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # This program and the accompanying materials are made +</span></span><span style="display:flex;"><span> # available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span> # which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> # SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span> # +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # common property file for the backend services +</span></span><span style="display:flex;"><span> backend.url= http://localhost:8080 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> licenseinfo.spdxparser.use-license-info-from-files=true +</span></span><span style="display:flex;"><span> mainline.state.enabled.for.user=false +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # settings for the mail utility: +</span></span><span style="display:flex;"><span> # if host is not set, e-mailing is disabled +</span></span><span style="display:flex;"><span> MailUtil_host= +</span></span><span style="display:flex;"><span> MailUtil_from=__No_Reply__@sw360.org +</span></span><span style="display:flex;"><span> MailUtil_port=25 +</span></span><span style="display:flex;"><span> MailUtil_enableStarttls= +</span></span><span style="display:flex;"><span> MailUtil_enableSsl= +</span></span><span style="display:flex;"><span> MailUtil_isAuthenticationNecessary= +</span></span><span style="display:flex;"><span> MailUtil_login= +</span></span><span style="display:flex;"><span> MailUtil_password= +</span></span><span style="display:flex;"><span> MailUtil_enableDebug= +</span></span><span style="display:flex;"><span> MailUtil_supportMailAddress= +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> # text patterns for mail utility +</span></span><span style="display:flex;"><span> defaultBegin = \ +</span></span><span style="display:flex;"><span> *** This is an automatically generated email, please do not reply. ***\n\n\ +</span></span><span style="display:flex;"><span> Dear SW360-user,\n\n +</span></span><span style="display:flex;"><span> defaultEnd = \ +</span></span><span style="display:flex;"><span> With best regards,\n\ +</span></span><span style="display:flex;"><span> SW360-support +</span></span><span style="display:flex;"><span> unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +</span></span><span style="display:flex;"><span> unsubscribeNoticeAfter =. *** +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> subjectForNewModerationRequest= New moderation request +</span></span><span style="display:flex;"><span> subjectForUpdateModerationRequest= Update on moderation request +</span></span><span style="display:flex;"><span> subjectForAcceptedModerationRequest= Your moderation request has been accepted +</span></span><span style="display:flex;"><span> subjectForDeclinedModerationRequest= Your moderation request has been declined +</span></span><span style="display:flex;"><span> subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +</span></span><span style="display:flex;"><span> subjectForNewComponent= New component created +</span></span><span style="display:flex;"><span> subjectForUpdateComponent= Component updated +</span></span><span style="display:flex;"><span> subjectForNewRelease= New release created +</span></span><span style="display:flex;"><span> subjectForUpdateRelease= Release updated +</span></span><span style="display:flex;"><span> subjectForNewProject= New project created +</span></span><span style="display:flex;"><span> subjectForUpdateProject= Project updated +</span></span><span style="display:flex;"><span> subjectForNewClearingRequest= New clearing request &lt;%s&gt; for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span> subjectForClearingRequestComment= New comment added in clearing request &lt;%s&gt; for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span> subjectForUpdatedClearingRequest= Your clearing request &lt;%s&gt; has been updated for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span> subjectForClosedClearingRequest= Your clearing request &lt;%s&gt; has been closed for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span> subjectForRejectedClearingRequest= Your clearing request &lt;%s&gt; has been rejected for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span> subjectForUpdatedProjectWithClearingRequest= Project &lt;%s&gt; with clearing request &lt;%s&gt; updated +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +</span></span><span style="display:flex;"><span> textForUpdateModerationRequest= \ +</span></span><span style="display:flex;"><span> one of the moderation requests previously added to your \ +</span></span><span style="display:flex;"><span> SW360-account has been updated.\n\n +</span></span><span style="display:flex;"><span> textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +</span></span><span style="display:flex;"><span> textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +</span></span><span style="display:flex;"><span> textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +</span></span><span style="display:flex;"><span> textForNewComponent= a new component %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span> textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span> textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span> textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span> textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span> textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span> textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +</span></span><span style="display:flex;"><span> textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +</span></span><span style="display:flex;"><span> #attachment.store.file.system.location=/opt/sw360tempattachments +</span></span><span style="display:flex;"><span> #enable.attachment.store.to.file.system=false +</span></span><span style="display:flex;"><span> #attachment.store.file.system.permission=rwx------ +</span></span><span style="display:flex;"><span> #attachemnt.delete.no.of.days=30 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +</span></span><span style="display:flex;"><span> #sw360changelog.config.file.location=/etc/sw360/log4j2.xml +</span></span><span style="display:flex;"><span> enable.sw360.change.log=false +</span></span><span style="display:flex;"><span> sw360changelog.output.path=sw360changelog/sw360changelog +</span></span></code></pre></div><h2 id="references-for-more-information">References for more information</h2> +<ul> +<li><a href="https://www.eclipse.org/sw360/docs/">SW360</a></li> +<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a></li> +<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a></li> +<li><a href="https://maven.apache.org/install.html">Maven</a></li> +<li><a href="https://thrift.apache.org/">Thrift</a></li> +<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a></li> +<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a></li> +<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">CouchDB</a></li> +</ul> +<h2 id="license">License</h2> +<p>[SPDX-License-Identifier: EPL-2.0]</p>Docs: Native Install v17https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/ +<h1 id="how-to-install-and-run-sw360-v1700">How to install and run SW360 v17.0.0</h1> +<h1 id="these-instructions-worked-on-ubuntu-2004-and-has-detailed-explanations-for-newcomers">These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.</h1> +<h2 id="this-is-a-guide-with-detailed-explanation-of-how-to-install-and-run-sw360-natively-on-you-local-machine">This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.</h2> +<h2 id="it-includes-installation-of-all-dependencies-manually-which-will-not-use-docker-or-other-container-system-during-the-installation-or-run">It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.</h2> +<p>SW360 is an Open Source project. The <a href="https://www.eclipse.org/sw360/docs/">SW360</a> repository and <a href="https://github.com/eclipse/sw360.website">SW360 website</a> repositories are published on GitHub.</p> +<h2 id="1-overview">1. Overview</h2> +<h3 id="11-sw360-portal">1.1 SW360 Portal</h3> +<p>A software component catalogue application - designed to work with FOSSology.</p> +<p>SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information.</p> +<p>This material helps user to install SW360 17.0.0</p> +<h3 id="12-environment">1.2 Environment</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Ubuntu</td> +<td style="text-align:center">20.04</td> +</tr> +<tr> +<td style="text-align:left">Apt</td> +<td style="text-align:center">2.0.2</td> +</tr> +<tr> +<td style="text-align:left">Wget</td> +<td style="text-align:center">1.20.3</td> +</tr> +<tr> +<td style="text-align:left">Curl</td> +<td style="text-align:center">7.68.0</td> +</tr> +<tr> +<td style="text-align:left">Git</td> +<td style="text-align:center">2.25.1</td> +</tr> +<tr> +<td style="text-align:left">Maven</td> +<td style="text-align:center">3.6.0</td> +</tr> +<tr> +<td style="text-align:left">OpenJDK</td> +<td style="text-align:center">11.0.5</td> +</tr> +</tbody> +</table> +<h2 id="2install--config-proxy-for-environment">2.Install &amp; Config proxy for Environment</h2> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>2.1 Apt +</span></span><span style="display:flex;"><span>2.2 Wget +</span></span><span style="display:flex;"><span>2.3 Curl +</span></span><span style="display:flex;"><span>2.4 Git +</span></span><span style="display:flex;"><span>2.5 Maven +</span></span><span style="display:flex;"><span>2.6 OpenJDK +</span></span></code></pre></div><h3 id="21-apt">2.1 Apt</h3> +<h4 id="create-file-with-name-proxyconf-in-folder-etcaptaptconfd">Create file with name proxy.conf in folder <code>/etc/apt/apt.conf.d</code></h4> +<ul> +<li><code>$ sudo gedit /etc/apt/apt.conf.d/proxy.conf</code></li> +</ul> +<h4 id="add-the-following-line-few-files-proxyconf">Add the following line few files <code>proxy.conf</code></h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Acquire { +</span></span><span style="display:flex;"><span> HTTP::proxy &#34;http://username:password@server:port&#34;; +</span></span><span style="display:flex;"><span> HTTPS::proxy &#34;http://username:password@server:port&#34;; +</span></span><span style="display:flex;"><span> } +</span></span></code></pre></div><h3 id="22-wget">2.2 Wget</h3> +<h4 id="create-file-wgetrc">Create file <code>~/.wgetrc</code></h4> +<ul> +<li><code>$ sudo gedit ~/.wgetrc</code></li> +</ul> +<h4 id="add-the-following-line-few-files-wgetrc">Add the following line few files <code>~/.wgetrc</code></h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> use_proxy=yes +</span></span><span style="display:flex;"><span> http_proxy=http://username:password@server:port +</span></span><span style="display:flex;"><span> https_proxy=http://username:password@server:port +</span></span></code></pre></div><h3 id="23-curl">2.3 Curl</h3> +<h4 id="231-install-curl">2.3.1 Install Curl</h4> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install curl</code></li> +</ul> +<h4 id="232-config-proxy">2.3.2 Config proxy</h4> +<ul> +<li> +<p>Create file <code>~/.curlrc</code></p> +<ul> +<li><code>$ sudo gedit ~/.curlrc</code></li> +</ul> +</li> +<li> +<p>Add the following line few files <code>~/.curlrc</code></p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> proxy=http://username:password@server:port/ +</span></span></code></pre></div><h3 id="24-git">2.4 Git</h3> +<h4 id="241-install-git">2.4.1 Install Git</h4> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install git</code></li> +</ul> +<h4 id="242-config-proxy">2.4.2 Config proxy</h4> +<ul> +<li> +<p>Create file <code>~/.gitconfig</code></p> +<ul> +<li><code>$ sudo gedit ~/.gitconfig</code></li> +</ul> +</li> +<li> +<p>Add the following line few files <code>~/.gitconfig</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> [http] +</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port +</span></span><span style="display:flex;"><span> sslverify = false +</span></span><span style="display:flex;"><span> [https] +</span></span><span style="display:flex;"><span> proxy = http://username:password@server:port +</span></span></code></pre></div></li> +</ul> +<h3 id="25-maven">2.5 Maven</h3> +<h4 id="251-install-maven">2.5.1 Install Maven</h4> +<p>*Go to back Home in Terminal</p> +<ul> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install maven</code></li> +</ul> +<h4 id="252-config-proxy-for-maven">2.5.2 Config proxy for Maven</h4> +<ul> +<li>Create Folder with path <code>/home/user/.m2</code></li> +</ul> +<ul> +<li><code>$ mkdir /home/user/.m2</code></li> +</ul> +<ul> +<li>Create File in Folder <code>.m2</code></li> +</ul> +<ul> +<li><code>$ touch /home/user/.m2/settings.xml</code></li> +</ul> +<ul> +<li> +<p>Copy the following lines into tag <proxies></proxies></p> +<pre><code> &lt;settings&gt; +&lt;proxies&gt; +&lt;proxy&gt; +&lt;id&gt;optional1&lt;/id&gt; +&lt;active&gt;true&lt;/active&gt; +&lt;protocol&gt;http&lt;/protocol&gt; +&lt;username&gt;username&lt;/username&gt; +&lt;password&gt;password&lt;/password&gt; +&lt;host&gt;server&lt;/host&gt; +&lt;port&gt;port&lt;/port&gt; +&lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; +&lt;/proxy&gt; +&lt;proxy&gt; +&lt;id&gt;optional1&lt;/id&gt; +&lt;active&gt;true&lt;/active&gt; +&lt;protocol&gt;http&lt;/protocol&gt; +&lt;username&gt;username&lt;/username&gt; +&lt;password&gt;password&lt;/password&gt; +&lt;host&gt;server&lt;/host&gt; +&lt;port&gt;port&lt;/port&gt; +&lt;nonProxyHosts&gt;local.net&lt;/nonProxyHosts&gt; +&lt;/proxy&gt; +&lt;/proxies&gt; +&lt;/settings&gt; +</code></pre> +</li> +</ul> +<h3 id="26-openjdk-11">2.6 OpenJDK 11</h3> +<ul> +<li>And install OpenJDK 11 +<ul> +<li><code>$ sudo apt install openjdk-11-jdk</code></li> +</ul> +</li> +<li>Check version: +<ul> +<li><code>$ java --version</code></li> +<li>Output:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> openjdk version &#34;11.0.15&#34; 2022-04-19 +</span></span><span style="display:flex;"><span> OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1) +</span></span><span style="display:flex;"><span> OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing) +</span></span></code></pre></div><ul> +<li>Install JDK successfully</li> +</ul> +</li> +</ul> +<h2 id="3-native-install-1700-without-docker-compose">3. Native install 17.0.0 (without docker-compose)</h2> +<h3 id="the-installation-consists-of-some-tasks">The installation consists of some tasks::</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules +</span></span><span style="display:flex;"><span>3.2 Install Couchdb version 3.2.2 +</span></span><span style="display:flex;"><span>3.3 Install Couchdb Lucene +</span></span><span style="display:flex;"><span>3.4 Clone Project sw360 with version 17.0.0 +</span></span><span style="display:flex;"><span>3.5 Install Thrift version 16.0 +</span></span><span style="display:flex;"><span>3.6 Compiling and deploying +</span></span><span style="display:flex;"><span>3.7 Version Management Table +</span></span></code></pre></div><h3 id="31-install-a-liferay-community-edition-bundled-with-tomcat">3.1 Install A Liferay Community Edition bundled with Tomcat</h3> +<ul> +<li> +<p>Make folder <code>work</code> in path of work: <code>/home/user</code></p> +<ul> +<li><code>$ mkdir work</code></li> +</ul> +</li> +<li> +<p>Download Liferay Portal CE 7.4.3.18 GA18</p> +<ul> +<li><code>$ cd work</code></li> +<li><code>$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> +</ul> +</li> +<li> +<p>Extract downloaded file</p> +<ul> +<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> +</ul> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> +</ul> +</li> +<li> +<p>Create <code>portal-ext.properties</code> file in <code>liferay-ce-portal-7.4.3.18-ga18</code> folder</p> +</li> +<li> +<p>Copy content from <a href="https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties">https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties</a> to portal-ext.properties</p> +</li> +</ul> +<ul> +<li> +<p>Edit <code>portal-ext.properties</code>: uncomment below lines</p> +<pre><code> # default.admin.password=sw360fossy +# default.admin.screen.name=setup +# default.admin.email.address.prefix=setup +# default.admin.first.name=Setup +# default.admin.last.name=Administrator +</code></pre> +</li> +<li> +<p>Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Postgres configuration +</span></span><span style="display:flex;"><span> jdbc.default.driverClassName=org.postgresql.Driver +</span></span><span style="display:flex;"><span> jdbc.default.url=jdbc:postgresql://localhost:5432/lportal +</span></span><span style="display:flex;"><span> jdbc.default.username=${postgres_user} +</span></span><span style="display:flex;"><span> jdbc.default.password=${postgres_password} +</span></span></code></pre></div><ul> +<li>Add lines to setup passsword policies</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> # Passsword policies +</span></span><span style="display:flex;"><span> passwords.default.policy.change.required=false +</span></span><span style="display:flex;"><span> company.security.send.password.reset.link=false +</span></span><span style="display:flex;"><span> company.security.auto.login=false +</span></span><span style="display:flex;"><span> company.security.auth.type=emailAddress +</span></span><span style="display:flex;"><span> company.security.strangers=false +</span></span><span style="display:flex;"><span> company.security.strangers.with.mx=false +</span></span><span style="display:flex;"><span> company.security.strangers.verify=false +</span></span></code></pre></div><ul> +<li> +<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic</code></p> +<ul> +<li><code>$ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*</code></li> +</ul> +</li> +<li> +<p>Move folder <code>liferay-ce-portal-7.4.3.18-ga18</code> to <code>/opt</code></p> +<ul> +<li><code>$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt</code></li> +</ul> +</li> +</ul> +<h3 id="32-install-database">3.2 Install Database</h3> +<h4 id="321-install-couch-db">3.2.1 Install Couch DB</h4> +<ul> +<li>To install from aptitute type:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt update +</span></span><span style="display:flex;"><span>$ sudo apt install -y couchdb +</span></span></code></pre></div><ul> +<li> +<p>You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials.</p> +</li> +<li> +<p>After, run CouchDb service, check if it&rsquo;s working:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service +</span></span></code></pre></div><ul> +<li>Check if CouchDB is responding:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ curl localhost:5984 +</span></span></code></pre></div><ul> +<li>This should return json containing version information</li> +<li>You can use &ldquo;start/stop/status/restart&rdquo; command with systemctl for controlling CouchDB service.</li> +</ul> +<h4 id="install-couchdb-lucene">Install Couchdb Lucene</h4> +<ul> +<li> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> +</li> +<li> +<p>Run command download Couchdb Lucene</p> +<ul> +<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Note extract couchdb-lucene to folder <code>work</code> with path of work: <code>/home/user/work</code></p> +<ul> +<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Run command:</p> +<ul> +<li><code>cd couchdb-lucene-2.1.0</code></li> +<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> +<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> +<li><code>mvn clean install war:war</code></li> +<li><code>cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war</code></li> +</ul> +</li> +</ul> +<h3 id="322-install-postgresql">3.2.2 Install PostgreSQL</h3> +<ul> +<li>Install PostgerSQL manually, you can install through &ldquo;apt install&rdquo; too:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo apt install zlib1g-dev -y +</span></span><span style="display:flex;"><span>$ sudo apt install libreadline-dev -y +</span></span><span style="display:flex;"><span>$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz +</span></span><span style="display:flex;"><span>$ tar -xvf postgresql-10.14.tar.gz +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> postgresql-10.14/ +</span></span><span style="display:flex;"><span>$ mkdir -p /PATH_TO/sw360postgres +</span></span><span style="display:flex;"><span>$ ./configure -prefix<span style="color:#555">=</span>/PATH_TO/sw360postgres +</span></span><span style="display:flex;"><span>$ make +</span></span><span style="display:flex;"><span>$ sudo make install +</span></span></code></pre></div><ul> +<li>Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ vim ~/.bashrc +</span></span></code></pre></div><ul> +<li>Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as &ldquo;/home/username&rdquo;:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/bin:<span style="color:#033">$PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGDATA</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/data +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LD_LIBRARY_PATH</span><span style="color:#555">=</span><span style="color:#033">$HOME</span>/sw360postgres/lib +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">PGPORT</span><span style="color:#555">=</span><span style="color:#f60">5432</span> +</span></span></code></pre></div><ul> +<li>Check if paths have been set, result must be the absolute paths:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGDATA</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$LD_LIBRARY_PATH</span> +</span></span><span style="display:flex;"><span>$ <span style="color:#366">echo</span> <span style="color:#033">$PGPORT</span> +</span></span></code></pre></div><ul> +<li>After paths are set, postgres service can be run:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /PATH_TO/sw360postgres/bin +</span></span><span style="display:flex;"><span>$ ./initdb --encoding<span style="color:#555">=</span>UTF8 --no-locale +</span></span><span style="display:flex;"><span>$ ./pg_ctl start +</span></span></code></pre></div><ul> +<li>You will see that the server has started.</li> +<li>Note: If you installed through &ldquo;apt install&rdquo; then start the postgres service by following command, where after @ comes the installed version, if postgres isn&rsquo;t running you won&rsquo;t be able to connect to the server, and the error message is not explaining well that server isn&rsquo;t actually running at the moment:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>sudo systemctl status postgresql@12-main.service +</span></span><span style="display:flex;"><span>sudo systemctl start postgresql@12-main.service +</span></span></code></pre></div><ul> +<li>Postgres will create an user with username ${ubuntu_user} (username login to ubuntu)</li> +<li>Use theses command to change password of user ${ubuntu_user} in postgres sql.</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql postgres +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \du</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># create database lportal;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER USER ${ubuntu_user} WITH PASSWORD &#39;sw360fossy&#39;;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># ALTER ROLE ${ubuntu_user} with superuser;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">postgres</span><span style="color:#555">=</span><span style="color:#09f;font-style:italic"># \q</span> +</span></span></code></pre></div><ul> +<li>Connect to postgres shell, and check users information</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ psql -d lportal +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \du</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \dt</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># \l</span> +</span></span></code></pre></div><h3 id="33-install-cve-search">3.3 Install CVE-Search</h3> +<ul> +<li>Follow these detailed instructions:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span><span style="color:#555">[</span>https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst<span style="color:#555">]</span> +</span></span></code></pre></div><ul> +<li>To connect it to SW360, see following instructions:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +</span></span></code></pre></div><h5 id="notes">Notes:</h5> +<ul> +<li>In the instruction be careful with setting apt link for mongodb, if somehow it destroys your &ldquo;sudo apt update&rdquo; command, go to &ldquo;/etc/apt/sources.list&rdquo; file and comment out the broken line, that&rsquo;s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.</li> +</ul> +<h3 id="34-clone-sw360-with-version-1700">3.4 Clone sw360 with version 17.0.0</h3> +<ul> +<li> +<p>Clone sw360 source code to folder <code>work</code> with path: <code>/home/user/work</code></p> +<ul> +<li><code>$ git clone https://github.com/eclipse/sw360</code></li> +</ul> +</li> +<li> +<p>Checkout to tag 17.0.0 version</p> +<ul> +<li><code>$ cd sw360</code></li> +<li><code>$ git checkout sw360-17.0.0-M1</code></li> +</ul> +</li> +<li> +<p>export path to repository sw360</p> +<ul> +<li><code>$ export SW360_REPOSITORY=/home/user/work/sw360</code></li> +</ul> +</li> +</ul> +<h3 id="35-install-thrift-version-016">3.5 Install Thrift version 0.16</h3> +<ul> +<li> +<p>For thrift, we need version 0.16. The installation script in Path: <code>${SW360_REPOSITORY}/scripts/install-thrift.sh</code></p> +</li> +<li> +<p>Run command to install libraries:</p> +<ul> +<li><code>$ sudo apt-get install -y clang-tidy</code></li> +<li><code>$ sudo apt-get install flex</code></li> +<li><code>$ sudo apt-get install -y clang-tools</code></li> +<li><code>$ sudo apt-get install bison</code></li> +<li><code>$ sudo apt-get install cmake</code></li> +</ul> +</li> +<li> +<p>Run command:</p> +<ul> +<li><code>$ chmod +x install-thrift.sh</code></li> +<li><code>$ sudo ./install-thrift.sh</code></li> +</ul> +</li> +</ul> +<p>In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16</p> +<ul> +<li> +<p>Check version thrift</p> +<ul> +<li> +<p><code>$ thrift --version</code></p> +</li> +<li> +<p>Output:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> Thrift version 0.16.0 +</span></span></code></pre></div><ul> +<li>Install Thrift successfully</li> +</ul> +</li> +</ul> +<h3 id="36-config-properties-files-with-sw360-sw360-1700">3.6 Config properties files with Sw360 (sw360 17.0.0)</h3> +<ul> +<li> +<p>Create folder <code>sw360</code> in path <code>/etc/</code></p> +<ul> +<li><code>sudo mkdir sw360</code></li> +</ul> +</li> +<li> +<p>Create 2 folder <code>authorization</code> and <code>rest</code> in path <code>/etc/sw360</code></p> +<ul> +<li><code>sudo mkdir authorization</code></li> +<li><code>sudo mkdir rest</code></li> +</ul> +</li> +<li> +<p>Create file <code>application.yml</code> in path <code>/etc/sw360/authorizaton</code> with content:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># This program and the accompanying materials are made +</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Port to open in standalone mode +</span></span><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8090 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials +</span></span><span style="display:flex;"><span>couchdb: +</span></span><span style="display:flex;"><span> url: http://localhost:5984 +</span></span><span style="display:flex;"><span> database: sw360oauthclients +</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password +</span></span><span style="display:flex;"><span> username: admin +</span></span><span style="display:flex;"><span> password: password +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>jwt: +</span></span><span style="display:flex;"><span> secretkey: sw360SecretKey +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> jackson: +</span></span><span style="display:flex;"><span> serialization: +</span></span><span style="display:flex;"><span> indent_output: true +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Common SW360 properties +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> # The url of the Liferay instance +</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} +</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for +</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101} +</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO +</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server +</span></span><span style="display:flex;"><span> customheader: +</span></span><span style="display:flex;"><span> headername: +</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here +</span></span><span style="display:flex;"><span> enabled: false +</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers +</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server +</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker +</span></span><span style="display:flex;"><span> email: authenticated-email +</span></span><span style="display:flex;"><span> extid: authenticated-extid +</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span></code></pre></div><ul> +<li>Create file <code>application.yml</code> in path <code>/etc/sw360/rest</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2017. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span># Copyright Bosch.IO GmbH 2020 +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># This program and the accompanying materials are made +</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8091 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>management: +</span></span><span style="display:flex;"><span> endpoints: +</span></span><span style="display:flex;"><span> enabled-by-default: false +</span></span><span style="display:flex;"><span> web: +</span></span><span style="display:flex;"><span> base-path: +</span></span><span style="display:flex;"><span> endpoint: +</span></span><span style="display:flex;"><span> health: +</span></span><span style="display:flex;"><span> enabled: true +</span></span><span style="display:flex;"><span> show-details: always +</span></span><span style="display:flex;"><span> info: +</span></span><span style="display:flex;"><span> enabled: true +</span></span><span style="display:flex;"><span> web: +</span></span><span style="display:flex;"><span> base-path: / +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> servlet: +</span></span><span style="display:flex;"><span> multipart: +</span></span><span style="display:flex;"><span> max-file-size: 500MB +</span></span><span style="display:flex;"><span> max-request-size: 600MB +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># logging: +</span></span><span style="display:flex;"><span># level: +</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span><span style="display:flex;"><span> jwt: +</span></span><span style="display:flex;"><span> keyValue: | +</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- +</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy +</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ +</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ +</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg +</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da +</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ +</span></span><span style="display:flex;"><span> PQIDAQAB +</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} +</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org +</span></span><span style="display:flex;"><span> test-user-password: sw360-password +</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span></code></pre></div><ul> +<li>Create file <code>couchdb.properties</code> in path <code>/etc/sw360</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># Copyright Siemens AG, 2020. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># This program and the accompanying materials are made +</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>couchdb.url = http://localhost:5984 +</span></span><span style="display:flex;"><span>couchdb.user = admin +</span></span><span style="display:flex;"><span>couchdb.password = password +</span></span><span style="display:flex;"><span>couchdb.database = sw360db +</span></span><span style="display:flex;"><span>couchdb.usersdb = sw360users +</span></span><span style="display:flex;"><span>couchdb.attachments = sw360attachments +</span></span><span style="display:flex;"><span>lucenesearch.limit = 10000 +</span></span></code></pre></div><ul> +<li>Create file <code>sw360.properties</code> and <code>/etc/sw360</code> with content:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project. +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># This program and the accompanying materials are made +</span></span><span style="display:flex;"><span># available under the terms of the Eclipse Public License 2.0 +</span></span><span style="display:flex;"><span># which is available at https://www.eclipse.org/legal/epl-2.0/ +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span># SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span># +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># common property file for the backend services +</span></span><span style="display:flex;"><span>backend.url= http://localhost:8080 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>licenseinfo.spdxparser.use-license-info-from-files=true +</span></span><span style="display:flex;"><span>mainline.state.enabled.for.user=false +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># settings for the mail utility: +</span></span><span style="display:flex;"><span># if host is not set, e-mailing is disabled +</span></span><span style="display:flex;"><span>MailUtil_host= +</span></span><span style="display:flex;"><span>MailUtil_from=__No_Reply__@sw360.org +</span></span><span style="display:flex;"><span>MailUtil_port=25 +</span></span><span style="display:flex;"><span>MailUtil_enableStarttls= +</span></span><span style="display:flex;"><span>MailUtil_enableSsl= +</span></span><span style="display:flex;"><span>MailUtil_isAuthenticationNecessary= +</span></span><span style="display:flex;"><span>MailUtil_login= +</span></span><span style="display:flex;"><span>MailUtil_password= +</span></span><span style="display:flex;"><span>MailUtil_enableDebug= +</span></span><span style="display:flex;"><span>MailUtil_supportMailAddress= +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># text patterns for mail utility +</span></span><span style="display:flex;"><span>defaultBegin = \ +</span></span><span style="display:flex;"><span>*** This is an automatically generated email, please do not reply. ***\n\n\ +</span></span><span style="display:flex;"><span>Dear SW360-user,\n\n +</span></span><span style="display:flex;"><span>defaultEnd = \ +</span></span><span style="display:flex;"><span>With best regards,\n\ +</span></span><span style="display:flex;"><span>SW360-support +</span></span><span style="display:flex;"><span>unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify: +</span></span><span style="display:flex;"><span>unsubscribeNoticeAfter =. *** +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>subjectForNewModerationRequest= New moderation request +</span></span><span style="display:flex;"><span>subjectForUpdateModerationRequest= Update on moderation request +</span></span><span style="display:flex;"><span>subjectForAcceptedModerationRequest= Your moderation request has been accepted +</span></span><span style="display:flex;"><span>subjectForDeclinedModerationRequest= Your moderation request has been declined +</span></span><span style="display:flex;"><span>subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined +</span></span><span style="display:flex;"><span>subjectForNewComponent= New component created +</span></span><span style="display:flex;"><span>subjectForUpdateComponent= Component updated +</span></span><span style="display:flex;"><span>subjectForNewRelease= New release created +</span></span><span style="display:flex;"><span>subjectForUpdateRelease= Release updated +</span></span><span style="display:flex;"><span>subjectForNewProject= New project created +</span></span><span style="display:flex;"><span>subjectForUpdateProject= Project updated +</span></span><span style="display:flex;"><span>subjectForNewClearingRequest= New clearing request &lt;%s&gt; for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span>subjectForClearingRequestComment= New comment added in clearing request &lt;%s&gt; for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span>subjectForUpdatedClearingRequest= Your clearing request &lt;%s&gt; has been updated for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span>subjectForClosedClearingRequest= Your clearing request &lt;%s&gt; has been closed for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span>subjectForRejectedClearingRequest= Your clearing request &lt;%s&gt; has been rejected for Project &lt;%s&gt; +</span></span><span style="display:flex;"><span>subjectForUpdatedProjectWithClearingRequest= Project &lt;%s&gt; with clearing request &lt;%s&gt; updated +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n +</span></span><span style="display:flex;"><span>textForUpdateModerationRequest= \ +</span></span><span style="display:flex;"><span>one of the moderation requests previously added to your \ +</span></span><span style="display:flex;"><span>SW360-account has been updated.\n\n +</span></span><span style="display:flex;"><span>textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n +</span></span><span style="display:flex;"><span>textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n +</span></span><span style="display:flex;"><span>textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n +</span></span><span style="display:flex;"><span>textForNewComponent= a new component %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span>textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span>textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span>textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span>textForNewProject= a new project %s %s, in which you take part, has been created.\n\n +</span></span><span style="display:flex;"><span>textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n +</span></span><span style="display:flex;"><span>textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n +</span></span><span style="display:flex;"><span>textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n +</span></span><span style="display:flex;"><span>#attachment.store.file.system.location=/opt/sw360tempattachments +</span></span><span style="display:flex;"><span>#enable.attachment.store.to.file.system=false +</span></span><span style="display:flex;"><span>#attachment.store.file.system.permission=rwx------ +</span></span><span style="display:flex;"><span>#attachemnt.delete.no.of.days=30 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder. +</span></span><span style="display:flex;"><span>#sw360changelog.config.file.location=/etc/sw360/log4j2.xml +</span></span><span style="display:flex;"><span>enable.sw360.change.log=false +</span></span><span style="display:flex;"><span>sw360changelog.output.path=sw360changelog/sw360changelog +</span></span></code></pre></div><ul> +<li>Configure the sw360ChangeLog path</li> +</ul> +<h4 id="1-create-log4j2xml-file">1. Create log4j2.xml file</h4> +<ul> +<li>Based on log4j2.xml file from <a href="https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml">https://github.com/eclipse/sw360/blob/main/build-configuration/resources/log4j2.xml</a>, update the content as below, then place this file to etc/sw360 folder.</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>&lt;?xml version=&#34;1.0&#34; encoding=&#34;UTF-8&#34;?&gt; +</span></span><span style="display:flex;"><span>&lt;!-- +</span></span><span style="display:flex;"><span>~ Copyright (c) Bosch.IO GmbH 2020. +</span></span><span style="display:flex;"><span>~ +</span></span><span style="display:flex;"><span>~ All rights reserved. This program and the accompanying materials +</span></span><span style="display:flex;"><span>~ are made available under the terms of the Eclipse Public License v2.0 +</span></span><span style="display:flex;"><span>~ which accompanies this distribution, and is available at +</span></span><span style="display:flex;"><span>~ http://www.eclipse.org/legal/epl-v20.html +</span></span><span style="display:flex;"><span>~ +</span></span><span style="display:flex;"><span>~ SPDX-License-Identifier: EPL-2.0 +</span></span><span style="display:flex;"><span>--&gt; +</span></span><span style="display:flex;"><span>&lt;Configuration status=&#34;WARN&#34;&gt; +</span></span><span style="display:flex;"><span> &lt;Appenders&gt; +</span></span><span style="display:flex;"><span> &lt;Console name=&#34;Console&#34; target=&#34;SYSTEM_OUT&#34;&gt; +</span></span><span style="display:flex;"><span> &lt;PatternLayout pattern=&#34;%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;/Console&gt; +</span></span><span style="display:flex;"><span> &lt;!-- environment variables can be set in the format of &#34;$ {env: LOG_ROOT}&#34; --&gt; +</span></span><span style="display:flex;"><span> &lt;RollingFile name=&#34;ChangeLogFile&#34; fileName=&#34;${env:FILE_PATH}/sw360changelog.log&#34; +</span></span><span style="display:flex;"><span> filePattern=&#34;${env:FILE_PATH}/sw360changelog-%d{yyyy-MM-dd}-%i.log&#34; &gt; +</span></span><span style="display:flex;"><span> &lt;PatternLayout pattern=&#34;%m%n&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;Policies&gt; +</span></span><span style="display:flex;"><span> &lt;SizeBasedTriggeringPolicy size=&#34;10MB&#34; /&gt; +</span></span><span style="display:flex;"><span> &lt;/Policies&gt; +</span></span><span style="display:flex;"><span> &lt;DefaultRolloverStrategy max=&#34;10&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;/RollingFile&gt; +</span></span><span style="display:flex;"><span> &lt;/Appenders&gt; +</span></span><span style="display:flex;"><span> &lt;Loggers&gt; +</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;org.eclipse.sw360&#34; level=&#34;info&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;sw360changelog&#34; level=&#34;debug&#34; &gt; +</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;ChangeLogFile&#34; /&gt; +</span></span><span style="display:flex;"><span> &lt;/Logger&gt; +</span></span><span style="display:flex;"><span> &lt;Logger name=&#34;org.eclipse.sw360&#34; level=&#34;debug&#34; additivity=&#34;false&#34;&gt; +</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;Console&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;/Logger&gt; +</span></span><span style="display:flex;"><span> &lt;Root level=&#34;warn&#34;&gt; +</span></span><span style="display:flex;"><span> &lt;AppenderRef ref=&#34;ChangeLogFile&#34;/&gt; +</span></span><span style="display:flex;"><span> &lt;/Root&gt; +</span></span><span style="display:flex;"><span> &lt;/Loggers&gt; +</span></span><span style="display:flex;"><span>&lt;/Configuration&gt; +</span></span></code></pre></div><ul> +<li> +<p>Set the environment variable for the changelog directory (<code>${env:FILE_PATH}/sw360changelog.log</code>)</p> +<ul> +<li> +<p>Create Folder <code>sw360changelog</code> in <code>var/log/</code>:</p> +<ul> +<li><code>$ sudo mkdir sw360changelog </code></li> +</ul> +</li> +<li> +<p>If <code>/var/log/sw360changelog</code> folder requires permission, set permission for this folder:</p> +<ul> +<li><code>$ sudo chown -R $USER:$USER /var/log/sw360changelog</code></li> +</ul> +</li> +<li> +<p><code>$ export FILE_PATH=/var/log/sw360changelog</code></p> +</li> +</ul> +</li> +<li> +<p>NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable</p> +</li> +</ul> +<h4 id="2-enable-changelog-config">2. Enable changelog config</h4> +<p>Add the following lines to the sw360.properties file (or uncomment if they are existing)</p> +<ul> +<li><code>sw360changelog.config.file.location=/etc/sw360/log4j2.xml</code></li> +<li><code>enable.sw360.change.log=true</code></li> +</ul> +<h4 id="3-compile-and-deploy">3. Compile and deploy</h4> +<ul> +<li> +<p>Set <code>sw360.liferay.company.id = 20099</code> in <code>sw360.properties</code> file</p> +</li> +<li> +<p>Set the environment variable for the LIFERAY_INSTALL directory</p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> +</ul> +</li> +<li> +<p>Note: Should add -DskipTests when building sw360 to avoid test data write to log file</p> +</li> +<li> +<p>To clean everything and install without running the tests</p> +<ul> +<li><code>$ mvn clean install -DskipTests</code></li> +</ul> +</li> +<li> +<p>For deployment, run the command</p> +<ul> +<li><code>$ cd /home/user/work/sw360</code></li> +<li><code>$ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests</code></li> +</ul> +</li> +</ul> +<h4 id="4-start-and-configure-liferay">4. Start and configure Liferay</h4> +<ul> +<li> +<p>Set the environment variable for the LIFERAY_INSTALL directory</p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> +</ul> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*</code></li> +</ul> +</li> +<li> +<p>SW360 URL: <code>https://localhost:8080</code></p> +</li> +</ul> +<h4 id="5-how-to-check-the-logs">5. How to check the logs</h4> +<ul> +<li>Edit (update) a project, component, or release in SW360.</li> +<li>Then check the logs in <code>${FILE_PATH}/sw360changelog/sw360changelog.log</code> file +\</li> +</ul> +<h3 id="37-compile-and-deploy">3.7 Compile and deploy</h3> +<ul> +<li>Start Database</li> +<li>Turn on the CouchDB and Postgres services</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl start couchdb.service +</span></span><span style="display:flex;"><span>$ sudo systemctl start postgres@@12-main.service +</span></span></code></pre></div><ul> +<li>Check if both are running:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ sudo systemctl status couchdb.service +</span></span><span style="display:flex;"><span>$ sudo systemctl status postgres@@12-main.service +</span></span></code></pre></div><ul> +<li>You should be able to see something like this:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>... systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started PostgreSQL Cluster 12-main. +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span>... halt systemd<span style="color:#555">[</span>1<span style="color:#555">]</span>: Started Apache CouchDB. +</span></span></code></pre></div><ul> +<li> +<p>install python and pip</p> +<ul> +<li><code>$ sudo apt-get install python3 -y</code></li> +<li><code>$ sudo -E apt-get install python3-pip -y</code></li> +</ul> +</li> +<li> +<p>install mkdocs</p> +<ul> +<li>Without proxy: +<ul> +<li><code>$ sudo -E pip3 install mkdocs</code></li> +<li><code>$ sudo -E pip3 install mkdocs-material</code></li> +</ul> +</li> +<li>Via proxy: +<ul> +<li><code>$ sudo -E pip3 install --proxy=&quot;http://username:password@hostname:port&quot; mkdocs</code></li> +<li><code>$ sudo -E pip3 install --proxy=&quot;http://username:password@hostname:port&quot; mkdocs-material</code></li> +</ul> +</li> +</ul> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ cd /home/user/work/sw360</code></li> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> +</ul> +</li> +</ul> +<ol> +<li> +<p>To clean everything and install without running the tests</p> +<ul> +<li><code>$ mvn clean install -DskipTests </code></li> +</ul> +</li> +<li> +<p>For deployment run the command</p> +<ul> +<li><code>mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false</code></li> +</ul> +</li> +</ol> +<h4 id="371-start-and-configure-liferay">3.7.1 Start and Configure Liferay</h4> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18</code></li> +</ul> +</li> +<li> +<p>After run command &ldquo;mvn clean install -DskipTests&rdquo; above, copy dependency in folder <code>/home/user/work/sw360/utils/jars</code> to <code>${LIFERAY_INSTALL}/osgi/modules</code></p> +<ul> +<li><code>$ cd /home/user/work/sw360/utils/jars</code></li> +<li><code>$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/</code></li> +</ul> +</li> +<li> +<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.</p> +<ul> +<li><code>$ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh</code></li> +<li><code>$ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/</code></li> +</ul> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out</code></li> +</ul> +</li> +<li> +<p>Url SW360 : <code>https://localhost:8080</code></p> +</li> +</ul> +<h4 id="372-configure-liferay-portal">3.7.2 Configure Liferay Portal</h4> +<ul> +<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> +</ul> +<ul> +<li> +<p>Import users</p> +<ol> +<li>Open the panel on the left side by clicking the button on the top left.</li> +<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> +<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> +<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> +<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very +beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> +* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> +</ol> +</li> +<li> +<p>Setup liferay:</p> +</li> +</ul> +<p>After successful , Then if you open the server with the URL <code>https://localhost:8080/</code> the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/1.png"/> +</figure> +<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/2.png"/> +</figure> +<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/3.png"/> +</figure> +<h4 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h4> +<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/4.png"/> +</figure> +<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/6.png"/> +</figure> +<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/7.png"/> +</figure> +<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/8.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/9.png"/> +</figure> +<p>Finally, sice Liferay 7.4 some of the bundled modules need to be activated:</p> +<ul> +<li>jquery</li> +<li>font awesome</li> +</ul> +<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/10.png"/> +</figure> +<p>Do the same for Font Awesome:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/11.png"/> +</figure> +<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> +<h4 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h4> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/12.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> +</figure> +<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/18.png"/> +</figure> +<p>You can close the left menu area by clicking on the upper left icon:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/19.png"/> +</figure> +<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/20.png"/> +</figure> +<h4 id="import-user-accounts-for-testing">Import User Accounts for Testing</h4> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/21.png"/> +</figure> +<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/22.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/23.png"/> +</figure> +<h4 id="real-login">Real Login</h4> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/24.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/25.png"/> +</figure> +<h3 id="38-version-management-table-sw360-1700">3.8 Version Management Table (sw360 17.0.0)</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.4.3.18</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.56</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.16.0</td> +</tr> +<tr> +<td style="text-align:left">SW360</td> +<td style="text-align:center">17.0.0</td> +</tr> +</tbody> +</table> +<h2 id="references-for-more-information">References for more information</h2> +<ul> +<li><a href="https://www.eclipse.org/sw360/docs/">SW360</a></li> +<li><a href="https://github.com/cve-search/cve-search">CVE-Search</a></li> +<li><a href="https://docs.oracle.com/en/java/javase/11/install/installation-jdk-linux-platforms.html#GUID-79FBE4A9-4254-461E-8EA7-A02D7979A161">Java</a></li> +<li><a href="https://maven.apache.org/install.html">Maven</a></li> +<li><a href="https://thrift.apache.org/">Thrift</a></li> +<li><a href="https://learn.liferay.com/dxp/latest/en/installation-and-upgrades/installing-liferay/installing-a-liferay-tomcat-bundle.html">Liferay bundled with Tomcat</a></li> +<li><a href="https://www.postgresql.org/download/linux/ubuntu/">PostgreSQL</a></li> +<li><a href="https://docs.couchdb.org/en/stable/install/unix.html">CouchDB</a></li> +</ul> +<h2 id="license">License</h2> +<p>[SPDX-License-Identifier: EPL-2.0]</p> \ No newline at end of file diff --git a/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html b/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html index 6ff7292..79e9f77 100644 --- a/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html +++ b/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html @@ -1,1126 +1,220 @@ - - - - - - - - - - - - - - - - - - - - -Native Install v14 and v16 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - -
-
-
-
- - -
- - - - - -
-

Native Install v14 and v16

-
Native-Install-Version-14-and-Version-16
-
- - - - - - - - - - - - - -
-

How to install and run SW360 v16.0.0

-

These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.

-

This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.

-

It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.

-

SW360 is an Open Source project. The SW360 repository and SW360 website repositories are published on GitHub.

-

In this file you will find how to:

-
    -
  • Install SW360 and its dependencies
    • -
  • Run SW360 and its dependencies
    • -
  • Check all services are working
    • -
  • Be aware of cautions and notes
    • -
-

What does SW360 use to construct the UI.

-
    -
  • Java - Java is a class-based, object-oriented programming language.
    • -
  • Maven - Maven is a build automation tool for Java projects.
    • -
  • Liferay bundled with Tomcat - Liferay is a Java-based web application platform for the development of customizable portals and websites. -And Apache Tomcat provides a “pure Java” HTTP web server environment in which Java code can run.
    • -
  • PostgreSQL - PostgreSQL or Postgres, is a relational database management system.
    • -
  • Couchdb - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API.
    • -
  • CVE-Search - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures).
    • -
-

1. Install SW360 and its dependencies

-

1.1 Clone the SW360 Github repository and checkout to stable version.

-
$ git clone https://github.com/eclipse/sw360.git
-$ cd sw360/
-$ git checkout sw360-16.0.0-M1
-
-

Check if you have correct repository version

-
-
$ git branch
-

1.2. Install Java, Maven

-
-

Install java and maven:

-
-
$ sudo apt install openjdk-11-jre-headless
-
-

You may use this “$ sudo apt install default-jdk” command instead. -Check if java is installed:

-
-
$ java --version   [check]
-
-

Install maven:

-
-
$ sudo apt update
-$ sudo apt install maven
-
-

Check if Maven is installed:

-
-
$ mvn --version   
-

1.3. Install Liferay portal and its dependencies

-
$ ./scripts/docker-config/download_dependencies.sh
-$ ls -la ./deps     [check if all dependencies have proper sizes]
-$ ./scripts/install-thrift.sh
-$ thrift --version   [check]
-
-

After this step, check whether the “./deps/jars/libthriftxxx.jar” has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link:

-
-
$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar
-$ mv libthrift-0.16.0.jar ./deps/jars
-
-

Once the correct Thrift library is found, install Liferay and copy dependency “.jar” files under “liferay_xxx/osgi/modules” folder:

-
-
$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz
-$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/
-
-

Now set all environment variables of SW360 path to your local “.bashrc”: -You may use other text editor instead of vim.

-
-
$ vim ~/.bashrc
-
-

Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}.

-
-
export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
-export PATH=$PATH:$JAVA_HOME/bin
-export LIFERAY_INSTALL="/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5"
-export SW360_DIR_INSTALL="{absolute path to sw360 repository folder}/sw360"
-
-

Save the .bashrc file and run it:

-
-
$ source ~/.bashrc
-

1.4. Make and build SW360

-
-

Go to sw360 repository folder firstly.

-
-
-

We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.

-
-
$ vim frontend/configuration/setenv.sh
-
# The following settings should be adapted to your needs
-JAVA_MEMORY_MIN="3g"
-JAVA_MEMORY_MAX="6g"
-
-# The following settings should not be touched unless you know what you are doing
-# Misconfiguration may be lead to an unusable instance.
-JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF8"
-JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false"
-JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT"
-JAVA_OPTS="$JAVA_OPTS -Xms${JAVA_MEMORY_MIN} -Xmx${JAVA_MEMORY_MAX}"
-JAVA_OPTS="$JAVA_OPTS -XX:+UseG1GC"
-JAVA_OPTS="$JAVA_OPTS -XX:+CMSParallelRemarkEnabled"
-JAVA_OPTS="$JAVA_OPTS -XX:SurvivorRatio=20"
-
-JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
-
-

Then we can type the following command to install: -“sudo” might not be necessary, and this will take time, around 5 min]

-
-
$ mvn clean
-$ sudo mvn install -DskipTests    
-
-

If the installation was successful, then need to deploy the project to be able to run. -Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just “tomcat-9.0.33”.

-
-
sudo mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -DskipTests      
-
-

This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. +Native Install v14 and v16 | Eclipse SW360 +

Native Install v14 and v16

Native-Install-Version-14-and-Version-16

How to install and run SW360 v16.0.0

These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.

This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.

It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.

SW360 is an Open Source project. The SW360 repository and SW360 website repositories are published on GitHub.

In this file you will find how to:

  • Install SW360 and its dependencies
  • Run SW360 and its dependencies
  • Check all services are working
  • Be aware of cautions and notes

What does SW360 use to construct the UI.

  • Java - Java is a class-based, object-oriented programming language.
  • Maven - Maven is a build automation tool for Java projects.
  • Liferay bundled with Tomcat - Liferay is a Java-based web application platform for the development of customizable portals and websites. +And Apache Tomcat provides a “pure Java” HTTP web server environment in which Java code can run.
  • PostgreSQL - PostgreSQL or Postgres, is a relational database management system.
  • Couchdb - Apache CouchDB is a document-oriented NoSQL database, it uses JSON to store data, and provides HTTP for an API.
  • CVE-Search - CVE-Search is a tool to perform local searches for known vulnerabilities (CVE - Common Vulnerabilities and Exposures).

1. Install SW360 and its dependencies

1.1 Clone the SW360 Github repository and checkout to stable version.

$ git clone https://github.com/eclipse/sw360.git
+$ cd sw360/
+$ git checkout sw360-16.0.0-M1
+

Check if you have correct repository version

$ git branch
+

1.2. Install Java, Maven

Install java and maven:

$ sudo apt install openjdk-11-jre-headless
+

You may use this “$ sudo apt install default-jdk” command instead. +Check if java is installed:

$ java --version   [check]
+

Install maven:

$ sudo apt update
+$ sudo apt install maven
+

Check if Maven is installed:

$ mvn --version   
+

1.3. Install Liferay portal and its dependencies

$ ./scripts/docker-config/download_dependencies.sh
+$ ls -la ./deps     [check if all dependencies have proper sizes]
+$ ./scripts/install-thrift.sh
+$ thrift --version   [check]
+

After this step, check whether the “./deps/jars/libthriftxxx.jar” has version at the end of its name instead of xxx, and has size of 345Kb. If no, download the correct jar from this link:

$ wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar
+$ mv libthrift-0.16.0.jar ./deps/jars
+

Once the correct Thrift library is found, install Liferay and copy dependency “.jar” files under “liferay_xxx/osgi/modules” folder:

$ tar -xzvf liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz
+$ cp ./deps/jars/* deps/liferay-ce-portal-7.3.4-ga5/osgi/modules/
+

Now set all environment variables of SW360 path to your local “.bashrc”: +You may use other text editor instead of vim.

$ vim ~/.bashrc
+

Scroll till the end of the .bashrc file and add following lines, make sure to put correct absolute paths of your local machine in the place of {absolute path to sw360 repository folder}.

export JAVA_HOME=$(dirname $(dirname $(readlink -f $(which java))))
+export PATH=$PATH:$JAVA_HOME/bin
+export LIFERAY_INSTALL="/{absolute path to sw360 repository folder}/sw360/deps/liferay-ce-portal-7.3.4-ga5"
+export SW360_DIR_INSTALL="{absolute path to sw360 repository folder}/sw360"
+

Save the .bashrc file and run it:

$ source ~/.bashrc
+

1.4. Make and build SW360

Go to sw360 repository folder firstly.

We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.

$ vim frontend/configuration/setenv.sh
+
# The following settings should be adapted to your needs
+JAVA_MEMORY_MIN="3g"
+JAVA_MEMORY_MAX="6g"
+
+# The following settings should not be touched unless you know what you are doing
+# Misconfiguration may be lead to an unusable instance.
+JAVA_OPTS="$JAVA_OPTS -Dfile.encoding=UTF8"
+JAVA_OPTS="$JAVA_OPTS -Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false"
+JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT"
+JAVA_OPTS="$JAVA_OPTS -Xms${JAVA_MEMORY_MIN} -Xmx${JAVA_MEMORY_MAX}"
+JAVA_OPTS="$JAVA_OPTS -XX:+UseG1GC"
+JAVA_OPTS="$JAVA_OPTS -XX:+CMSParallelRemarkEnabled"
+JAVA_OPTS="$JAVA_OPTS -XX:SurvivorRatio=20"
+
+JAVA_OPTS="$JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
+

Then we can type the following command to install: +“sudo” might not be necessary, and this will take time, around 5 min]

$ mvn clean
+$ sudo mvn install -DskipTests    
+

If the installation was successful, then need to deploy the project to be able to run. +Check which tomcat version do you have and put that in the place of {existing version 9.0.33}, normally it should be just “tomcat-9.0.33”.

sudo mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-{existing version 9.0.33}/webapps -DskipTests      
+

This will create /deploy under root, so sudo is necessary, however you can chmod /deploy. This will take time, around 5 - 10 min. -After deploying the project, you should copy the portal-ext.properties to the place of the Liferay.

-
-
cp frontend/configuration/portal-ext.properties ${LIFERAY_INSTALL}/
-
-

Then modify the file: setup.wizard.enabled=false -> setup.wizard.enabled=true -Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it.

-
-
cp -r scripts/docker-config/etc_sw360/* /etc/sw360/
-
-

After this step, you should be able to run Tomcat server and see the index page of SW360 portal. Check SW360

-
-

1.5. Install PostgreSQL

-
-

Install PostgerSQL manually, you can install through “apt install” too:

-
-
$ sudo apt install zlib1g-dev -y
-$ sudo apt install libreadline-dev -y
-$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz
-$ tar -xvf postgresql-10.14.tar.gz 
-$ cd postgresql-10.14/
-$ mkdir -p  /PATH_TO/sw360postgres
-$ ./configure -prefix=/PATH_TO/sw360postgres
-$ make
-$ sudo make install
-
-

Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.

-
-
$ vim ~/.bashrc
-
-

Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as “/home/username”:

-
-
$ export PATH=$HOME/sw360postgres/bin:$PATH
-$ export PGDATA=$HOME/sw360postgres/data
-$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib
-$ export PGPORT=5432
-
-

Check if paths have been set, result must be the absolute paths:

-
-
$ echo $PATH
-$ echo $PGDATA
-$ echo $LD_LIBRARY_PATH
-$ echo $PGPORT
-
-

After paths are set, postgres service can be run:

-
-
$  cd /PATH_TO/sw360postgres/bin
-$ ./initdb --encoding=UTF8 --no-locale
-$ ./pg_ctl start
-
-

You will see that the server has started. -Note: If you installed through “apt install” then start the postgres service by following command, where after @ comes the installed version, if postgres isn’t running you won’t be able to connect to the server, and the error message is not explaining well that server isn’t actually running at the moment:

-
-
sudo systemctl status postgresql@12-main.service
-sudo systemctl start postgresql@12-main.service
-

Normally, Default postgres creates user “postgres” with “postgres” password, use that to enter PostgreSQL terminal:

-
$ sudo -i -u postgres
-$ psql
-
-

You will be logged in as user named “postgres”.

-
-
$ psql postgres
-postgres=# \du
-postgres=# create database lportal;
-postgres=# ALTER USER postgres WITH PASSWORD 'sw360fossy';
-postgres=# ALTER ROLE postgres with superuser;
-postgres=# \q
-
-

Connect to postgres shell, and check users information

-
-
$ psql -d lportal
-# \du
-# \dt
-# \l
-

1.6. Install Couch DB

-
-

To install from aptitute type:

-
-
$ sudo apt update
-$ sudo apt install -y couchdb
-
-

You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials.

-
-
-

After, run CouchDb service, check if it’s working:

-
-
$ sudo systemctl start couchdb.service
-
-

Check if CouchDB is responding:

-
-
$ curl localhost:5984
-
-

This should return json containing version information -You can use “start/stop/status/restart” command with systemctl for controlling CouchDB service.

-
- -
-

Follow these detailed instructions:

-
-
[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst]
-
-

To connect it to SW360, see following instructions:

-
-
https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/
-
Notes:
-
    -
  • In the instruction be careful with setting apt link for mongodb, if somehow it destroys your “sudo apt update” command, go to “/etc/apt/sources.list” file and comment out the broken line, that’s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.
    • -
-

1.8. Configure SW360

-
-

Before going to configuration page, need to start the Liferay Tomcat server:

-
-
$ {path to sw360 installation}/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh
-
-

You can use …bin/shutdown.sh script to stop the server. +After deploying the project, you should copy the portal-ext.properties to the place of the Liferay.

cp frontend/configuration/portal-ext.properties ${LIFERAY_INSTALL}/
+

Then modify the file: setup.wizard.enabled=false -> setup.wizard.enabled=true +Then copy the files in the directory scripts/docker-config/etc_sw360/ to the directory /etc/sw360/. If the directory /etc/sw360/ does not exist, create it and chmod it.

cp -r scripts/docker-config/etc_sw360/* /etc/sw360/
+

After this step, you should be able to run Tomcat server and see the index page of SW360 portal. Check SW360

1.5. Install PostgreSQL

Install PostgerSQL manually, you can install through “apt install” too:

$ sudo apt install zlib1g-dev -y
+$ sudo apt install libreadline-dev -y
+$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz
+$ tar -xvf postgresql-10.14.tar.gz 
+$ cd postgresql-10.14/
+$ mkdir -p  /PATH_TO/sw360postgres
+$ ./configure -prefix=/PATH_TO/sw360postgres
+$ make
+$ sudo make install
+

Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.

$ vim ~/.bashrc
+

Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as “/home/username”:

$ export PATH=$HOME/sw360postgres/bin:$PATH
+$ export PGDATA=$HOME/sw360postgres/data
+$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib
+$ export PGPORT=5432
+

Check if paths have been set, result must be the absolute paths:

$ echo $PATH
+$ echo $PGDATA
+$ echo $LD_LIBRARY_PATH
+$ echo $PGPORT
+

After paths are set, postgres service can be run:

$  cd /PATH_TO/sw360postgres/bin
+$ ./initdb --encoding=UTF8 --no-locale
+$ ./pg_ctl start
+

You will see that the server has started. +Note: If you installed through “apt install” then start the postgres service by following command, where after @ comes the installed version, if postgres isn’t running you won’t be able to connect to the server, and the error message is not explaining well that server isn’t actually running at the moment:

sudo systemctl status postgresql@12-main.service
+sudo systemctl start postgresql@12-main.service
+

Normally, Default postgres creates user “postgres” with “postgres” password, use that to enter PostgreSQL terminal:

$ sudo -i -u postgres
+$ psql
+

You will be logged in as user named “postgres”.

$ psql postgres
+postgres=# \du
+postgres=# create database lportal;
+postgres=# ALTER USER postgres WITH PASSWORD 'sw360fossy';
+postgres=# ALTER ROLE postgres with superuser;
+postgres=# \q
+

Connect to postgres shell, and check users information

$ psql -d lportal
+# \du
+# \dt
+# \l
+

1.6. Install Couch DB

To install from aptitute type:

$ sudo apt update
+$ sudo apt install -y couchdb
+

You may refer to the bottom Native Installation 14 version CouchDB manual configuration for seting credentials.

After, run CouchDb service, check if it’s working:

$ sudo systemctl start couchdb.service
+

Check if CouchDB is responding:

$ curl localhost:5984
+

This should return json containing version information +You can use “start/stop/status/restart” command with systemctl for controlling CouchDB service.

Follow these detailed instructions:

[https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst]
+

To connect it to SW360, see following instructions:

https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/
+
Notes:
  • In the instruction be careful with setting apt link for mongodb, if somehow it destroys your “sudo apt update” command, go to “/etc/apt/sources.list” file and comment out the broken line, that’s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.

1.8. Configure SW360

Before going to configuration page, need to start the Liferay Tomcat server:

$ {path to sw360 installation}/./deps_backup/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh
+

You can use …bin/shutdown.sh script to stop the server. If startup.sh script responded “Tomcat started. Then you are close to see SW360 portal page: -To do so, open this url from your browser:

-
-
http://127.0.0.1:8080
-
-

This will take time, around 5 min. -If you can see liferay page, then go to the following links to configure SW360 portal.

-
- -
Notes:
-
    -
  • -

    Probably your postgres user and password are different, then replace the configurations “deps/liferay-ce-portal-7.3.4-ga5/portal-setup-wizard.properties” file or add the new user into postgres with required credentials.

    -
    • -
  • -

    After creating user, if you can’t sign in to SW360 portal https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png try to login with “test” password and the same email “setup@sw360.org” as you set in during configuration.

    -
    • -
-

2. Run SW360 and its dependencies

-

2.1. Run dependencies

-
-

Turn on the CouchDB and Postgres services

-
-
$ sudo systemctl start couchdb.service
-$ sudo systemctl start postgres@@12-main.service
-
-

Check if both are running:

-
-
$ sudo systemctl status couchdb.service
-$ sudo systemctl status postgres@@12-main.service
-
-

You should be able to see something like this:

-
-
... systemd[1]: Started PostgreSQL Cluster 12-main.
-...
-... halt systemd[1]: Started Apache CouchDB.
-
-

Run Liferay portal

-
-
$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh
-
-

Make sure to type correct path to the startup.sh file.

-
-

2.3. Run SW360

-
-

Open the localhost:8080 page from the browser +To do so, open this url from your browser:

http://127.0.0.1:8080
+

This will take time, around 5 min. +If you can see liferay page, then go to the following links to configure SW360 portal.

Notes:

2. Run SW360 and its dependencies

2.1. Run dependencies

Turn on the CouchDB and Postgres services

$ sudo systemctl start couchdb.service
+$ sudo systemctl start postgres@@12-main.service
+

Check if both are running:

$ sudo systemctl status couchdb.service
+$ sudo systemctl status postgres@@12-main.service
+

You should be able to see something like this:

... systemd[1]: Started PostgreSQL Cluster 12-main.
+...
+... halt systemd[1]: Started Apache CouchDB.
+

Run Liferay portal

$ ./deps/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/bin/startup.sh
+

Make sure to type correct path to the startup.sh file.

2.3. Run SW360

Open the localhost:8080 page from the browser If all the previous steps were successfuly done you will be able to see this page: -https://www.eclipse.org/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png -Now enjoy SW360 portal!

-
-

Check all services are working

-

To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ServiceURL/PortNotes
Tomcathttp://127.0.0.1:8080When Tomcat is installed without liferay it uses same 8080 port
Liferayhttp://127.0.0.1:8080If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page.
PostgreSQLhttp://127.0.0.1:5432
CouchDBhttp://127.0.0.1:5984/_utils
CVE-Searchhttp://127.0.0.1:5000/admin
-

Be aware of cautions and notes

-
-

There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it’s installation archive, that means you don’t have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay.

-
-
-

If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it’s version and reinstall it.

-
-
-

If you still face the problem with Thrift or Liferay page isn’t responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again:

-
-
THRIFT_VERSION=${THRIFT_VERSION:-0.16.0}
-
-

Native Install SW360 Version-14.0.0

-

SW360 Version up test

-

1. Overview

-

1.1 SW360 Portal

-

A software component catalogue application - designed to work with FOSSology.

-

SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. -It can manage SPDX files for maintaining the license conditions and maintain license information.

-

This material helps user to install SW360 14.0

-

1.2 Environment

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Package NameVersion
Ubuntu20.04
Apt2.0.2
Wget1.20.3
Curl7.68.0
Git2.25.1
Maven3.6.0
OpenJDK11.0.5
-

2.Install & Config proxy for Environment

-
2.1 Apt
-2.2 Wget
-2.3 Curl
-2.4 Git
-2.5 Maven
-2.6 OpenJDK 
-

2.1 Apt

-

Create file with name proxy.conf in folder /etc/apt/apt.conf.d

-
    -
  • $ sudo gedit /etc/apt/apt.conf.d/proxy.conf
    • -
-

Add the following line few files proxy.conf

-
    Acquire {
-        HTTP::proxy "http://username:password@server:port";
-        HTTPS::proxy "http://username:password@server:port";
-    }
-

2.2 Wget

-

Create file ~/.wgetrc

-
    -
  • $ sudo gedit ~/.wgetrc
    • -
-

Add the following line few files ~/.wgetrc

-
	use_proxy=yes
-	  http_proxy=http://username:password@server:port
-	  https_proxy=http://username:password@server:port
-

2.3 Curl

-

2.3.1 Install Curl

-
    -
  • $ sudo apt update
    • -
  • $ sudo apt install curl
    • -
-

2.3.2 Config proxy

-
    -
  • -

    Create file ~/.curlrc

    -
      -
    • $ sudo gedit ~/.curlrc
      • -
    -
    • -
  • -

    Add the following line few files ~/.curlrc

    -
    • -
-
    proxy=http://username:password@server:port/
-

2.4 Git

-

2.4.1 Install Git

-
    -
  • $ sudo apt update
    • -
  • $ sudo apt install git
    • -
-

2.4.2 Config proxy

-
    -
  • -

    Create file ~/.gitconfig

    -
      -
    • $ sudo gedit ~/.gitconfig
      • -
    -
    • -
  • -

    Add the following line few files ~/.gitconfig

    -
     [http]
-     proxy = http://username:password@server:port
-     sslverify = false
- [https]
-     proxy = http://username:password@server:port
-
    • -
-

2.5 Maven

-

2.5.1 Install Maven

-

*Go to back Home in Terminal

-
    -
  • $ sudo apt update
    • -
  • $ sudo apt install maven
    • -
-

2.5.2 Config proxy for Maven

-
    -
  • Create Folder with path /home/user/.m2
    • -
-
    -
  • $ mkdir /home/user/.m2
    • -
-
    -
  • Create File in Folder .m2
    • -
-
    -
  • $ touch /home/user/.m2/settings.xml
    • -
-

Check all services are working

To fully use SW360 you need to have following services running, please check one by one by opening your browser and typing url, or using curl from command line:

ServiceURL/PortNotes
Tomcathttp://127.0.0.1:8080When Tomcat is installed without liferay it uses same 8080 port
Liferayhttp://127.0.0.1:8080If Liferay version is correct you will see Liferay white-blue index page not Tomcat yellow-green page.
PostgreSQLhttp://127.0.0.1:5432
CouchDBhttp://127.0.0.1:5984/_utils
CVE-Searchhttp://127.0.0.1:5000/admin

Be aware of cautions and notes

There are various versions of Tomcat with or without Liferay, however here we use Liferay which has already bundled Tomcat inside it’s installation archive, that means you don’t have to install Tomcat separately. In this case, when script liferay- xxx / tomcat- yyy/start.sh is run, the 8080 page will be visible, and will be overwritten by Liferay.

If the service has problem with Liferay then you will not see Liferay blue-white page. If you see other than that then you need to go through 3rd step of Liferay installation, check it’s version and reinstall it.

If you still face the problem with Thrift or Liferay page isn’t responding properly, type this command in the shell, to set the missing Thrift version environment variable, and run the ./scripts/install-thrift.sh again, then start from 3rd step of installation again:

THRIFT_VERSION=${THRIFT_VERSION:-0.16.0}
+

Native Install SW360 Version-14.0.0

SW360 Version up test

1. Overview

1.1 SW360 Portal

A software component catalogue application - designed to work with FOSSology.

SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. +It can manage SPDX files for maintaining the license conditions and maintain license information.

This material helps user to install SW360 14.0

1.2 Environment

Package NameVersion
Ubuntu20.04
Apt2.0.2
Wget1.20.3
Curl7.68.0
Git2.25.1
Maven3.6.0
OpenJDK11.0.5

2.Install & Config proxy for Environment

2.1 Apt
+2.2 Wget
+2.3 Curl
+2.4 Git
+2.5 Maven
+2.6 OpenJDK 
+

2.1 Apt

Create file with name proxy.conf in folder /etc/apt/apt.conf.d

  • $ sudo gedit /etc/apt/apt.conf.d/proxy.conf

Add the following line few files proxy.conf

    Acquire {
+        HTTP::proxy "http://username:password@server:port";
+        HTTPS::proxy "http://username:password@server:port";
+    }
+

2.2 Wget

Create file ~/.wgetrc

  • $ sudo gedit ~/.wgetrc

Add the following line few files ~/.wgetrc

	use_proxy=yes
+	  http_proxy=http://username:password@server:port
+	  https_proxy=http://username:password@server:port
+

2.3 Curl

2.3.1 Install Curl

  • $ sudo apt update
  • $ sudo apt install curl

2.3.2 Config proxy

  • Create file ~/.curlrc

    • $ sudo gedit ~/.curlrc

  • Add the following line few files ~/.curlrc

    proxy=http://username:password@server:port/
+

2.4 Git

2.4.1 Install Git

  • $ sudo apt update
  • $ sudo apt install git

2.4.2 Config proxy

  • Create file ~/.gitconfig

    • $ sudo gedit ~/.gitconfig

  • Add the following line few files ~/.gitconfig

     [http]
+     proxy = http://username:password@server:port
+     sslverify = false
+ [https]
+     proxy = http://username:password@server:port
+

2.5 Maven

2.5.1 Install Maven

*Go to back Home in Terminal

  • $ sudo apt update
  • $ sudo apt install maven

2.5.2 Config proxy for Maven

  • Create Folder with path /home/user/.m2
  • $ mkdir /home/user/.m2
  • Create File in Folder .m2
  • $ touch /home/user/.m2/settings.xml

  • Copy the following lines into tag 

          <settings>
           <proxies>
               <proxy>
 
@@ -1163,123 +257,17 @@ It can manage SPDX files for maintaining the license conditions and maintain lic
               </proxy>
           </proxies>
       </settings>
-
    -
    • -
-

2.6 OpenJDK 11

-
    -
  • And install OpenJDK 11 -
      -
    • $ sudo apt install openjdk-11-jdk
      • -
    -
    • -
  • Check version: -
      -
    • $ java --version
      • -
    • Output:
      • -
    -
          openjdk version "11.0.15" 2022-04-19
-      OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1)
-      OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing)
-
      -
    • Install JDK successfully
      • -
    -
    • -
-

3. Native install 14.0 (without docker-compose)

-

The installation consists of some tasks::

-
3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules
-3.2 Install Couchdb version 3.2.2 
-3.3 Install Couchdb Lucene
-3.4 Clone Project sw360 with version 14
-3.5 Install Thrift version 14.0 
-3.6 Compiling and deploying
-3.7 Version Management Table
-

3.1 Install A Liferay Community Edition bundled with Tomcat

-
    -
  • -

    Make folder work in path of work: /home/user

    -
      -
    • $ mkdir work
      • -
    -
    • -
  • -

    Download Liferay Portal CE 7.3.4 GA5

    -
      -
    • $ cd work
      • -
    • $ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz
      • -
    -
    • -
  • -

    Extract downloaded file

    -
      -
    • $ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz
      • -
    -
    • -
  • -

    Set Environment for ${LIFERAY_INSTALL}

    -
      -
    • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
      • -
    -
    • -
  • -

    Move to ${LIFERAY_INSTALL}/deploy and Run command:

    -
      -
    • -

      $ cd ${LIFERAY_INSTALL}/deploy

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar

      -
      • -
    • -

      wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar

      -
      • -
    • -

      wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar

      -
      • -
    • -

      wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar

      -
      • -
    -
    • -
  • -

    Create portal-ext.properties file in liferay-ce-portal-7.3.4-ga5 folder

    -
    • -
  • -

    Copy content from https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties

    -
    • -
-
    -
  • -

    Edit portal-ext.properties: uncomment below lines

    -
      # default.admin.password=sw360fossy
+

2.6 OpenJDK 11

  • And install OpenJDK 11
    • $ sudo apt install openjdk-11-jdk
  • Check version:
    • $ java --version
    • Output:
          openjdk version "11.0.15" 2022-04-19
+      OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1)
+      OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing)
+
    • Install JDK successfully

3. Native install 14.0 (without docker-compose)

The installation consists of some tasks::

3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules
+3.2 Install Couchdb version 3.2.2 
+3.3 Install Couchdb Lucene
+3.4 Clone Project sw360 with version 14
+3.5 Install Thrift version 14.0 
+3.6 Compiling and deploying
+3.7 Version Management Table
+

3.1 Install A Liferay Community Edition bundled with Tomcat

  • Make folder work in path of work: /home/user

    • $ mkdir work

  • Download Liferay Portal CE 7.3.4 GA5

    • $ cd work
    • $ wget --no-check-certificate https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.4%20GA5/liferay-ce-portal-tomcat-7.3.4-ga5-20200811154319029.tar.gz/download -O liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz

  • Extract downloaded file

    • $ tar -xzf liferay-ce-portal-tomcat-7.3.4-ga5.tar.gz

  • Set Environment for ${LIFERAY_INSTALL}

    • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5

  • Move to ${LIFERAY_INSTALL}/deploy and Run command:

    • $ cd ${LIFERAY_INSTALL}/deploy

    • wget https://search.maven.org/remotecontent?filepath=commons-codec/commons-codec/1.12/commons-codec-1.12.jar -O commons-codec-1.12.jar

    • wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-collections4/4.4/commons-collections4-4.4.jar -O commons-collections4-4.4.jar

    • wget https://search.maven.org/remotecontent?filepath=org/apache/commons/commons-csv/1.4/commons-csv-1.4.jar -O commons-csv-1.4.jar

    • wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.6/commons-io-2.6.jar -O commons-io-2.6.jar

    • wget https://search.maven.org/remotecontent?filepath=commons-lang/commons-lang/2.4/commons-lang-2.4.jar -O commons-lang-2.4.jar

    • wget https://search.maven.org/remotecontent?filepath=commons-logging/commons-logging/1.2/commons-logging-1.2.jar -O commons-logging-1.2.jar

    • wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.5/gson-2.8.5.jar -O gson-2.8.5.jar

    • wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/21.0/guava-21.0.jar -O guava-21.0.jar

    • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.11.3/jackson-annotations-2.11.3.jar -O jackson-annotations-2.11.3.jar

    • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar -O jackson-core-2.11.3.jar

    • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.11.3/jackson-databind-2.11.3.jar -O jackson-databind-2.11.3.jar

    • wget https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.20/commons-compress-1.20.jar -O commons-compress-1.20.jar

    • wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -O libthrift-0.13.0.jar

  • Create portal-ext.properties file in liferay-ce-portal-7.3.4-ga5 folder

  • Copy content from https://github.com/eclipse/sw360/blob/sw360-14.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties

  • Edit portal-ext.properties: uncomment below lines

      # default.admin.password=sw360fossy
 
   # default.admin.screen.name=setup
 
@@ -1288,879 +276,245 @@ It can manage SPDX files for maintaining the license conditions and maintain lic
   # default.admin.first.name=Setup
 
   # default.admin.last.name=Administrator
-
    -
    • -
-
    -
  • -

    Remove files in folder hypersonic with path: /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic

    -
      -
    • $ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*
      • -
    -
    • -
  • -

    Move folder liferay-ce-portal-7.3.4-ga5 to /opt

    -
      -
    • $ sudo mv liferay-ce-portal-7.3.4-ga5 /opt
      • -
    -
    • -
-

3.2 Install Couchdb version 3.2.2

-
    -
  • -

    Run the following commands:

    -
      -
    • $ sudo apt update && sudo apt install -y curl apt-transport-https gnupg
      • -
    • $ curl https://couchdb.apache.org/repo/keys.asc | gpg --dearmor | sudo tee /usr/share/keyrings/couchdb-archive-keyring.gpg >/dev/null 2>&1
      • -
    • $ source /etc/os-release
      • -
    • $ echo "deb [signed-by=/usr/share/keyrings/couchdb-archive-keyring.gpg] https://apache.jfrog.io/artifactory/couchdb-deb/ ${VERSION_CODENAME} main" \ -| sudo tee /etc/apt/sources.list.d/couchdb.list >/dev/null
      • -
    • $ sudo apt update
      • -
    • $ sudo apt install -y couchdb
      • -
    -
    • -
  • -

    Config and Setup Couchdb follow images:

    - - -

     

    -
      -
    • Config node name
      +

    • Remove files in folder hypersonic with path: /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic

      • $ rm -rf /home/user/work/liferay-ce-portal-7.3.4-ga5/data/hypersonic/*

    • Move folder liferay-ce-portal-7.3.4-ga5 to /opt

      • $ sudo mv liferay-ce-portal-7.3.4-ga5 /opt

    3.2 Install Couchdb version 3.2.2

    -

    3.3 Install Couchdb Lucene

    -
      -
    • -

      SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene

      -
      • -
    • -

      Run command download Couchdb Lucene

      -
        -
      • wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz
        • -
      -
      • -
    • -

      Note Extract liferay To folder work with path of work: /home/user/work

      -
        -
      • tar -xzf couchdb-lucene.tar.gz
        • -
      -
      • -
    • -

      Run command:

      -
        -
      • cd couchdb-lucene-2.1.0
        • -
      • sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini
        • -
      • sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini
        • -
      • wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch
        • -
      • patch -p1 < couchdb-lucene.patch
        • -
      • mvn clean install war:war
        • -
      • cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.3.4-ga5/tomcat-9.0.33/webapps/couchdb-lucene.war
        • -
      -
      • -
    -

    3.4 Clone sw360 with version 14.0.0

    -
      -
    • -

      Clone sw360 source code to folder work with path: /home/user/work

      -
        -
      • $ git clone https://github.com/eclipse/sw360
        • -
      -
      • -
    • -

      Checkout to tag 14.0.0 version

      -
        -
      • $ cd sw360
        • -
      • $ git checkout sw360-14.0.0-M1
        • -
      -
      • -
    -

    3.5 Install Thrift version 0.14

    -
      -
    • -

      For thrift, we need version 0.14. The installation script in Path: SW360_REPOSITORY/scripts/install-thrift.sh

      -
      • -
    • -

      Run command:

      -
        -
      • $ chmod +x install-thrift.sh
        • -
      • $ sudo ./install-thrift.sh
        • -
      -
      • -
    -

    In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14

    -
      -
    • -

      Check version thrift

      -
        -
      • -

        $ thrift --version

        -
        • -
      • -

        Output:

        -
        • -
      -
          Thrift version 0.14.0
-
        -
      • Install Thrift successfully
        • -
      -
      • -
    -

    3.6 Compile and deploy

    -
      -
    • -

      Start couchdb

      -
        -
      • $ sudo service couchdb start
        • -
      -
      • -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ cd /home/user/work/sw360
        • -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    -
      -
    1. -

      To clean everything and install without running the tests

      -
        -
      • $ mvn clean install -DskipTests
        • -
      -
      2. -
    2. -

      For deployment run the command

      -
        -
      • mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests
        • -
      -
      3. -
    -

    3.6.1 Start and Configure Liferay

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    • -

      Start liferay

      -
        -
      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh
        • -
      -
      • -
    • -

      Log

      -
        -
      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*
        • -
      -
      • -
    • -

      Url SW360 : https://localhost:8080

      -
      • -
    -

    3.6.2 Configure Liferay Portal

    - -
      -
    • Import users -
        -
      1. Open the panel on the left side by clicking the button on the top left.
        2. -
      2. Click on SW360 on the top right to go to the homepage.
        3. -
      3. Click on Start inside the “Welcome” section.
        4. -
      4. Go to Admin -> User (URL: /group/guest/users).
        5. -
      5. Scroll down to section UPLOAD USERS, select a user file from the very -beginning and click Upload Users on the right side. A user file can be found here in the sw360vagrant project -* Download: $ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv
        6. -
      -
      • -
    -

    3.7 Version Management Table (sw360 14.0)

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Liferay7.3.4
    Tomcat9.0.33
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.14.0
    SW36014.0.0
    -

    3.8 Config couchdb with Sw360 (sw360 14.0)

    -
      -
    • -

      Create folder sw360 in path /etc/

      -
        -
      • sudo mkdir sw360
        • -
      -
      • -
    • -

      Create 2 folder authorization and rest in path /etc/sw360

      -
        -
      • sudo mkdir authorization
        • -
      • sudo mkdir rest
        • -
      -
      • -
    • -

      Create file application.yml in path /etc/sw360/authorizaton with content:

      -
      • -
    -
            #
-        # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project.
-        #
-        # This program and the accompanying materials are made
-        # available under the terms of the Eclipse Public License 2.0
-        # which is available at https://www.eclipse.org/legal/epl-2.0/
-        #
-        # SPDX-License-Identifier: EPL-2.0
-        #
-
-        # Port to open in standalone mode
-        server:
-        port: 8090
-
-        # Connection to the couch databases. Will be used to store client credentials
-        couchdb:
-        url: http://localhost:5984
-        database: sw360oauthclients
-        # if your couchdb does not use authentication, pls just don't use the settings for username and password
-        username: admin
-        password: password
-
-        jwt:
-        secretkey: sw360SecretKey
-
-        spring:
-        jackson:
-            serialization:
-            indent_output: true
-
-        # Common SW360 properties
-        sw360:
-        # The url of the Liferay instance
-        sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
-        # The id of the company in Liferay that sw360 is run for
-        sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101}
-        # Allowed origins that should be set in the header
-        cors:
-            allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
-        security:
-        # Configuration for enabling authorization via headers, e.g. when using SSO
-        # in combination with a reverse proxy server
-        customheader:
-            headername:
-            # You have to enable authorization by headers explicitly here
-            enabled: false
-            # Attention: please make sure that the proxy is removing there headers
-            # if they are coming from anywhere else then the authentication server
-            intermediateauthstore: custom-header-auth-marker
-            email: authenticated-email
-            extid: authenticated-extid
-            # also available - at least in saml pre auth - are "givenname", "surname" and "department"
-
-        oauth2:
-            resource:
-            id: sw360-REST-API
-
      -
    • Create file application.yml in path /etc/sw360/rest with content:
      • -
    -
            #
-        # Copyright Siemens AG, 2017. Part of the SW360 Portal Project.
-        # Copyright Bosch.IO GmbH 2020
-        #
-        # This program and the accompanying materials are made
-        # available under the terms of the Eclipse Public License 2.0
-        # which is available at https://www.eclipse.org/legal/epl-2.0/
-        #
-        # SPDX-License-Identifier: EPL-2.0
-        #
-
-        server:
-        port: 8091
-
-        management:
-        endpoints:
-            enabled-by-default: false
-            web:
-            base-path:
-        endpoint:
-            health:
-            enabled: true
-            show-details: always
-            info:
-            enabled: true
-            web:
-            base-path: /
-
-        spring:
-        servlet:
-            multipart:
-            max-file-size: 500MB
-            max-request-size: 600MB
-
-        # logging:
-        #   level:
-        #     org.springframework.web: DEBUG
-
-        security:
-        oauth2:
-            resource:
-            id: sw360-REST-API
-            jwt:
-                keyValue: |
-                -----BEGIN PUBLIC KEY-----
-                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
-                VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
-                6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
-                5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
-                9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
-                d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
-                PQIDAQAB
-                -----END PUBLIC KEY-----
-
-        sw360:
-        thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
-        test-user-id: admin@sw360.org
-        test-user-password: sw360-password
-        couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
-        cors:
-            allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
      -
    • Create file couchdb.properties in path /etc/sw360 with content:
      • -
    -
            #
-        # Copyright Siemens AG, 2020. Part of the SW360 Portal Project.
-        #
-        # This program and the accompanying materials are made
-        # available under the terms of the Eclipse Public License 2.0
-        # which is available at https://www.eclipse.org/legal/epl-2.0/
-        #
-        # SPDX-License-Identifier: EPL-2.0
-        #
-
-        couchdb.url = http://localhost:5984
-        couchdb.user = admin
-        couchdb.password = password
-        couchdb.database = sw360db
-        couchdb.usersdb = sw360users
-        couchdb.attachments = sw360attachments
-        lucenesearch.limit = 10000
-
      -
    • Create file sw360.properties and /etc/sw360 with content:
      • -
    -
            # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project.
-        #
-        # This program and the accompanying materials are made
-        # available under the terms of the Eclipse Public License 2.0
-        # which is available at https://www.eclipse.org/legal/epl-2.0/
-        #
-        # SPDX-License-Identifier: EPL-2.0
-        #
-
-        # common property file for the backend services
-        backend.url= http://localhost:8080
-
-        licenseinfo.spdxparser.use-license-info-from-files=true
-        mainline.state.enabled.for.user=false
-
-        # settings for the mail utility:
-        # if host is not set, e-mailing is disabled
-        MailUtil_host=
-        MailUtil_from=__No_Reply__@sw360.org
-        MailUtil_port=25
-        MailUtil_enableStarttls=
-        MailUtil_enableSsl=
-        MailUtil_isAuthenticationNecessary=
-        MailUtil_login=
-        MailUtil_password=
-        MailUtil_enableDebug=
-        MailUtil_supportMailAddress=
-
-        # text patterns for mail utility
-        defaultBegin = \
-        *** This is an automatically generated email, please do not reply. ***\n\n\
-        Dear SW360-user,\n\n
-        defaultEnd = \
-        With best regards,\n\
-        SW360-support
-        unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify:
-        unsubscribeNoticeAfter =. ***
-
-        subjectForNewModerationRequest= New moderation request
-        subjectForUpdateModerationRequest= Update on moderation request
-        subjectForAcceptedModerationRequest= Your moderation request has been accepted
-        subjectForDeclinedModerationRequest= Your moderation request has been declined
-        subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined
-        subjectForNewComponent= New component created
-        subjectForUpdateComponent= Component updated
-        subjectForNewRelease= New release created
-        subjectForUpdateRelease= Release updated
-        subjectForNewProject= New project created
-        subjectForUpdateProject= Project updated
-        subjectForNewClearingRequest= New clearing request <%s> for Project <%s>
-        subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s>
-        subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s>
-        subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s>
-        subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s>
-        subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated
-
-        textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n
-        textForUpdateModerationRequest= \
-        one of the moderation requests previously added to your \
-        SW360-account has been updated.\n\n
-        textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n
-        textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n
-        textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n
-        textForNewComponent= a new component %s, in which you take part, has been created.\n\n
-        textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n
-        textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n
-        textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n
-        textForNewProject= a new project %s %s, in which you take part, has been created.\n\n
-        textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n
-        textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n
-        textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n
-        #attachment.store.file.system.location=/opt/sw360tempattachments
-        #enable.attachment.store.to.file.system=false
-        #attachment.store.file.system.permission=rwx------
-        #attachemnt.delete.no.of.days=30
-
-        #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder.
-        #sw360changelog.config.file.location=/etc/sw360/log4j2.xml
-        enable.sw360.change.log=false
-        sw360changelog.output.path=sw360changelog/sw360changelog
-

    References for more information

    - -

    License

    -

    [SPDX-License-Identifier: EPL-2.0]

    - - - -
    - Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae) -
    - -
- - -
-
-
- - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file + +
Card image cap
Status Stop Couchdb

  • Url and account when config couchdb

    • Username: admin
    • Password: password
    • Url: http://localhost:5984/_utils

  • Command Line When Start, Stop, check status Couchdb

    • Start Couchdb: $ sudo service couchdb start
    • Stop Couchdb: $ sudo service couchdb stop
    • Check status: $ sudo service couchdb status

    • 3.3 Install Couchdb Lucene

    3.4 Clone sw360 with version 14.0.0

    3.5 Install Thrift version 0.14

    In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.14

    3.6 Compile and deploy

    1. To clean everything and install without running the tests

      • $ mvn clean install -DskipTests

    2. For deployment run the command

      • mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests

    3.6.1 Start and Configure Liferay

    3.6.2 Configure Liferay Portal

    3.7 Version Management Table (sw360 14.0)

    Package NameVersion
    Liferay7.3.4
    Tomcat9.0.33
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.14.0
    SW36014.0.0

    3.8 Config couchdb with Sw360 (sw360 14.0)

            #
+        # Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project.
+        #
+        # This program and the accompanying materials are made
+        # available under the terms of the Eclipse Public License 2.0
+        # which is available at https://www.eclipse.org/legal/epl-2.0/
+        #
+        # SPDX-License-Identifier: EPL-2.0
+        #
+
+        # Port to open in standalone mode
+        server:
+        port: 8090
+
+        # Connection to the couch databases. Will be used to store client credentials
+        couchdb:
+        url: http://localhost:5984
+        database: sw360oauthclients
+        # if your couchdb does not use authentication, pls just don't use the settings for username and password
+        username: admin
+        password: password
+
+        jwt:
+        secretkey: sw360SecretKey
+
+        spring:
+        jackson:
+            serialization:
+            indent_output: true
+
+        # Common SW360 properties
+        sw360:
+        # The url of the Liferay instance
+        sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
+        # The id of the company in Liferay that sw360 is run for
+        sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101}
+        # Allowed origins that should be set in the header
+        cors:
+            allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
+        security:
+        # Configuration for enabling authorization via headers, e.g. when using SSO
+        # in combination with a reverse proxy server
+        customheader:
+            headername:
+            # You have to enable authorization by headers explicitly here
+            enabled: false
+            # Attention: please make sure that the proxy is removing there headers
+            # if they are coming from anywhere else then the authentication server
+            intermediateauthstore: custom-header-auth-marker
+            email: authenticated-email
+            extid: authenticated-extid
+            # also available - at least in saml pre auth - are "givenname", "surname" and "department"
+
+        oauth2:
+            resource:
+            id: sw360-REST-API
+
            #
+        # Copyright Siemens AG, 2017. Part of the SW360 Portal Project.
+        # Copyright Bosch.IO GmbH 2020
+        #
+        # This program and the accompanying materials are made
+        # available under the terms of the Eclipse Public License 2.0
+        # which is available at https://www.eclipse.org/legal/epl-2.0/
+        #
+        # SPDX-License-Identifier: EPL-2.0
+        #
+
+        server:
+        port: 8091
+
+        management:
+        endpoints:
+            enabled-by-default: false
+            web:
+            base-path:
+        endpoint:
+            health:
+            enabled: true
+            show-details: always
+            info:
+            enabled: true
+            web:
+            base-path: /
+
+        spring:
+        servlet:
+            multipart:
+            max-file-size: 500MB
+            max-request-size: 600MB
+
+        # logging:
+        #   level:
+        #     org.springframework.web: DEBUG
+
+        security:
+        oauth2:
+            resource:
+            id: sw360-REST-API
+            jwt:
+                keyValue: |
+                -----BEGIN PUBLIC KEY-----
+                MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
+                VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
+                6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
+                5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
+                9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
+                d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
+                PQIDAQAB
+                -----END PUBLIC KEY-----
+
+        sw360:
+        thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
+        test-user-id: admin@sw360.org
+        test-user-password: sw360-password
+        couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
+        cors:
+            allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
            #
+        # Copyright Siemens AG, 2020. Part of the SW360 Portal Project.
+        #
+        # This program and the accompanying materials are made
+        # available under the terms of the Eclipse Public License 2.0
+        # which is available at https://www.eclipse.org/legal/epl-2.0/
+        #
+        # SPDX-License-Identifier: EPL-2.0
+        #
+
+        couchdb.url = http://localhost:5984
+        couchdb.user = admin
+        couchdb.password = password
+        couchdb.database = sw360db
+        couchdb.usersdb = sw360users
+        couchdb.attachments = sw360attachments
+        lucenesearch.limit = 10000
+
            # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project.
+        #
+        # This program and the accompanying materials are made
+        # available under the terms of the Eclipse Public License 2.0
+        # which is available at https://www.eclipse.org/legal/epl-2.0/
+        #
+        # SPDX-License-Identifier: EPL-2.0
+        #
+
+        # common property file for the backend services
+        backend.url= http://localhost:8080
+
+        licenseinfo.spdxparser.use-license-info-from-files=true
+        mainline.state.enabled.for.user=false
+
+        # settings for the mail utility:
+        # if host is not set, e-mailing is disabled
+        MailUtil_host=
+        MailUtil_from=__No_Reply__@sw360.org
+        MailUtil_port=25
+        MailUtil_enableStarttls=
+        MailUtil_enableSsl=
+        MailUtil_isAuthenticationNecessary=
+        MailUtil_login=
+        MailUtil_password=
+        MailUtil_enableDebug=
+        MailUtil_supportMailAddress=
+
+        # text patterns for mail utility
+        defaultBegin = \
+        *** This is an automatically generated email, please do not reply. ***\n\n\
+        Dear SW360-user,\n\n
+        defaultEnd = \
+        With best regards,\n\
+        SW360-support
+        unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify:
+        unsubscribeNoticeAfter =. ***
+
+        subjectForNewModerationRequest= New moderation request
+        subjectForUpdateModerationRequest= Update on moderation request
+        subjectForAcceptedModerationRequest= Your moderation request has been accepted
+        subjectForDeclinedModerationRequest= Your moderation request has been declined
+        subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined
+        subjectForNewComponent= New component created
+        subjectForUpdateComponent= Component updated
+        subjectForNewRelease= New release created
+        subjectForUpdateRelease= Release updated
+        subjectForNewProject= New project created
+        subjectForUpdateProject= Project updated
+        subjectForNewClearingRequest= New clearing request <%s> for Project <%s>
+        subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s>
+        subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s>
+        subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s>
+        subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s>
+        subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated
+
+        textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n
+        textForUpdateModerationRequest= \
+        one of the moderation requests previously added to your \
+        SW360-account has been updated.\n\n
+        textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n
+        textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n
+        textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n
+        textForNewComponent= a new component %s, in which you take part, has been created.\n\n
+        textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n
+        textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n
+        textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n
+        textForNewProject= a new project %s %s, in which you take part, has been created.\n\n
+        textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n
+        textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n
+        textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n
+        #attachment.store.file.system.location=/opt/sw360tempattachments
+        #enable.attachment.store.to.file.system=false
+        #attachment.store.file.system.permission=rwx------
+        #attachemnt.delete.no.of.days=30
+
+        #Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder.
+        #sw360changelog.config.file.location=/etc/sw360/log4j2.xml
+        enable.sw360.change.log=false
+        sw360changelog.output.path=sw360changelog/sw360changelog
+

    References for more information

    License

    [SPDX-License-Identifier: EPL-2.0]

    Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
    + + + \ No newline at end of file diff --git a/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html b/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html index 84765ae..f426c49 100644 --- a/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html +++ b/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html @@ -1,766 +1,108 @@ - - - - - - - - - - - - - - - - - - - - -Native Install v17 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Native Install v17

    -
    Native-Install-Version-17
    -
    - - - - - - - - - - - - - -
    -

    How to install and run SW360 v17.0.0

    -

    These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.

    -

    This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.

    -

    It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.

    -

    SW360 is an Open Source project. The SW360 repository and SW360 website repositories are published on GitHub.

    -

    1. Overview

    -

    1.1 SW360 Portal

    -

    A software component catalogue application - designed to work with FOSSology.

    -

    SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within. -It can manage SPDX files for maintaining the license conditions and maintain license information.

    -

    This material helps user to install SW360 17.0.0

    -

    1.2 Environment

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Ubuntu20.04
    Apt2.0.2
    Wget1.20.3
    Curl7.68.0
    Git2.25.1
    Maven3.6.0
    OpenJDK11.0.5
    -

    2.Install & Config proxy for Environment

    -
    2.1 Apt
-2.2 Wget
-2.3 Curl
-2.4 Git
-2.5 Maven
-2.6 OpenJDK 
-

    2.1 Apt

    -

    Create file with name proxy.conf in folder /etc/apt/apt.conf.d

    -
      -
    • $ sudo gedit /etc/apt/apt.conf.d/proxy.conf
      • -
    -

    Add the following line few files proxy.conf

    -
        Acquire {
-        HTTP::proxy "http://username:password@server:port";
-        HTTPS::proxy "http://username:password@server:port";
-    }
-

    2.2 Wget

    -

    Create file ~/.wgetrc

    -
      -
    • $ sudo gedit ~/.wgetrc
      • -
    -

    Add the following line few files ~/.wgetrc

    -
    	use_proxy=yes
-	  http_proxy=http://username:password@server:port
-	  https_proxy=http://username:password@server:port
-

    2.3 Curl

    -

    2.3.1 Install Curl

    -
      -
    • $ sudo apt update
      • -
    • $ sudo apt install curl
      • -
    -

    2.3.2 Config proxy

    -
      -
    • -

      Create file ~/.curlrc

      -
        -
      • $ sudo gedit ~/.curlrc
        • -
      -
      • -
    • -

      Add the following line few files ~/.curlrc

      -
      • -
    -
        proxy=http://username:password@server:port/
-

    2.4 Git

    -

    2.4.1 Install Git

    -
      -
    • $ sudo apt update
      • -
    • $ sudo apt install git
      • -
    -

    2.4.2 Config proxy

    -
      -
    • -

      Create file ~/.gitconfig

      -
        -
      • $ sudo gedit ~/.gitconfig
        • -
      -
      • -
    • -

      Add the following line few files ~/.gitconfig

      -
       [http]
-     proxy = http://username:password@server:port
-     sslverify = false
- [https]
-     proxy = http://username:password@server:port
-
      • -
    -

    2.5 Maven

    -

    2.5.1 Install Maven

    -

    *Go to back Home in Terminal

    -
      -
    • $ sudo apt update
      • -
    • $ sudo apt install maven
      • -
    -

    2.5.2 Config proxy for Maven

    -
      -
    • Create Folder with path /home/user/.m2
      • -
    -
      -
    • $ mkdir /home/user/.m2
      • -
    -
      -
    • Create File in Folder .m2
      • -
    -
      -
    • $ touch /home/user/.m2/settings.xml
      • -
    -
      -
    • -

      Copy the following lines into tag

      -
            <settings>
+Native Install v17 | Eclipse SW360
+
      Native Install v17
      Native-Install-Version-17
      How to install and run SW360 v17.0.0
      These instructions worked on Ubuntu 20.04 and has detailed explanations for newcomers.
      This is a guide with detailed explanation of how to install and run SW360 natively on you local machine.
      It includes installation of all dependencies manually, which will not use docker or other container system during the installation or run.
      SW360 is an Open Source project. The SW360 repository and SW360 website repositories are published on GitHub.
      1. Overview
      1.1 SW360 Portal
      A software component catalogue application - designed to work with FOSSology.
      SW360 is a server with a REST interface and a Liferay CE portal application to maintain your projects / products and the software components within.
+It can manage SPDX files for maintaining the license conditions and maintain license information.
      This material helps user to install SW360 17.0.0
      1.2 Environment
      Package NameVersion
      Ubuntu20.04
      Apt2.0.2
      Wget1.20.3
      Curl7.68.0
      Git2.25.1
      Maven3.6.0
      OpenJDK11.0.5
      2.Install & Config proxy for Environment
      2.1 Apt
+2.2 Wget
+2.3 Curl
+2.4 Git
+2.5 Maven
+2.6 OpenJDK 
+
      2.1 Apt
      Create file with name proxy.conf in folder /etc/apt/apt.conf.d
      • $ sudo gedit /etc/apt/apt.conf.d/proxy.conf
      Add the following line few files proxy.conf
          Acquire {
+        HTTP::proxy "http://username:password@server:port";
+        HTTPS::proxy "http://username:password@server:port";
+    }
+
      2.2 Wget
      Create file ~/.wgetrc
      • $ sudo gedit ~/.wgetrc
      Add the following line few files ~/.wgetrc
      	use_proxy=yes
+	  http_proxy=http://username:password@server:port
+	  https_proxy=http://username:password@server:port
+
      2.3 Curl
      2.3.1 Install Curl
      • $ sudo apt update
      • $ sudo apt install curl
      2.3.2 Config proxy
      • Create file ~/.curlrc
        • $ sudo gedit ~/.curlrc
      • Add the following line few files ~/.curlrc
          proxy=http://username:password@server:port/
+
      2.4 Git
      2.4.1 Install Git
      • $ sudo apt update
      • $ sudo apt install git
      2.4.2 Config proxy
      • Create file ~/.gitconfig
        • $ sudo gedit ~/.gitconfig
      • Add the following line few files ~/.gitconfig
         [http]
+     proxy = http://username:password@server:port
+     sslverify = false
+ [https]
+     proxy = http://username:password@server:port
+
      2.5 Maven
      2.5.1 Install Maven
      *Go to back Home in Terminal
      • $ sudo apt update
      • $ sudo apt install maven
      2.5.2 Config proxy for Maven
      • Create Folder with path /home/user/.m2
      • $ mkdir /home/user/.m2
      • Create File in Folder .m2
      • $ touch /home/user/.m2/settings.xml
      • Copy the following lines into tag 
              <settings>
           <proxies>
               <proxy>
 
@@ -803,76 +145,17 @@ It can manage SPDX files for maintaining the license conditions and maintain lic
               </proxy>
           </proxies>
       </settings>
-
        
-
        • 
-
      
-
      2.6 OpenJDK 11
      
-
        
-
      • And install OpenJDK 11
-
          
-
        • $ sudo apt install openjdk-11-jdk
          • 
-
        
-
        • 
-
      • Check version:
-
          
-
        • $ java --version
          • 
-
        • Output:
          • 
-
        
-
              openjdk version "11.0.15" 2022-04-19
-      OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1)
-      OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing)
-
          
-
        • Install JDK successfully
          • 
-
        
-
        • 
-
      
-
      3. Native install 17.0.0 (without docker-compose)
      
-
      The installation consists of some tasks::
      
-
      3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules
-3.2 Install Couchdb version 3.2.2 
-3.3 Install Couchdb Lucene
-3.4 Clone Project sw360 with version 17.0.0
-3.5 Install Thrift version 16.0
-3.6 Compiling and deploying
-3.7 Version Management Table
-
      3.1 Install A Liferay Community Edition bundled with Tomcat
      
-
        
-
      • 
-
        Make folder work in path of work: /home/user
        
-
          
-
        • $ mkdir work
          • 
-
        
-
        • 
-
      • 
-
        Download Liferay Portal CE 7.4.3.18 GA18
        
-
          
-
        • $ cd work
          • 
-
        • $ wget  https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz
          • 
-
        
-
        • 
-
      • 
-
        Extract downloaded file
        
-
          
-
        • $ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz
          • 
-
        
-
        • 
-
      • 
-
        Set Environment for ${LIFERAY_INSTALL}
        
-
          
-
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
          • 
-
        
-
        • 
-
      • 
-
        Create portal-ext.properties file in liferay-ce-portal-7.4.3.18-ga18 folder
        
-
        • 
-
      • 
-
        Copy content from  https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties
        
-
        • 
-
      
-
        
-
      • 
-
        Edit portal-ext.properties: uncomment below lines
        
-
          # default.admin.password=sw360fossy
+
      2.6 OpenJDK 11
      • And install OpenJDK 11
        • $ sudo apt install openjdk-11-jdk
      • Check version:
        • $ java --version
        • Output:
              openjdk version "11.0.15" 2022-04-19
+      OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1)
+      OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.18.04.1, mixed mode, sharing)
+
        • Install JDK successfully
      3. Native install 17.0.0 (without docker-compose)
      The installation consists of some tasks::
      3.1 Install A Liferay Community Edition bundled with Tomcat and download dependencies as OSGi modules
+3.2 Install Couchdb version 3.2.2 
+3.3 Install Couchdb Lucene
+3.4 Clone Project sw360 with version 17.0.0
+3.5 Install Thrift version 16.0
+3.6 Compiling and deploying
+3.7 Version Management Table
+
      3.1 Install A Liferay Community Edition bundled with Tomcat
      • Make folder work in path of work: /home/user
        • $ mkdir work
      • Download Liferay Portal CE 7.4.3.18 GA18
        • $ cd work
        • $ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz
      • Extract downloaded file
        • $ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz
      • Set Environment for ${LIFERAY_INSTALL}
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
      • Create portal-ext.properties file in liferay-ce-portal-7.4.3.18-ga18 folder
      • Copy content from https://github.com/eclipse/sw360/blob/sw360-17.0.0-M1/frontend/configuration/portal-ext.properties to portal-ext.properties
      • Edit portal-ext.properties: uncomment below lines
          # default.admin.password=sw360fossy
 
   # default.admin.screen.name=setup
 
@@ -881,1121 +164,325 @@ It can manage SPDX files for maintaining the license conditions and maintain lic
   # default.admin.first.name=Setup
 
   # default.admin.last.name=Administrator
-
        
-
        • 
-
      • 
-
        Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password
        
-
        • 
-
      
-
          # Postgres configuration
-    jdbc.default.driverClassName=org.postgresql.Driver
-    jdbc.default.url=jdbc:postgresql://localhost:5432/lportal
-    jdbc.default.username=${postgres_user}
-    jdbc.default.password=${postgres_password}
-
        
-
      • Add lines to setup passsword policies
        • 
-
      
-
          # Passsword policies
-    passwords.default.policy.change.required=false
-    company.security.send.password.reset.link=false
-    company.security.auto.login=false
-    company.security.auth.type=emailAddress
-    company.security.strangers=false
-    company.security.strangers.with.mx=false
-    company.security.strangers.verify=false
-
        
-
      • 
-
        Remove files in folder hypersonic with path: /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic
        
-
          
-
        • $ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*
          • 
-
        
-
        • 
-
      • 
-
        Move folder liferay-ce-portal-7.4.3.18-ga18 to /opt
        
-
          
-
        • $ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt
          • 
-
        
-
        • 
-
      
-
      3.2 Install Database
      
-
      3.2.1 Install Couch DB
      
-
        
-
      • To install from aptitute  type:
        • 
-
      
-
      $ sudo apt update
-$ sudo apt install -y couchdb
-
        
-
      • 
-
        You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials.
        
-
        • 
-
      • 
-
        After, run CouchDb service, check if it’s working:
        
-
        • 
-
      
-
      $ sudo systemctl start couchdb.service
-
        
-
      • Check if CouchDB is responding:
        • 
-
      
-
      $ curl localhost:5984
-
        
-
      • This should return json containing version information
        • 
-
      • You can use “start/stop/status/restart” command with systemctl for controlling CouchDB service.
        • 
-
      
-
      Install Couchdb Lucene
      
-
        
-
      • 
-
        SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene
        
-
        • 
-
      • 
-
        Run command download Couchdb Lucene
        
-
          
-
        • wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz
          • 
-
        
-
        • 
-
      • 
-
        Note extract couchdb-lucene to folder work with path of work: /home/user/work
        
-
          
-
        • tar -xzf couchdb-lucene.tar.gz
          • 
-
        
-
        • 
-
      • 
-
        Run command:
        
-
          
-
        • cd couchdb-lucene-2.1.0
          • 
-
        • sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini 
          • 
-
        • sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini 
          • 
-
        • wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch 
          • 
-
        • patch -p1 < couchdb-lucene.patch 
          • 
-
        • mvn clean install war:war
          • 
-
        • cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war
          • 
-
        
-
        • 
-
      
-
      3.2.2 Install PostgreSQL
      
-
        
-
      • Install PostgerSQL manually, you can install through “apt install” too:
        • 
-
      
-
      $ sudo apt install zlib1g-dev -y
-$ sudo apt install libreadline-dev -y
-$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz
-$ tar -xvf postgresql-10.14.tar.gz 
-$ cd postgresql-10.14/
-$ mkdir -p  /PATH_TO/sw360postgres
-$ ./configure -prefix=/PATH_TO/sw360postgres
-$ make
-$ sudo make install
-
        
-
      • Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.
        • 
-
      
-
      $ vim ~/.bashrc
-
        
-
      • Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as “/home/username”:
        • 
-
      
-
      $ export PATH=$HOME/sw360postgres/bin:$PATH
-$ export PGDATA=$HOME/sw360postgres/data
-$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib
-$ export PGPORT=5432
-
        
-
      • Check if paths have been set, result must be the absolute paths:
        • 
-
      
-
      $ echo $PATH
-$ echo $PGDATA
-$ echo $LD_LIBRARY_PATH
-$ echo $PGPORT
-
        
-
      • After paths are set, postgres service can be run:
        • 
-
      
-
      $  cd /PATH_TO/sw360postgres/bin
-$ ./initdb --encoding=UTF8 --no-locale
-$ ./pg_ctl start
-
        
-
      • You will see that the server has started.
        • 
-
      • Note: If you installed through “apt install” then start the postgres service by following command, where after @ comes the installed version, if postgres isn’t running you won’t be able to connect to the server, and the error message is not explaining well that server isn’t actually running at the moment:
        • 
-
      
-
      sudo systemctl status postgresql@12-main.service
-sudo systemctl start postgresql@12-main.service
-
        
-
      • Postgres will create an user with username ${ubuntu_user} (username login to ubuntu)
        • 
-
      • Use theses command to change password of user ${ubuntu_user} in postgres sql.
        • 
-
      
-
      $ psql postgres
-postgres=# \du
-postgres=# create database lportal;
-postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy';
-postgres=# ALTER ROLE ${ubuntu_user} with superuser;
-postgres=# \q
-
        
-
      • Connect to postgres shell, and check users information
        • 
-
      
-
      $ psql -d lportal
-# \du
-# \dt
-# \l
-
      
-
        
-
      • Follow these detailed instructions:
        • 
-
      
-
      [https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst]
-
        
-
      • To connect it to SW360, see following instructions:
        • 
-
      
-
      https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/
-
      Notes:
      
-
        
-
      • In the instruction be careful with setting apt link for mongodb, if somehow it destroys your “sudo apt update” command, go to “/etc/apt/sources.list” file and comment out the broken line, that’s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.
        • 
-
      
-
      3.4 Clone sw360 with version 17.0.0
      
-
        
-
      • 
-
        Clone sw360 source code to folder work with path: /home/user/work
        
-
          
-
        • $ git clone https://github.com/eclipse/sw360
          • 
-
        
-
        • 
-
      • 
-
        Checkout to tag 17.0.0 version
        
-
          
-
        • $ cd sw360
          • 
-
        • $ git checkout  sw360-17.0.0-M1
          • 
-
        
-
        • 
-
      • 
-
        export path to repository sw360
        
-
          
-
        • $ export SW360_REPOSITORY=/home/user/work/sw360
          • 
-
        
-
        • 
-
      
-
      3.5 Install Thrift version 0.16
      
-
        
-
      • 
-
        For thrift, we need version 0.16. The installation script in Path: ${SW360_REPOSITORY}/scripts/install-thrift.sh
        
-
        • 
-
      • 
-
        Run command to install libraries:
        
-
          
-
        • $ sudo apt-get install -y clang-tidy
          • 
-
        • $ sudo apt-get install flex
          • 
-
        • $ sudo apt-get install -y clang-tools
          • 
-
        • $ sudo apt-get install bison
          • 
-
        • $ sudo apt-get install cmake
          • 
-
        
-
        • 
-
      • 
-
        Run command:
        
-
          
-
        • $ chmod +x install-thrift.sh
          • 
-
        • $ sudo ./install-thrift.sh
          • 
-
        
-
        • 
-
      
-
      In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16
      
-
        
-
      • 
-
        Check version thrift
        
-
          
-
        • 
-
          $ thrift --version
          
-
          • 
-
        • 
-
          Output:
          
-
          • 
-
        
-
            Thrift version 0.16.0
-
          
-
        • Install Thrift successfully
          • 
-
        
-
        • 
-
      
-
      3.6 Config properties files with Sw360 (sw360 17.0.0)
      
-
        
-
      • 
-
        Create folder sw360 in path /etc/
        
-
          
-
        • sudo mkdir sw360
          • 
-
        
-
        • 
-
      • 
-
        Create 2 folder authorization and rest in path /etc/sw360
        
-
          
-
        • sudo mkdir authorization
          • 
-
        • sudo mkdir rest
          • 
-
        
-
        • 
-
      • 
-
        Create file application.yml in path /etc/sw360/authorizaton with content:
        
-
        • 
-
      
-
      #
-# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project.
-#
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-
-# Port to open in standalone mode
-server:
-  port: 8090
-
-# Connection to the couch databases. Will be used to store client credentials
-couchdb:
-  url: http://localhost:5984
-  database: sw360oauthclients
-  # if your couchdb does not use authentication, pls just don't use the settings for username and password
-  username: admin
-  password: password
-
-jwt:
-  secretkey: sw360SecretKey
-
-spring:
-  jackson:
-    serialization:
-      indent_output: true
-
-# Common SW360 properties
-sw360:
-  # The url of the Liferay instance
-  sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
-  # The id of the company in Liferay that sw360 is run for
-  sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101}
-  # Allowed origins that should be set in the header
-  cors:
-    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
-security:
-  # Configuration for enabling authorization via headers, e.g. when using SSO
-  # in combination with a reverse proxy server
-  customheader:
-    headername:
-      # You have to enable authorization by headers explicitly here
-      enabled: false
-      # Attention: please make sure that the proxy is removing there headers
-      # if they are coming from anywhere else then the authentication server
-      intermediateauthstore: custom-header-auth-marker
-      email: authenticated-email
-      extid: authenticated-extid
-      # also available - at least in saml pre auth - are "givenname", "surname" and "department"
-
-  oauth2:
-    resource:
-      id: sw360-REST-API
-
        
-
      • Create file application.yml in path /etc/sw360/rest with content:
        • 
-
      
-
      #
-# Copyright Siemens AG, 2017. Part of the SW360 Portal Project.
-# Copyright Bosch.IO GmbH 2020
-#
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-
-server:
-  port: 8091
-
-management:
-  endpoints:
-    enabled-by-default: false
-    web:
-      base-path:
-  endpoint:
-    health:
-      enabled: true
-      show-details: always
-    info:
-      enabled: true
-    web:
-      base-path: /
-
-spring:
-  servlet:
-    multipart:
-      max-file-size: 500MB
-      max-request-size: 600MB
-
-# logging:
-#   level:
-#     org.springframework.web: DEBUG
-
-security:
-  oauth2:
-    resource:
-      id: sw360-REST-API
-      jwt:
-        keyValue: |
-          -----BEGIN PUBLIC KEY-----
-          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
-          VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
-          6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
-          5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
-          9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
-          d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
-          PQIDAQAB
-          -----END PUBLIC KEY-----
-
-sw360:
-  thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
-  test-user-id: admin@sw360.org
-  test-user-password: sw360-password
-  couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
-  cors:
-    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
-
        
-
      • Create file couchdb.properties in path /etc/sw360 with content:
        • 
-
      
-
      #
-# Copyright Siemens AG, 2020. Part of the SW360 Portal Project.
-#
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-
-couchdb.url = http://localhost:5984
-couchdb.user = admin
-couchdb.password = password
-couchdb.database = sw360db
-couchdb.usersdb = sw360users
-couchdb.attachments = sw360attachments
-lucenesearch.limit = 10000
-
        
-
      • Create file sw360.properties and /etc/sw360 with content:
        • 
-
      
-
      # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project.
-#
-# This program and the accompanying materials are made
-# available under the terms of the Eclipse Public License 2.0
-# which is available at https://www.eclipse.org/legal/epl-2.0/
-#
-# SPDX-License-Identifier: EPL-2.0
-#
-
-# common property file for the backend services
-backend.url= http://localhost:8080
-
-licenseinfo.spdxparser.use-license-info-from-files=true
-mainline.state.enabled.for.user=false
-
-# settings for the mail utility:
-# if host is not set, e-mailing is disabled
-MailUtil_host=
-MailUtil_from=__No_Reply__@sw360.org
-MailUtil_port=25
-MailUtil_enableStarttls=
-MailUtil_enableSsl=
-MailUtil_isAuthenticationNecessary=
-MailUtil_login=
-MailUtil_password=
-MailUtil_enableDebug=
-MailUtil_supportMailAddress=
-
-# text patterns for mail utility
-defaultBegin = \
-*** This is an automatically generated email, please do not reply. ***\n\n\
-Dear SW360-user,\n\n
-defaultEnd = \
-With best regards,\n\
-SW360-support
-unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify:
-unsubscribeNoticeAfter =. ***
-
-subjectForNewModerationRequest= New moderation request
-subjectForUpdateModerationRequest= Update on moderation request
-subjectForAcceptedModerationRequest= Your moderation request has been accepted
-subjectForDeclinedModerationRequest= Your moderation request has been declined
-subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined
-subjectForNewComponent= New component created
-subjectForUpdateComponent= Component updated
-subjectForNewRelease= New release created
-subjectForUpdateRelease= Release updated
-subjectForNewProject= New project created
-subjectForUpdateProject= Project updated
-subjectForNewClearingRequest= New clearing request <%s> for Project <%s>
-subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s>
-subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s>
-subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s>
-subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s>
-subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated
-
-textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n
-textForUpdateModerationRequest= \
-one of the moderation requests previously added to your \
-SW360-account has been updated.\n\n
-textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n
-textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n
-textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n
-textForNewComponent= a new component %s, in which you take part, has been created.\n\n
-textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n
-textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n
-textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n
-textForNewProject= a new project %s %s, in which you take part, has been created.\n\n
-textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n
-textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n
-textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n
-#attachment.store.file.system.location=/opt/sw360tempattachments
-#enable.attachment.store.to.file.system=false
-#attachment.store.file.system.permission=rwx------
-#attachemnt.delete.no.of.days=30
-
-#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder.
-#sw360changelog.config.file.location=/etc/sw360/log4j2.xml
-enable.sw360.change.log=false
-sw360changelog.output.path=sw360changelog/sw360changelog
-
        
-
      • Configure the sw360ChangeLog path
        • 
-
      
-
      1. Create log4j2.xml file
      
-
-
      <?xml version="1.0" encoding="UTF-8"?>
-<!--
-~ Copyright (c) Bosch.IO GmbH 2020.
-~
-~ All rights reserved. This program and the accompanying materials
-~ are made available under the terms of the Eclipse Public License v2.0
-~ which accompanies this distribution, and is available at
-~ http://www.eclipse.org/legal/epl-v20.html
-~
-~ SPDX-License-Identifier: EPL-2.0
--->
-<Configuration status="WARN">
-    <Appenders>
-        <Console name="Console" target="SYSTEM_OUT">
-            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n"/>
-        </Console>
-        <!-- environment variables can be set in the format of "$ {env: LOG_ROOT}" -->
-        <RollingFile name="ChangeLogFile" fileName="${env:FILE_PATH}/sw360changelog.log"
-                filePattern="${env:FILE_PATH}/sw360changelog-%d{yyyy-MM-dd}-%i.log" >
-            <PatternLayout pattern="%m%n"/>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="10MB" />
-            </Policies>
-            <DefaultRolloverStrategy max="10"/>
-        </RollingFile>
-    </Appenders>
-    <Loggers>
-        <Logger name="org.eclipse.sw360" level="info"/>
-         <Logger name="sw360changelog" level="debug" >
-            <AppenderRef ref="ChangeLogFile" />
-        </Logger>
-        <Logger name="org.eclipse.sw360" level="debug" additivity="false">
-            <AppenderRef ref="Console"/>
-        </Logger>
-        <Root level="warn">
-            <AppenderRef ref="ChangeLogFile"/>
-        </Root>
-    </Loggers>
-</Configuration>
-
        
-
      • 
-
        Set the environment variable for the changelog directory (${env:FILE_PATH}/sw360changelog.log)
        
-
          
-
        • 
-
          Create Folder sw360changelog in var/log/:
          
-
            
-
          • $ sudo mkdir sw360changelog 
            • 
-
          
-
          • 
-
        • 
-
          If /var/log/sw360changelog folder requires permission, set permission for this folder:
          
-
            
-
          • $ sudo chown -R $USER:$USER /var/log/sw360changelog
            • 
-
          
-
          • 
-
        • 
-
          $ export FILE_PATH=/var/log/sw360changelog
          
-
          • 
-
        
-
        • 
-
      • 
-
        NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable
        
-
        • 
-
      
-
      2. Enable changelog config
      
-
      Add the following lines to the sw360.properties file (or uncomment if they are existing)
      
-
        
-
      • sw360changelog.config.file.location=/etc/sw360/log4j2.xml
        • 
-
      • enable.sw360.change.log=true
        • 
-
      
-
      3. Compile and deploy
      
-
        
-
      • 
-
        Set sw360.liferay.company.id = 20099 in sw360.properties file
        
-
        • 
-
      • 
-
        Set the environment variable for the LIFERAY_INSTALL directory
        
-
          
-
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
          • 
-
        
-
        • 
-
      • 
-
        Note: Should add -DskipTests when building sw360 to avoid test data write to log file
        
-
        • 
-
      • 
-
        To clean everything and install without running the tests
        
-
          
-
        • $ mvn clean install -DskipTests
          • 
-
        
-
        • 
-
      • 
-
        For deployment, run the command
        
-
          
-
        • $ cd /home/user/work/sw360
          • 
-
        • $ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests
          • 
-
        
-
        • 
-
      
-
      4. Start and configure Liferay
      
-
        
-
      • 
-
        Set the environment variable for the LIFERAY_INSTALL directory
        
-
          
-
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
          • 
-
        
-
        • 
-
      • 
-
        Start liferay
        
-
          
-
        • $ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh
          • 
-
        
-
        • 
-
      • 
-
        Log
        
-
          
-
        • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*
          • 
-
        
-
        • 
-
      • 
-
        SW360 URL: https://localhost:8080
        
-
        • 
-
      
-
      5. How to check the logs
      
-
        
-
      • Edit (update) a project, component, or release in SW360.
        • 
-
      • Then check the logs in ${FILE_PATH}/sw360changelog/sw360changelog.log file
-\
        • 
-
      
-
      3.7 Compile and deploy
      
-
        
-
      • Start Database
        • 
-
      • Turn on the CouchDB and Postgres services
        • 
-
      
-
      $ sudo systemctl start couchdb.service
-$ sudo systemctl start postgres@@12-main.service
-
        
-
      • Check if both are running:
        • 
-
      
-
      $ sudo systemctl status couchdb.service
-$ sudo systemctl status postgres@@12-main.service
-
        
-
      • You should be able to see something like this:
        • 
-
      
-
      ... systemd[1]: Started PostgreSQL Cluster 12-main.
-...
-... halt systemd[1]: Started Apache CouchDB.
-
        
-
      • 
-
        install python and pip
        
-
          
-
        • $ sudo apt-get install python3 -y
          • 
-
        • $ sudo -E apt-get install python3-pip -y
          • 
-
        
-
        • 
-
      • 
-
        install mkdocs
        
-
          
-
        • Without proxy:
-
            
-
          • $ sudo -E pip3 install mkdocs
            • 
-
          • $ sudo -E pip3 install mkdocs-material
            • 
-
          
-
          • 
-
        • Via proxy:
-
            
-
          • $ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs
            • 
-
          • $ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material
            • 
-
          
-
          • 
-
        
-
        • 
-
      • 
-
        Set Environment for ${LIFERAY_INSTALL}
        
-
          
-
        • $ cd /home/user/work/sw360
          • 
-
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
          • 
-
        
-
        • 
-
      
-
        
-
      1. 
-
        To clean everything and  install without running the tests
        
-
          
-
        • $ mvn clean install -DskipTests 
          • 
-
        
-
        2. 
-
      2. 
-
        For deployment run the command
        
-
          
-
        • mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false
          • 
-
        
-
        3. 
-
      
-
      3.7.1 Start and Configure Liferay
      
-
        
-
      • 
-
        Set Environment for ${LIFERAY_INSTALL}
        
-
          
-
        • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18
          • 
-
        
-
        • 
-
      • 
-
        After run command “mvn clean install -DskipTests” above, copy dependency in folder /home/user/work/sw360/utils/jars to  ${LIFERAY_INSTALL}/osgi/modules
        
-
          
-
        • $ cd /home/user/work/sw360/utils/jars
          • 
-
        • $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/
          • 
-
        
-
        • 
-
      • 
-
        We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.
        
-
          
-
        • $ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh
          • 
-
        • $ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/
          • 
-
        
-
        • 
-
      • 
-
        Start liferay
        
-
          
-
        • $ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh
          • 
-
        
-
        • 
-
      • 
-
        Log
        
-
          
-
        • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out
          • 
-
        
-
        • 
-
      • 
-
        Url SW360 : https://localhost:8080
        
-
        • 
-
      
-
      3.7.2 Configure Liferay Portal
      
-
-
        
-
      • 
-
        Import users
        
-
          
-
        1. Open the panel on the left side by clicking the button on the top left.
          2. 
-
        2. Click on SW360 on the top right to go to the homepage.
          3. 
-
        3. Click on Start inside the “Welcome” section.
          4. 
-
        4. Go to Admin -> User (URL: /group/guest/users).
          5. 
-
        5. Scroll down to section UPLOAD USERS, select a user file from the very
-beginning and click Upload Users on the right side. A user file can be found here in the sw360vagrant project
-* Download: $ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv
          6. 
-
        
-
        • 
-
      • 
-
        Setup liferay:
        
-
        • 
-
      
-
      After successful , Then if you open the server with the URL https://localhost:8080/ the following screen should appear:
      
-
-
      
-     
-
      
-
-
      Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.
      
-
-
      
-     
-
      
-
-
      After login the sw360 is not setup, thus the server does not display much, but a screen like the following:
      
-
-
      
-     
-
      
-
-
      User and Login Settings in Liferay
      
-
      Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:
      
-
-
      
-     
-
      
-
-
      Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.
      
-
-
      
-     
-
      
-
-
      Then, go: in Configuration >  Instance Settings > Users >
      
-
-
      
-     
-
      
-
-
      In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:
      
-
-
      
-     
-
      
-
-
      Then, in Configuration >  Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.
      
-
-
      
-     
-
      
-
-
      Finally, sice Liferay 7.4 some of the bundled modules need to be activated:
      
-
        
-
      • jquery
        • 
-
      • font awesome
        • 
-
      
-
      In oder to do this, please select from the Configuration >  System Settings > Third Party and go to jquery, select the enablement and click on Update:
      
-
-
      
-     
-
      
-
-
      Do the same for Font Awesome:
      
-
-
      
-     
-
      
-
-
      Note that you need to reload the browser or load a new browser window to take changes to effect.
      
-
      Setup SW360 for Liferay: Import *.lar Files
      
-
      For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.
      
-
      In order to go ahead, switch to the SW360 area where you can apply site settings:
      
-
-
      
-     
-
      
-
-
      The go into >  Publishing > Import which shows like this:
      
-
-
      
-     
-
      
-
-
      Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.
      
-
-
      
-     
-
      
-
-
      As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.
      
-
-
      
-     
-
      
-
-
      Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.
      
-
      After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.
      
-
-
      
-     
-
      
-
-
      Make sure that Private_Pages_7_4_3_18_GA18.lar  is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …
      
-
-
      
-     
-
      
-
-
      If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:
      
-
-
      
-     
-
      
-
-
      You can close the left menu area by clicking on the upper left icon:
      
-
-
      
-     
-
      
-
-
      Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.
      
-
      Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.
      
-
-
      
-     
-
      
-
-
      Import User Accounts for Testing
      
-
      Click the SW360 Admin menu which is_the right and selection the User item.
      
-
-
      
-     
-
      
-
-
      At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a user account import file to import in the sw360vagrant project in the folder shared. After the user have been imported successfully, they should appear in the table view.
      
-
-
      
-     
-
      
-
-
      After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):
      
-
-
      
-     
-
      
-
-
      Real Login
      
-
      One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.
      
-
-
      
-     
-
      
-
-
      After the successful login, SW360 will look as follows.
      
-
-
      
-     
-
      
-
-
      3.8 Version Management Table (sw360 17.0.0)
      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
      Package NameVersion
      Liferay7.4.3.18
      Tomcat9.0.56
      Couchdb3.2.2
      Open JDK11.0.15
      Thrift0.16.0
      SW36017.0.0
      
-
      References for more information
      
-
-
      License
      
-
      [SPDX-License-Identifier: EPL-2.0]
      
-
-	
-	
-	
      
-  Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
-
      
-
-
      
-
-
-          
      
-        
      
-      
      
-      
-
-
-    
      
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+

    • Add lines to setup Postgres. Change jdbc.default.username, jdbc.default.password

        # Postgres configuration
+    jdbc.default.driverClassName=org.postgresql.Driver
+    jdbc.default.url=jdbc:postgresql://localhost:5432/lportal
+    jdbc.default.username=${postgres_user}
+    jdbc.default.password=${postgres_password}
+
    • Add lines to setup passsword policies
        # Passsword policies
+    passwords.default.policy.change.required=false
+    company.security.send.password.reset.link=false
+    company.security.auto.login=false
+    company.security.auth.type=emailAddress
+    company.security.strangers=false
+    company.security.strangers.with.mx=false
+    company.security.strangers.verify=false
+

    • Remove files in folder hypersonic with path: /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic

      • $ rm -rf /home/user/work/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*

    • Move folder liferay-ce-portal-7.4.3.18-ga18 to /opt

      • $ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt

    3.2 Install Database

    3.2.1 Install Couch DB

    • To install from aptitute type:
    $ sudo apt update
+$ sudo apt install -y couchdb
+

    • You may refer to the bottom Native Installation 14 version CouchDB manual configuration for setting credentials.

    • After, run CouchDb service, check if it’s working:

    $ sudo systemctl start couchdb.service
+
    • Check if CouchDB is responding:
    $ curl localhost:5984
+
    • This should return json containing version information
    • You can use “start/stop/status/restart” command with systemctl for controlling CouchDB service.

    Install Couchdb Lucene

    • SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene

    • Run command download Couchdb Lucene

      • wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz

    • Note extract couchdb-lucene to folder work with path of work: /home/user/work

      • tar -xzf couchdb-lucene.tar.gz

    • Run command:

      • cd couchdb-lucene-2.1.0
      • sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini
      • sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini
      • wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch
      • patch -p1 < couchdb-lucene.patch
      • mvn clean install war:war
      • cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war

    3.2.2 Install PostgreSQL

    • Install PostgerSQL manually, you can install through “apt install” too:
    $ sudo apt install zlib1g-dev -y
+$ sudo apt install libreadline-dev -y
+$ wget https://download.postgresql.org/pub/source/v10.14/postgresql-10.14.tar.gz
+$ tar -xvf postgresql-10.14.tar.gz 
+$ cd postgresql-10.14/
+$ mkdir -p  /PATH_TO/sw360postgres
+$ ./configure -prefix=/PATH_TO/sw360postgres
+$ make
+$ sudo make install
+
    • Set the paths for Postgres in the .bashrc otherwise you have to export them each time. Use same procedure as before in 3rd step.
    $ vim ~/.bashrc
+
    • Got to the end of the .bashrc file and add following lines, make sure to add correct paths of previously configured sw360postgres. Here $HOME is the absolute path of your user, such as “/home/username”:
    $ export PATH=$HOME/sw360postgres/bin:$PATH
+$ export PGDATA=$HOME/sw360postgres/data
+$ export LD_LIBRARY_PATH=$HOME/sw360postgres/lib
+$ export PGPORT=5432
+
    • Check if paths have been set, result must be the absolute paths:
    $ echo $PATH
+$ echo $PGDATA
+$ echo $LD_LIBRARY_PATH
+$ echo $PGPORT
+
    • After paths are set, postgres service can be run:
    $  cd /PATH_TO/sw360postgres/bin
+$ ./initdb --encoding=UTF8 --no-locale
+$ ./pg_ctl start
+
    • You will see that the server has started.
    • Note: If you installed through “apt install” then start the postgres service by following command, where after @ comes the installed version, if postgres isn’t running you won’t be able to connect to the server, and the error message is not explaining well that server isn’t actually running at the moment:
    sudo systemctl status postgresql@12-main.service
+sudo systemctl start postgresql@12-main.service
+
    • Postgres will create an user with username ${ubuntu_user} (username login to ubuntu)
    • Use theses command to change password of user ${ubuntu_user} in postgres sql.
    $ psql postgres
+postgres=# \du
+postgres=# create database lportal;
+postgres=# ALTER USER ${ubuntu_user} WITH PASSWORD 'sw360fossy';
+postgres=# ALTER ROLE ${ubuntu_user} with superuser;
+postgres=# \q
+
    • Connect to postgres shell, and check users information
    $ psql -d lportal
+# \du
+# \dt
+# \l
+
    • Follow these detailed instructions:
    [https://github.com/cve-search/cve-search/blob/master/docs/source/getting_started/installation.rst]
+
    • To connect it to SW360, see following instructions:
    https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/
+
    Notes:
    • In the instruction be careful with setting apt link for mongodb, if somehow it destroys your “sudo apt update” command, go to “/etc/apt/sources.list” file and comment out the broken line, that’s probably the one you lately added at the end of the file. This happens because some PPA are outdated but remain in the instructions.

    3.4 Clone sw360 with version 17.0.0

    • Clone sw360 source code to folder work with path: /home/user/work

      • $ git clone https://github.com/eclipse/sw360

    • Checkout to tag 17.0.0 version

      • $ cd sw360
      • $ git checkout sw360-17.0.0-M1

    • export path to repository sw360

      • $ export SW360_REPOSITORY=/home/user/work/sw360

    3.5 Install Thrift version 0.16

    • For thrift, we need version 0.16. The installation script in Path: ${SW360_REPOSITORY}/scripts/install-thrift.sh

    • Run command to install libraries:

      • $ sudo apt-get install -y clang-tidy
      • $ sudo apt-get install flex
      • $ sudo apt-get install -y clang-tools
      • $ sudo apt-get install bison
      • $ sudo apt-get install cmake

    • Run command:

      • $ chmod +x install-thrift.sh
      • $ sudo ./install-thrift.sh

    In case there is thrift in the package management of the OS you re running on, just make sure, you have version 0.16

    • Check version thrift

      • $ thrift --version

      • Output:

          Thrift version 0.16.0
+
      • Install Thrift successfully

    3.6 Config properties files with Sw360 (sw360 17.0.0)

    • Create folder sw360 in path /etc/

      • sudo mkdir sw360

    • Create 2 folder authorization and rest in path /etc/sw360

      • sudo mkdir authorization
      • sudo mkdir rest

    • Create file application.yml in path /etc/sw360/authorizaton with content:

    #
+# Copyright Siemens AG, 2017, 2019. Part of the SW360 Portal Project.
+#
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+# Port to open in standalone mode
+server:
+  port: 8090
+
+# Connection to the couch databases. Will be used to store client credentials
+couchdb:
+  url: http://localhost:5984
+  database: sw360oauthclients
+  # if your couchdb does not use authentication, pls just don't use the settings for username and password
+  username: admin
+  password: password
+
+jwt:
+  secretkey: sw360SecretKey
+
+spring:
+  jackson:
+    serialization:
+      indent_output: true
+
+# Common SW360 properties
+sw360:
+  # The url of the Liferay instance
+  sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}
+  # The id of the company in Liferay that sw360 is run for
+  sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20101}
+  # Allowed origins that should be set in the header
+  cors:
+    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
+security:
+  # Configuration for enabling authorization via headers, e.g. when using SSO
+  # in combination with a reverse proxy server
+  customheader:
+    headername:
+      # You have to enable authorization by headers explicitly here
+      enabled: false
+      # Attention: please make sure that the proxy is removing there headers
+      # if they are coming from anywhere else then the authentication server
+      intermediateauthstore: custom-header-auth-marker
+      email: authenticated-email
+      extid: authenticated-extid
+      # also available - at least in saml pre auth - are "givenname", "surname" and "department"
+
+  oauth2:
+    resource:
+      id: sw360-REST-API
+
    • Create file application.yml in path /etc/sw360/rest with content:
    #
+# Copyright Siemens AG, 2017. Part of the SW360 Portal Project.
+# Copyright Bosch.IO GmbH 2020
+#
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+server:
+  port: 8091
+
+management:
+  endpoints:
+    enabled-by-default: false
+    web:
+      base-path:
+  endpoint:
+    health:
+      enabled: true
+      show-details: always
+    info:
+      enabled: true
+    web:
+      base-path: /
+
+spring:
+  servlet:
+    multipart:
+      max-file-size: 500MB
+      max-request-size: 600MB
+
+# logging:
+#   level:
+#     org.springframework.web: DEBUG
+
+security:
+  oauth2:
+    resource:
+      id: sw360-REST-API
+      jwt:
+        keyValue: |
+          -----BEGIN PUBLIC KEY-----
+          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy
+          VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+
+          6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ
+          5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg
+          9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da
+          d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ
+          PQIDAQAB
+          -----END PUBLIC KEY-----
+
+sw360:
+  thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080}
+  test-user-id: admin@sw360.org
+  test-user-password: sw360-password
+  couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984}
+  cors:
+    allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}}
+
    • Create file couchdb.properties in path /etc/sw360 with content:
    #
+# Copyright Siemens AG, 2020. Part of the SW360 Portal Project.
+#
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+couchdb.url = http://localhost:5984
+couchdb.user = admin
+couchdb.password = password
+couchdb.database = sw360db
+couchdb.usersdb = sw360users
+couchdb.attachments = sw360attachments
+lucenesearch.limit = 10000
+
    • Create file sw360.properties and /etc/sw360 with content:
    # Copyright Siemens AG, 2016-2017. Part of the SW360 Portal Project.
+#
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+# common property file for the backend services
+backend.url= http://localhost:8080
+
+licenseinfo.spdxparser.use-license-info-from-files=true
+mainline.state.enabled.for.user=false
+
+# settings for the mail utility:
+# if host is not set, e-mailing is disabled
+MailUtil_host=
+MailUtil_from=__No_Reply__@sw360.org
+MailUtil_port=25
+MailUtil_enableStarttls=
+MailUtil_enableSsl=
+MailUtil_isAuthenticationNecessary=
+MailUtil_login=
+MailUtil_password=
+MailUtil_enableDebug=
+MailUtil_supportMailAddress=
+
+# text patterns for mail utility
+defaultBegin = \
+*** This is an automatically generated email, please do not reply. ***\n\n\
+Dear SW360-user,\n\n
+defaultEnd = \
+With best regards,\n\
+SW360-support
+unsubscribeNoticeBefore =\n\n*** If you do not wish to receive mails from SW360, please notify:
+unsubscribeNoticeAfter =. ***
+
+subjectForNewModerationRequest= New moderation request
+subjectForUpdateModerationRequest= Update on moderation request
+subjectForAcceptedModerationRequest= Your moderation request has been accepted
+subjectForDeclinedModerationRequest= Your moderation request has been declined
+subjectForDeclinedUserModerationRequest= Your request for a SW360 user account has been declined
+subjectForNewComponent= New component created
+subjectForUpdateComponent= Component updated
+subjectForNewRelease= New release created
+subjectForUpdateRelease= Release updated
+subjectForNewProject= New project created
+subjectForUpdateProject= Project updated
+subjectForNewClearingRequest= New clearing request <%s> for Project <%s>
+subjectForClearingRequestComment= New comment added in clearing request <%s> for Project <%s>
+subjectForUpdatedClearingRequest= Your clearing request <%s> has been updated for Project <%s>
+subjectForClosedClearingRequest= Your clearing request <%s> has been closed for Project <%s>
+subjectForRejectedClearingRequest= Your clearing request <%s> has been rejected for Project <%s>
+subjectForUpdatedProjectWithClearingRequest= Project <%s> with clearing request <%s> updated
+
+textForNewModerationRequest= a new moderation request has been added to your SW360-account.\n\n
+textForUpdateModerationRequest= \
+one of the moderation requests previously added to your \
+SW360-account has been updated.\n\n
+textForAcceptedModerationRequest= your moderation request to change the %s %s has been accepted by one of the moderators.\n\n
+textForDeclinedModerationRequest= your moderation request to change the %s %s has been declined by one of the moderators.\n\n
+textForDeclinedUserModerationRequest= your request for a SW360 user account has been declined by one of the administrators.\n\n
+textForNewComponent= a new component %s, in which you take part, has been created.\n\n
+textForUpdateComponent= the component %s, in which you take part, has been updated.\n\n
+textForNewRelease= a new release %s %s, in which you take part, has been created.\n\n
+textForUpdateRelease= the release %s %s, in which you take part, has been updated.\n\n
+textForNewProject= a new project %s %s, in which you take part, has been created.\n\n
+textForUpdateProject= the project %s %s, in which you take part, has been updated.\n\n
+textForClosedClearingRequest= your clearing request with id: %s for the project %s has been closed by the clearing team.\n\n
+textForRejectedClearingRequest= your clearing request with id: %s for the project %s has been rejected by the clearing team.\n\n
+#attachment.store.file.system.location=/opt/sw360tempattachments
+#enable.attachment.store.to.file.system=false
+#attachment.store.file.system.permission=rwx------
+#attachemnt.delete.no.of.days=30
+
+#Uncomment the below file location if the log4j2.xml file is placed inside etc/sw360 folder.
+#sw360changelog.config.file.location=/etc/sw360/log4j2.xml
+enable.sw360.change.log=false
+sw360changelog.output.path=sw360changelog/sw360changelog
+
    • Configure the sw360ChangeLog path

    1. Create log4j2.xml file

    <?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright (c) Bosch.IO GmbH 2020.
+~
+~ All rights reserved. This program and the accompanying materials
+~ are made available under the terms of the Eclipse Public License v2.0
+~ which accompanies this distribution, and is available at
+~ http://www.eclipse.org/legal/epl-v20.html
+~
+~ SPDX-License-Identifier: EPL-2.0
+-->
+<Configuration status="WARN">
+    <Appenders>
+        <Console name="Console" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n"/>
+        </Console>
+        <!-- environment variables can be set in the format of "$ {env: LOG_ROOT}" -->
+        <RollingFile name="ChangeLogFile" fileName="${env:FILE_PATH}/sw360changelog.log"
+                filePattern="${env:FILE_PATH}/sw360changelog-%d{yyyy-MM-dd}-%i.log" >
+            <PatternLayout pattern="%m%n"/>
+            <Policies>
+                <SizeBasedTriggeringPolicy size="10MB" />
+            </Policies>
+            <DefaultRolloverStrategy max="10"/>
+        </RollingFile>
+    </Appenders>
+    <Loggers>
+        <Logger name="org.eclipse.sw360" level="info"/>
+         <Logger name="sw360changelog" level="debug" >
+            <AppenderRef ref="ChangeLogFile" />
+        </Logger>
+        <Logger name="org.eclipse.sw360" level="debug" additivity="false">
+            <AppenderRef ref="Console"/>
+        </Logger>
+        <Root level="warn">
+            <AppenderRef ref="ChangeLogFile"/>
+        </Root>
+    </Loggers>
+</Configuration>
+

    • Set the environment variable for the changelog directory (${env:FILE_PATH}/sw360changelog.log)

      • Create Folder sw360changelog in var/log/:

        • $ sudo mkdir sw360changelog

      • If /var/log/sw360changelog folder requires permission, set permission for this folder:

        • $ sudo chown -R $USER:$USER /var/log/sw360changelog

      • $ export FILE_PATH=/var/log/sw360changelog

    • NOTE: I suggest the path ${env:FILE_PATH} to use LIFERAY_INSTALL env variable

    2. Enable changelog config

    Add the following lines to the sw360.properties file (or uncomment if they are existing)

    • sw360changelog.config.file.location=/etc/sw360/log4j2.xml
    • enable.sw360.change.log=true

    3. Compile and deploy

    • Set sw360.liferay.company.id = 20099 in sw360.properties file

    • Set the environment variable for the LIFERAY_INSTALL directory

      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18

    • Note: Should add -DskipTests when building sw360 to avoid test data write to log file

    • To clean everything and install without running the tests

      • $ mvn clean install -DskipTests

    • For deployment, run the command

      • $ cd /home/user/work/sw360
      • $ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -DskipTests

    4. Start and configure Liferay

    • Set the environment variable for the LIFERAY_INSTALL directory

      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18

    • Start liferay

      • $ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh

    • Log

      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/*

    • SW360 URL: https://localhost:8080

    5. How to check the logs

    • Edit (update) a project, component, or release in SW360.
    • Then check the logs in ${FILE_PATH}/sw360changelog/sw360changelog.log file +\

    3.7 Compile and deploy

    • Start Database
    • Turn on the CouchDB and Postgres services
    $ sudo systemctl start couchdb.service
+$ sudo systemctl start postgres@@12-main.service
+
    • Check if both are running:
    $ sudo systemctl status couchdb.service
+$ sudo systemctl status postgres@@12-main.service
+
    • You should be able to see something like this:
    ... systemd[1]: Started PostgreSQL Cluster 12-main.
+...
+... halt systemd[1]: Started Apache CouchDB.
+

    • install python and pip

      • $ sudo apt-get install python3 -y
      • $ sudo -E apt-get install python3-pip -y

    • install mkdocs

      • Without proxy:
        • $ sudo -E pip3 install mkdocs
        • $ sudo -E pip3 install mkdocs-material
      • Via proxy:
        • $ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs
        • $ sudo -E pip3 install --proxy="http://username:password@hostname:port" mkdocs-material

    • Set Environment for ${LIFERAY_INSTALL}

      • $ cd /home/user/work/sw360
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18

    1. To clean everything and install without running the tests

      • $ mvn clean install -DskipTests

    2. For deployment run the command

      • mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dhelp-docs=true -Dsurefire.failIfNoSpecifiedTests=false

    3.7.1 Start and Configure Liferay

    • Set Environment for ${LIFERAY_INSTALL}

      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.4.3.18-ga18

    • After run command “mvn clean install -DskipTests” above, copy dependency in folder /home/user/work/sw360/utils/jars to ${LIFERAY_INSTALL}/osgi/modules

      • $ cd /home/user/work/sw360/utils/jars
      • $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/

    • We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360.

      • $ sudo rm -rf ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/setenv.sh
      • $ sudo cp /home/user/work/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/

    • Start liferay

      • $ ${LIFERAY_INSTALL}/tomcat-9.0.56/bin/startup.sh

    • Log

      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.56/logs/catalina.out

    • Url SW360 : https://localhost:8080

    3.7.2 Configure Liferay Portal

    • Import users

      1. Open the panel on the left side by clicking the button on the top left.
      2. Click on SW360 on the top right to go to the homepage.
      3. Click on Start inside the “Welcome” section.
      4. Go to Admin -> User (URL: /group/guest/users).
      5. Scroll down to section UPLOAD USERS, select a user file from the very +beginning and click Upload Users on the right side. A user file can be found here in the sw360vagrant project +* Download: $ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv

    • Setup liferay:

    After successful , Then if you open the server with the URL https://localhost:8080/ the following screen should appear:

    Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.

    After login the sw360 is not setup, thus the server does not display much, but a screen like the following:

    User and Login Settings in Liferay

    Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:

    Edit this password policy and disable change Required if you wish to do so. Click on Save_the bottom of the page to save the selection.

    Then, go: in Configuration > Instance Settings > Users >

    In this area, select Default User Associations to enter SW360 and apply it also to existing users. Click on Save to save the selection:

    Then, in Configuration > Instance Settings > User Authentication > General to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.

    Finally, sice Liferay 7.4 some of the bundled modules need to be activated:

    • jquery
    • font awesome

    In oder to do this, please select from the Configuration > System Settings > Third Party and go to jquery, select the enablement and click on Update:

    Do the same for Font Awesome:

    Note that you need to reload the browser or load a new browser window to take changes to effect.

    Setup SW360 for Liferay: Import *.lar Files

    For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

    In order to go ahead, switch to the SW360 area where you can apply site settings:

    The go into > Publishing > Import which shows like this:

    Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

    As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

    Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

    After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

    Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

    If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:

    You can close the left menu area by clicking on the upper left icon:

    Click Start to open the private pages. You are still logged in, so the setup account is used to view the pages.

    Important The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.

    Import User Accounts for Testing

    Click the SW360 Admin menu which is_the right and selection the User item.

    At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a user account import file to import in the sw360vagrant project in the folder shared. After the user have been imported successfully, they should appear in the table view.

    After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):

    Real Login

    One example user is user@sw360.org with the password 12345. Note that in the import file with the example accounts, the password is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.

    After the successful login, SW360 will look as follows.

    3.8 Version Management Table (sw360 17.0.0)

    Package NameVersion
    Liferay7.4.3.18
    Tomcat9.0.56
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.16.0
    SW36017.0.0

    References for more information

    License

    [SPDX-License-Identifier: EPL-2.0]

    Last modified April 9, 2024: feat(content): Rearrange content to avois deployment mistakes (a23d9ae)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html b/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html index 4a62dac..bc8c9a1 100644 --- a/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html +++ b/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html @@ -1,1051 +1,149 @@ - - - - - - - - - - - - - - - - - - - - -Liferay 7.3 and Java 11 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Liferay 7.3 and Java 11

    -
    Upgrading previous sw360 instances to Liferay 7.3.x and Java 11
    -
    - - - - - - - - - - - - - -
    -

    Introduction

    -

    We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases.

    -

    With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the https://github.com/sw360/sw360vagrant project.

    -

    So the update covers the following:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    origntarget
    Ubuntu 16.04 LTSUbuntu 18.04 LTS
    CoucbdDB 1.X (comes with Ubuntu)CouchDB 2.X (not with Ubuntu anymore)
    Postgresql 9.X (comes with Ubuntu)Postgresql 10.X (comes with Ubuntu)
    OpenJDK 8 (comes with Ubuntu)openJDK 11 (comes with Ubuntu)
    Apache Thrift 0.11/0.12Apache Thrift 0.13
    -

    Overview

    -

    The upgrade consists of quite some tasks, as an overview:

    -
      -
    1. Make a backup
      2. -
    2. Execute sw360 migration scripts
      3. -
    3. Linux release upgrade
      4. -
    4. Java 11
      5. -
    5. Postgresql
      6. -
    6. CouchDB 2.X
      7. -
    7. Thrift to 0.13
      8. -
    8. Liferay ce 7.3.3
      9. -
    9. Copy your existing portal-ext.properties to now liferay_install location
      10. -
    10. copy from old liferay installation the data/document_library to the new liferay
      11. -
    11. Adjust /etc/ini.d/tomcat with path of new liferay
      12. -
    12. Adjust $liferay_install variable
      13. -
    13. add Java prerequisites to OSGi container
      14. -
    14. Update couchdb-lucene
      15. -
    15. Deploy new version of sw360
      16. -
    16. Adjust Liferay
      17. -
    -

    Initial steps

    -

    In order to “calibrate the system” just run the update / upgrade cycle once:

    -

    # sudo apt update

    -

    # sudo apt upgrade

    -

    Keeping More Settings Files

    -

    apache.conf: Keep also the mod security conf files that are asked to update during installation

    -

    sshd: Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe.

    -

    Maven: if you change Maven, for example with your proxy settings, keep it too.

    -

    In general, whenever there is functionality you need, consider keeping existing settings files.

    -

    Ubuntu Release Upgrade

    -

    There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files.

    -

    # sudo do-release-upgrade

    -

    Answer “yes” for the download of packages and also confirm the update of the glibc, of course. Update the system.conf(install maintainer’s version), depending on if you actually edited this. Some for sysctl.conf.

    -

    Migration of PostgreSQL

    -

    The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed:

    -

    sudo apt list postgre* --installed

    -

    Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10:

    -

    sudo apt install postgresql-10

    -

    Then, apply the instruction to update from 9.5 to 10.0 from this page: https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04

    -
    # service postgresql stop
-...
-# pg_dropcluster --stop 10 main
-...
-# pg_upgradecluster -m upgrade 9.5 main
-...
-# pg_dropcluster 9.5 main --stop
-...
-# apt-get autoremove --purge postgresql-9.5 
-...
-# service postgresql start
-

    (note that # means you need to be root or execute with sudo)

    -

    Migration of CouchDB

    -

    CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing:

    -

    curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -

    -

    The add the repo to the sources:

    -

    echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list

    -

    Then, add its contents to the package database by updating apt:

    -

    sudo apt-get update -y

    -

    Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first.

    -

    sudo apt-get install -y couchdb=2.1.2~bionic

    -

    The installer will ask a couple of questions:

    -
      -
    1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
      2. -
    2. Admin user: Warning The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in couchdb.properties and place it centrally in /etc/sw360
      3. -
    3. Migration: yes you need to use couchup for migrating the databases
      4. -
    -

    In case you added an admin and need to remove it, try:

    -

    curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin

    -

    where the two occurrences admin is the name of the admin user in the URL, whatever the user was called.

    -

    Migration of CouchDB Databases

    -

    As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use.

    -

    CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are:

    - -

    For some reason after installation, the couchuputility is not part of the path, so execute:

    -

    /opt/couchdb/bin/couchup list

    -

    It lists all DBs found. The go ahead with:

    -

    /opt/couchdb/bin/couchup replicate -a

    -

    It should replicate all databases in /var/lib/couchdb. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience:

    -
      -
    1. The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like.
      2. -
    2. The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: /opt/couchdb/bin/couchup replicate -a --timeout==10000 (with almost infinite timeout here)
      3. -
    3. On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in /opt/couchdb/etc/default.ini and good success with this.
      4. -
    -

    Update Thrift

    -

    For thrift, we need version 0.13. The installation script scripts/install-thrift.shallows for uninstalling old versions:

    -

    sudo ./install-thrift.sh --uninstall

    -

    and then install

    -

    sudo ./install-thrift.sh

    -

    From OpenJDK 8 to OpenJDK 11

    -

    First check, what is installed.

    -

    # sudo apt list openjdk* --installed

    -

    Then you could check what is available:

    -

    # sudo apt list openjdk*

    -

    It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11:

    -
    sudo apt remove openjdk-8-jdk
-sudo apt remove openjdk-8-jre
-sudo apt remove openjdk-8-jdk-headless
-sudo apt remove openjdk-8-jre-headless
-

    check if nothing is installed:

    -

    # sudo apt list openjdk* --installed

    -

    Then install the openjdk-11-jdk:

    -

    # sudo apt install openjdk-11-jdk

    -

    Then the $JAVA_HOME needs to be updated, most likely it is defined in /etc/environment. Please check for your installation how to set the $JAVA_HOME correctly.

    -

    Updating Liferay

    -

    Download Liferay from this link

    -

    https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz

    -

    and unpack it, ideally in the /opt directory, so resulting path would look like liferay-ce-portal-7.3.3-ga4.

    -

    Then, you need to update the $LIFERAY_INSTALL in /etc/environment from LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ to LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.

    -

    First, you will need to copy the portal-ext.properties from the old liferay folder to the new liferay folder (or new $LIFERAY_HOME):

    -

    # cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties

    -

    Migration of existing database

    -

    For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in $LIFERAY_HOME/ tools/portal-tools-db-upgrade-client. From there the following files needs to be adapted:

    -
      -
    • app-server.properties: most likely uncomment tomcat, because we re using liferay with tomcat.
      • -
    • portal-upgrade-database.properties: uncomment postgresql section and add database user, default from installation is liferay/liferay, or it is stored in portal-ext.properties right where the JDBC driver is selected. Please note that your portal-ext.properties file in $LIFERAY_INSTALLcan have the following line include-and-override=/etc/sw360/portal-ext.properties. In this case, consider the portal-ext.propertiesat that location.
      • -
    • portal-upgrade-ext.properties: just the liferay home, you can leave it as it is
      • -
    -

    If everything is done (and the postgresql migration took place), execute:

    -

    # ./db_upgrade.sh

    -

    It should return a battery of INFO log level messages end with:

    -
    Completed Liferay core upgrade process in 96 seconds
-Checking to see if all upgrades have completed... done.
-

    More Migration

    -

    The liferay migration covers apparently only the database, but not the files in the $LIFERAY_HOME/data folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the /old-liferay/data/document_library to the new location. Something like (different pwd …):

    -

    # cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/

    -

    Auto Start

    -

    For auto start, you need an according init.d entry. It could be a file like /etc/init.d/tomcat. The file could be created if not there already, with the following contents:

    -
    #!/bin/bash
-
-### BEGIN INIT INFO
-# Provides:        tomcat7
-# Required-Start:  $network
-# Required-Stop:   $network
-# Default-Start:   2 3 4 5
-# Default-Stop:    0 1 6
-# Short-Description: Start/Stop Tomcat server
-### END INIT INFO
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-start() {
- su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh
-}
-
-stop() {
- su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh
-}
-
-case $1 in
-  start|stop) $1;;
-  restart) stop; start;;
-  *) echo "Run as $0 <start|stop|restart>"; exit 1;;
-esac
-

    Te user siemagrant is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons).

    -

    Adjust Memory

    -

    When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in $LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh should be adapted again.

    -

    Install Prerequisites

    -

    For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed:

    -
    wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar
-mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/
-

    The the existing prerequisites needs to be copied from the osgi/modules from the old liferay installation:

    -
    cp commons-lang-2.4.jar $LIFERAY_HOME/deploy
-cp commons-io-2.6.jar $LIFERAY_HOME/deploy
-cp commons-csv-1.4.jar $LIFERAY_HOME/deploy
-cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy
-cp commons-codec-1.12.jar $LIFERAY_HOME/deploy
-cp commons-logging-1.2.jar $LIFERAY_HOME/deploy
-cp gson-2.8.5.jar $LIFERAY_HOME/deploy
-cp guava-21.0.jar $LIFERAY_HOME/deploy
-cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy
-cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy
-cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy
-

    note that with the commit to sw360-13.0.0-M1 you need also another dependency for apache poi:

    -
    cp commons-compress-1.20.jar $LIFERAY_HOME/deploy
-

    Install Couchdb Lucene

    -

    SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

    -

    Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be couchdb-lucene:

    -

    wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz

    -

    Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:

    -

    https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh

    -

    Please note that the patching issue is well known in the project and it is unclear why it is not merged:

    - -

    Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version.

    -

    Deploy New SW360

    -

    You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using:

    -

    mvn clean install -DskipTests

    -

    This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same:

    -
    mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests
-

    Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

    -
    cd rest
-mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
-

    Final Steps in Liferay

    -

    Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done:

    -
      -
    1. -

      The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in “Control Panerl” -> “Instance Settings” -> “User Authentication” -> ""

      -
      2. -
    2. -

      The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into “Control Panel” -> “System Settings” -> “Thrid Party”. and from then select the two JavaScript components from the left and enable them accordingly.

      -
      3. -
    -

    Known Issues

    -

    Database Availability Right after Update

    -

    Right after updating, the sw360 will not show up data at all, but sometimes nothing or “portlet unavailable”. The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes.

    -

    E-Mail Verification Trap

    -

    Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above).

    - - - -
    - Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Liferay 7.3 and Java 11 | Eclipse SW360 +

    Liferay 7.3 and Java 11

    Upgrading previous sw360 instances to Liferay 7.3.x and Java 11

    Introduction

    We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases.

    With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the https://github.com/sw360/sw360vagrant project.

    So the update covers the following:

    origntarget
    Ubuntu 16.04 LTSUbuntu 18.04 LTS
    CoucbdDB 1.X (comes with Ubuntu)CouchDB 2.X (not with Ubuntu anymore)
    Postgresql 9.X (comes with Ubuntu)Postgresql 10.X (comes with Ubuntu)
    OpenJDK 8 (comes with Ubuntu)openJDK 11 (comes with Ubuntu)
    Apache Thrift 0.11/0.12Apache Thrift 0.13

    Overview

    The upgrade consists of quite some tasks, as an overview:

    1. Make a backup
    2. Execute sw360 migration scripts
    3. Linux release upgrade
    4. Java 11
    5. Postgresql
    6. CouchDB 2.X
    7. Thrift to 0.13
    8. Liferay ce 7.3.3
    9. Copy your existing portal-ext.properties to now liferay_install location
    10. copy from old liferay installation the data/document_library to the new liferay
    11. Adjust /etc/ini.d/tomcat with path of new liferay
    12. Adjust $liferay_install variable
    13. add Java prerequisites to OSGi container
    14. Update couchdb-lucene
    15. Deploy new version of sw360
    16. Adjust Liferay

    Initial steps

    In order to “calibrate the system” just run the update / upgrade cycle once:

    # sudo apt update

    # sudo apt upgrade

    Keeping More Settings Files

    apache.conf: Keep also the mod security conf files that are asked to update during installation

    sshd: Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe.

    Maven: if you change Maven, for example with your proxy settings, keep it too.

    In general, whenever there is functionality you need, consider keeping existing settings files.

    Ubuntu Release Upgrade

    There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files.

    # sudo do-release-upgrade

    Answer “yes” for the download of packages and also confirm the update of the glibc, of course. Update the system.conf(install maintainer’s version), depending on if you actually edited this. Some for sysctl.conf.

    Migration of PostgreSQL

    The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed:

    sudo apt list postgre* --installed

    Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10:

    sudo apt install postgresql-10

    Then, apply the instruction to update from 9.5 to 10.0 from this page: https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04

    # service postgresql stop
+...
+# pg_dropcluster --stop 10 main
+...
+# pg_upgradecluster -m upgrade 9.5 main
+...
+# pg_dropcluster 9.5 main --stop
+...
+# apt-get autoremove --purge postgresql-9.5 
+...
+# service postgresql start
+

    (note that # means you need to be root or execute with sudo)

    Migration of CouchDB

    CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing:

    curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -

    The add the repo to the sources:

    echo "deb https://apache.bintray.com/couchdb-deb bionic main" | sudo tee -a /etc/apt/sources.list

    Then, add its contents to the package database by updating apt:

    sudo apt-get update -y

    Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first.

    sudo apt-get install -y couchdb=2.1.2~bionic

    The installer will ask a couple of questions:

    1. Bind address: for CouchDB and SW360 127.0.0.1 (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.
    2. Admin user: Warning The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in couchdb.properties and place it centrally in /etc/sw360
    3. Migration: yes you need to use couchup for migrating the databases

    In case you added an admin and need to remove it, try:

    curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin

    where the two occurrences admin is the name of the admin user in the URL, whatever the user was called.

    Migration of CouchDB Databases

    As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use.

    CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are:

    For some reason after installation, the couchuputility is not part of the path, so execute:

    /opt/couchdb/bin/couchup list

    It lists all DBs found. The go ahead with:

    /opt/couchdb/bin/couchup replicate -a

    It should replicate all databases in /var/lib/couchdb. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience:

    1. The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like.
    2. The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: /opt/couchdb/bin/couchup replicate -a --timeout==10000 (with almost infinite timeout here)
    3. On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in /opt/couchdb/etc/default.ini and good success with this.

    Update Thrift

    For thrift, we need version 0.13. The installation script scripts/install-thrift.shallows for uninstalling old versions:

    sudo ./install-thrift.sh --uninstall

    and then install

    sudo ./install-thrift.sh

    From OpenJDK 8 to OpenJDK 11

    First check, what is installed.

    # sudo apt list openjdk* --installed

    Then you could check what is available:

    # sudo apt list openjdk*

    It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11:

    sudo apt remove openjdk-8-jdk
+sudo apt remove openjdk-8-jre
+sudo apt remove openjdk-8-jdk-headless
+sudo apt remove openjdk-8-jre-headless
+

    check if nothing is installed:

    # sudo apt list openjdk* --installed

    Then install the openjdk-11-jdk:

    # sudo apt install openjdk-11-jdk

    Then the $JAVA_HOME needs to be updated, most likely it is defined in /etc/environment. Please check for your installation how to set the $JAVA_HOME correctly.

    Updating Liferay

    Download Liferay from this link

    https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz

    and unpack it, ideally in the /opt directory, so resulting path would look like liferay-ce-portal-7.3.3-ga4.

    Then, you need to update the $LIFERAY_INSTALL in /etc/environment from LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ to LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4.

    First, you will need to copy the portal-ext.properties from the old liferay folder to the new liferay folder (or new $LIFERAY_HOME):

    # cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties

    Migration of existing database

    For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in $LIFERAY_HOME/ tools/portal-tools-db-upgrade-client. From there the following files needs to be adapted:

    • app-server.properties: most likely uncomment tomcat, because we re using liferay with tomcat.
    • portal-upgrade-database.properties: uncomment postgresql section and add database user, default from installation is liferay/liferay, or it is stored in portal-ext.properties right where the JDBC driver is selected. Please note that your portal-ext.properties file in $LIFERAY_INSTALLcan have the following line include-and-override=/etc/sw360/portal-ext.properties. In this case, consider the portal-ext.propertiesat that location.
    • portal-upgrade-ext.properties: just the liferay home, you can leave it as it is

    If everything is done (and the postgresql migration took place), execute:

    # ./db_upgrade.sh

    It should return a battery of INFO log level messages end with:

    Completed Liferay core upgrade process in 96 seconds
+Checking to see if all upgrades have completed... done.
+

    More Migration

    The liferay migration covers apparently only the database, but not the files in the $LIFERAY_HOME/data folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the /old-liferay/data/document_library to the new location. Something like (different pwd …):

    # cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/

    Auto Start

    For auto start, you need an according init.d entry. It could be a file like /etc/init.d/tomcat. The file could be created if not there already, with the following contents:

    #!/bin/bash
+
+### BEGIN INIT INFO
+# Provides:        tomcat7
+# Required-Start:  $network
+# Required-Stop:   $network
+# Default-Start:   2 3 4 5
+# Default-Stop:    0 1 6
+# Short-Description: Start/Stop Tomcat server
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+start() {
+ su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh
+}
+
+stop() {
+ su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh
+}
+
+case $1 in
+  start|stop) $1;;
+  restart) stop; start;;
+  *) echo "Run as $0 <start|stop|restart>"; exit 1;;
+esac
+

    Te user siemagrant is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons).

    Adjust Memory

    When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in $LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh should be adapted again.

    Install Prerequisites

    For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed:

    wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar
+mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/
+

    The the existing prerequisites needs to be copied from the osgi/modules from the old liferay installation:

    cp commons-lang-2.4.jar $LIFERAY_HOME/deploy
+cp commons-io-2.6.jar $LIFERAY_HOME/deploy
+cp commons-csv-1.4.jar $LIFERAY_HOME/deploy
+cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy
+cp commons-codec-1.12.jar $LIFERAY_HOME/deploy
+cp commons-logging-1.2.jar $LIFERAY_HOME/deploy
+cp gson-2.8.5.jar $LIFERAY_HOME/deploy
+cp guava-21.0.jar $LIFERAY_HOME/deploy
+cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy
+cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy
+cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy
+

    note that with the commit to sw360-13.0.0-M1 you need also another dependency for apache poi:

    cp commons-compress-1.20.jar $LIFERAY_HOME/deploy
+

    Install Couchdb Lucene

    SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.

    Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be couchdb-lucene:

    wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz

    Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:

    https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh

    Please note that the patching issue is well known in the project and it is unclear why it is not merged:

    Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version.

    Deploy New SW360

    You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using:

    mvn clean install -DskipTests

    This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same:

    mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -DskipTests
+

    Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:

    cd rest
+mvn clean package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/deploy/ -Dbackend.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/ -Drest.deploy.dir=/opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/webapps/
+

    Final Steps in Liferay

    Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done:

    1. The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in “Control Panerl” -> “Instance Settings” -> “User Authentication” -> ""

    2. The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into “Control Panel” -> “System Settings” -> “Thrid Party”. and from then select the two JavaScript components from the left and enable them accordingly.

    Known Issues

    Database Availability Right after Update

    Right after updating, the sw360 will not show up data at all, but sometimes nothing or “portlet unavailable”. The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes.

    E-Mail Verification Trap

    Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above).

    Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/index.html b/docs/deployment/upgrading/index.html index 3d49c9e..d84bfdb 100644 --- a/docs/deployment/upgrading/index.html +++ b/docs/deployment/upgrading/index.html @@ -1,812 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Upgrade from previous instances | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Upgrade from previous instances

    -
    SW360 Bare Metal Deployment
    -
    - - - - - - - - - - - - - -
    - -
    - - - - - - - - -
    - - -
    -
    - Liferay 7.3 and Java 11 -
    -

    Upgrading previous sw360 instances to Liferay 7.3.x and Java 11

    -
    - - -
    -
    - Upgrade Sw360 from 14.0 to 15.0 -
    -

    Upgrade Sw360 from 14.0 to 15.0

    -
    - - -
    -
    - Upgrade Sw360 from 15.0 to 16.0 -
    -

    Upgrade Sw360 from 15.0 to 16.0

    -
    - - -
    -
    - Upgrade SW360 from 16.0 to 17.0 -
    -

    -
    - - -
    -
    - Upgrade SW360 from 17.00 to 18.1.0 -
    -

    -
    - - -
    - - - -
    - Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Upgrade from previous instances | Eclipse SW360 +

    Upgrade from previous instances

    SW360 Bare Metal Deployment
    Liferay 7.3 and Java 11

    Upgrading previous sw360 instances to Liferay 7.3.x and Java 11

    Upgrade Sw360 from 14.0 to 15.0

    Upgrade Sw360 from 14.0 to 15.0

    Upgrade Sw360 from 15.0 to 16.0

    Upgrade Sw360 from 15.0 to 16.0

    Upgrade SW360 from 16.0 to 17.0

    Upgrade SW360 from 17.00 to 18.1.0

    Last modified June 22, 2022: SW360 website remodeling (#9) (032e0f6)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/index.xml b/docs/deployment/upgrading/index.xml index 3c1c322..46863d3 100644 --- a/docs/deployment/upgrading/index.xml +++ b/docs/deployment/upgrading/index.xml @@ -1,1164 +1,1056 @@ - - - Eclipse SW360 – Upgrade from previous instances - https://www.eclipse.org/sw360/docs/deployment/upgrading/ - Recent content in Upgrade from previous instances on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Liferay 7.3 and Java 11 - https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/ - - - - <h2 id="introduction">Introduction</h2> -<p>We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases.</p> -<p>With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the <a href="https://github.com/sw360/sw360vagrant">https://github.com/sw360/sw360vagrant</a> project.</p> -<p>So the update covers the following:</p> -<table> -<thead> -<tr> -<th>orign</th> -<th>target</th> -</tr> -</thead> -<tbody> -<tr> -<td>Ubuntu 16.04 LTS</td> -<td>Ubuntu 18.04 LTS</td> -</tr> -<tr> -<td>CoucbdDB 1.X (comes with Ubuntu)</td> -<td>CouchDB 2.X (not with Ubuntu anymore)</td> -</tr> -<tr> -<td>Postgresql 9.X (comes with Ubuntu)</td> -<td>Postgresql 10.X (comes with Ubuntu)</td> -</tr> -<tr> -<td>OpenJDK 8 (comes with Ubuntu)</td> -<td>openJDK 11 (comes with Ubuntu)</td> -</tr> -<tr> -<td>Apache Thrift 0.11/0.12</td> -<td>Apache Thrift 0.13</td> -</tr> -</tbody> -</table> -<h2 id="overview">Overview</h2> -<p>The upgrade consists of quite some tasks, as an overview:</p> -<ol> -<li>Make a backup</li> -<li>Execute sw360 migration scripts</li> -<li>Linux release upgrade</li> -<li>Java 11</li> -<li>Postgresql</li> -<li>CouchDB 2.X</li> -<li>Thrift to 0.13</li> -<li>Liferay ce 7.3.3</li> -<li>Copy your existing <code>portal-ext.properties</code> to now liferay_install location</li> -<li>copy from old liferay installation the <code>data/document_library</code> to the new liferay</li> -<li>Adjust <code>/etc/ini.d/tomcat</code> with path of new liferay</li> -<li>Adjust <code>$liferay_install</code> variable</li> -<li>add Java prerequisites to OSGi container</li> -<li>Update couchdb-lucene</li> -<li>Deploy new version of sw360</li> -<li>Adjust Liferay</li> -</ol> -<h2 id="initial-steps">Initial steps</h2> -<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> -<p><code># sudo apt update</code></p> -<p><code># sudo apt upgrade</code></p> -<h3 id="keeping-more-settings-files">Keeping More Settings Files</h3> -<p><strong>apache.conf:</strong> Keep also the mod security conf files that are asked to update during installation</p> -<p><strong>sshd:</strong> Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe.</p> -<p><strong>Maven:</strong> if you change Maven, for example with your proxy settings, keep it too.</p> -<p>In general, whenever there is functionality you need, consider keeping existing settings files.</p> -<h2 id="ubuntu-release-upgrade">Ubuntu Release Upgrade</h2> -<p>There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files.</p> -<p><code># sudo do-release-upgrade</code></p> -<p>Answer &ldquo;yes&rdquo; for the download of packages and also confirm the update of the glibc, of course. Update the <code>system.conf</code>(install maintainer&rsquo;s version), depending on if you actually edited this. Some for <code>sysctl.conf</code>.</p> -<h2 id="migration-of-postgresql">Migration of PostgreSQL</h2> -<p>The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed:</p> -<p><code>sudo apt list postgre* --installed</code></p> -<p>Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10:</p> -<p><code>sudo apt install postgresql-10</code></p> -<p>Then, apply the instruction to update from 9.5 to 10.0 from this page: <a href="https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04">https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04</a></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># service postgresql stop -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span># pg_dropcluster --stop 10 main -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span># pg_upgradecluster -m upgrade 9.5 main -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span># pg_dropcluster 9.5 main --stop -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span># apt-get autoremove --purge postgresql-9.5 -</span></span><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span># service postgresql start -</span></span></code></pre></div><p>(note that # means you need to be root or execute with sudo)</p> -<h2 id="migration-of-couchdb">Migration of CouchDB</h2> -<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing:</p> -<p><code>curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -</code></p> -<p>The add the repo to the sources:</p> -<p><code>echo &quot;deb https://apache.bintray.com/couchdb-deb bionic main&quot; | sudo tee -a /etc/apt/sources.list</code></p> -<p>Then, add its contents to the package database by updating apt:</p> -<p><code>sudo apt-get update -y</code></p> -<p>Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first.</p> -<p><code>sudo apt-get install -y couchdb=2.1.2~bionic</code></p> -<p>The installer will ask a couple of questions:</p> -<ol> -<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> -<li>Admin user: <strong>Warning</strong> The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> -<li>Migration: yes you need to use <code>couchup</code> for migrating the databases</li> -</ol> -<p>In case you added an admin and need to remove it, try:</p> -<p><code>curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin</code></p> -<p>where the two occurrences <code>admin</code> is the name of the admin user in the URL, whatever the user was called.</p> -<h3 id="migration-of-couchdb-databases">Migration of CouchDB Databases</h3> -<p>As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use.</p> -<p>CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are:</p> -<ul> -<li><a href="https://docs.couchdb.org/en/2.3.1/install/upgrading.html">https://docs.couchdb.org/en/2.3.1/install/upgrading.html</a></li> -<li><a href="https://github.com/apache/couchdb/pull/483">https://github.com/apache/couchdb/pull/483</a></li> -</ul> -<p>For some reason after installation, the <code>couchup</code>utility is not part of the path, so execute:</p> -<p><code>/opt/couchdb/bin/couchup list</code></p> -<p>It lists all DBs found. The go ahead with:</p> -<p><code>/opt/couchdb/bin/couchup replicate -a</code></p> -<p>It should replicate all databases in <code>/var/lib/couchdb</code>. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience:</p> -<ol> -<li>The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like.</li> -<li>The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: <code>/opt/couchdb/bin/couchup replicate -a --timeout==10000</code> (with almost infinite timeout here)</li> -<li>On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in <code>/opt/couchdb/etc/default.ini</code> and good success with this.</li> -</ol> -<h2 id="update-thrift">Update Thrift</h2> -<p>For thrift, we need version 0.13. The installation script <code>scripts/install-thrift.sh</code>allows for uninstalling old versions:</p> -<p><code>sudo ./install-thrift.sh --uninstall</code></p> -<p>and then install</p> -<p><code>sudo ./install-thrift.sh</code></p> -<h2 id="from-openjdk-8-to-openjdk-11">From OpenJDK 8 to OpenJDK 11</h2> -<p>First check, what is installed.</p> -<p><code># sudo apt list openjdk* --installed</code></p> -<p>Then you could check what is available:</p> -<p><code># sudo apt list openjdk*</code></p> -<p>It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sudo apt remove openjdk-8-jdk -</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jre -</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jdk-headless -</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jre-headless -</span></span></code></pre></div><p>check if nothing is installed:</p> -<p><code># sudo apt list openjdk* --installed</code></p> -<p>Then install the openjdk-11-jdk:</p> -<p><code># sudo apt install openjdk-11-jdk</code></p> -<p>Then the <code>$JAVA_HOME</code> needs to be updated, most likely it is defined in <code>/etc/environment</code>. Please check for your installation how to set the <code>$JAVA_HOME</code> correctly.</p> -<h2 id="updating-liferay">Updating Liferay</h2> -<p>Download Liferay from this link</p> -<p><a href="https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz">https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz</a></p> -<p>and unpack it, ideally in the <code>/opt</code> directory, so resulting path would look like <code>liferay-ce-portal-7.3.3-ga4</code>.</p> -<p>Then, you need to update the <code>$LIFERAY_INSTALL</code> in <code>/etc/environment</code> from <code>LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ </code> to <code>LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4</code>.</p> -<p>First, you will need to copy the <code>portal-ext.properties</code> from the old liferay folder to the new liferay folder (or new <code>$LIFERAY_HOME</code>):</p> -<p><code># cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties</code></p> -<h3 id="migration-of-existing-database">Migration of existing database</h3> -<p>For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in <code>$LIFERAY_HOME/ tools/portal-tools-db-upgrade-client</code>. From there the following files needs to be adapted:</p> -<ul> -<li><code>app-server.properties</code>: most likely uncomment tomcat, because we re using liferay with tomcat.</li> -<li><code>portal-upgrade-database.properties</code>: uncomment postgresql section and add database user, default from installation is <code>liferay/liferay</code>, or it is stored in <code>portal-ext.properties</code> right where the JDBC driver is selected. Please note that your <code>portal-ext.properties</code> file in <code>$LIFERAY_INSTALL</code>can have the following line <code>include-and-override=/etc/sw360/portal-ext.properties</code>. In this case, consider the <code>portal-ext.properties</code>at that location.</li> -<li><code>portal-upgrade-ext.properties</code>: just the liferay home, you can leave it as it is</li> -</ul> -<p>If everything is done (and the postgresql migration took place), execute:</p> -<p><code># ./db_upgrade.sh</code></p> -<p>It should return a battery of <code>INFO</code> log level messages end with:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Completed Liferay core upgrade process in 96 seconds -</span></span><span style="display:flex;"><span>Checking to see if all upgrades have completed... done. -</span></span></code></pre></div><h3 id="more-migration">More Migration</h3> -<p>The liferay migration covers apparently only the database, but not the files in the <code>$LIFERAY_HOME/data</code> folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the <code>/old-liferay/data/document_library</code> to the new location. Something like (different pwd &hellip;):</p> -<p><code># cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/</code></p> -<h3 id="auto-start">Auto Start</h3> -<p>For auto start, you need an according init.d entry. It could be a file like <code>/etc/init.d/tomcat</code>. The file could be created if not there already, with the following contents:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash -</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### BEGIN INIT INFO</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Provides: tomcat7</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Start: $network</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Stop: $network</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Start: 2 3 4 5</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Stop: 0 1 6</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Short-Description: Start/Stop Tomcat server</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### END INIT INFO</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#033">PATH</span><span style="color:#555">=</span>/sbin:/bin:/usr/sbin:/usr/bin -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>start<span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>stop<span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">case</span> <span style="color:#033">$1</span> in -</span></span><span style="display:flex;"><span> start|stop<span style="color:#555">)</span> <span style="color:#033">$1</span>;; -</span></span><span style="display:flex;"><span> restart<span style="color:#555">)</span> stop; start;; -</span></span><span style="display:flex;"><span> *<span style="color:#555">)</span> <span style="color:#366">echo</span> <span style="color:#c30">&#34;Run as </span><span style="color:#033">$0</span><span style="color:#c30"> &lt;start|stop|restart&gt;&#34;</span>; <span style="color:#366">exit</span> 1;; -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">esac</span> -</span></span></code></pre></div><p>Te user <code>siemagrant</code> is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons).</p> -<h3 id="adjust-memory">Adjust Memory</h3> -<p>When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in <code>$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh</code> should be adapted again.</p> -<h2 id="install-prerequisites">Install Prerequisites</h2> -<p>For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar -</span></span><span style="display:flex;"><span>mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ -</span></span></code></pre></div><p>The the existing prerequisites needs to be copied from the <code>osgi/modules</code> from the old liferay installation:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>cp commons-lang-2.4.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp commons-io-2.6.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp commons-csv-1.4.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp commons-codec-1.12.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp commons-logging-1.2.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp gson-2.8.5.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp guava-21.0.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy -</span></span><span style="display:flex;"><span>cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy -</span></span></code></pre></div><p>note that with the <a href="https://github.com/eclipse/sw360/commit/71348b4fffa6e3e5fd761a3f63590a0a60663827">commit</a> to sw360-13.0.0-M1 you need also another dependency for apache poi:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>cp commons-compress-1.20.jar $LIFERAY_HOME/deploy -</span></span></code></pre></div><h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> -<p>Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be <code>couchdb-lucene</code>:</p> -<p><code>wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz</code></p> -<p>Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:</p> -<p><a href="https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh">https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh</a></p> -<p>Please note that the patching issue is well known in the project and it is unclear why it is not merged:</p> -<ul> -<li><a href="https://github.com/rnewson/couchdb-lucene/issues/161">https://github.com/rnewson/couchdb-lucene/issues/161</a> &ldquo;allow context-root other than &ldquo;/&rdquo; when running in servlet container&rdquo;</li> -<li><a href="https://github.com/rnewson/couchdb-lucene/pull/162">https://github.com/rnewson/couchdb-lucene/pull/162</a></li> -<li><a href="https://github.com/rnewson/couchdb-lucene/pull/152">https://github.com/rnewson/couchdb-lucene/pull/152</a></li> -</ul> -<p>Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version.</p> -<h2 id="deploy-new-sw360">Deploy New SW360</h2> -<p>You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using:</p> -<p><code>mvn clean install -DskipTests</code></p> -<p>This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span>mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>DskipTests -</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span>cd rest -</span></span><span style="display:flex;"><span>mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> -</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> -<p>Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done:</p> -<ol> -<li> -<p>The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in &ldquo;Control Panerl&rdquo; -&gt; &ldquo;Instance Settings&rdquo; -&gt; &ldquo;User Authentication&rdquo; -&gt; &quot;&quot;</p> -</li> -<li> -<p>The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into &ldquo;Control Panel&rdquo; -&gt; &ldquo;System Settings&rdquo; -&gt; &ldquo;Thrid Party&rdquo;. and from then select the two JavaScript components from the left and enable them accordingly.</p> -</li> -</ol> -<h2 id="known-issues">Known Issues</h2> -<h3 id="database-availability-right-after-update">Database Availability Right after Update</h3> -<p>Right after updating, the sw360 will not show up data at all, but sometimes nothing or &ldquo;portlet unavailable&rdquo;. The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes.</p> -<h3 id="e-mail-verification-trap">E-Mail Verification Trap</h3> -<p>Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above).</p> - - - - - - Docs: Upgrade Sw360 from 14.0 to 15.0 - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/ - - - - <h1 id="upgrade-sw360-version-150">Upgrade SW360 version 15.0</h1> -<h2 id="1-upgrade-sw360-from-140-to-150">1. Upgrade sw360 from 14.0 to 15.0</h2> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1.1 Checkout source code SW360 to Tag Version 15 -</span></span><span style="display:flex;"><span>1.2 Version of libraries -</span></span><span style="display:flex;"><span>1.3 Migrate database -</span></span><span style="display:flex;"><span>1.4 Build and deploy Sw360 Version 15.0 -</span></span></code></pre></div><h3 id="11-checkout-source-code-sw360-to-tag-version-15">1.1 Checkout source code SW360 to Tag Version 15</h3> -<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> -<ul> -<li> -<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work/sw360</code></p> -</li> -<li> -<p>Source code sw360 is in master branch with commit version 14.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 15 on the master branch of SW360</p> -</li> -<li> -<p>Checkout to tag Version 15.0.0</p> -<ul> -<li><code>$ git checkout . </code></li> -<li><code>$ git checkout sw360-15.0.0-M1</code></li> -</ul> -</li> -</ul> -<h3 id="12-version-of-libraries">1.2 Version of libraries</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.3.4</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.33</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.14.0</td> -</tr> -<tr> -<td style="text-align:left">SW360</td> -<td style="text-align:center">14.0.0</td> -</tr> -</tbody> -</table> -<h3 id="13-migrate-database">1.3 Migrate database</h3> -<ul> -<li>Check migrate scripts from 14.0 to 15.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></li> -</ul> -<ul> -<li>There is no migrate script, skip this step.</li> -</ul> -<h3 id="14-build-and-deploy-sw360-version-150">1.4 Build and deploy SW360 Version 15.0</h3> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -<li> -<p>Stop SW360 version 14.0, ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh</code></li> -</ul> -</li> -</ul> -<h2 id="2-compile-and-deploy">2. Compile and deploy</h2> -<ul> -<li> -<p>Start couchdb</p> -<ul> -<li><code>$ sudo service couchdb start</code></li> -</ul> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ cd /home/user/work/sw360</code></li> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -</ul> -<ol> -<li> -<p>To clean everything and install without running the tests</p> -<ul> -<li><code>$ mvn clean install -DskipTests </code></li> -</ul> -</li> -<li> -<p>For deployment run the command</p> -<ul> -<li><code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests</code></li> -</ul> -</li> -</ol> -<h3 id="21-start-and-configure-liferay">2.1 Start and Configure Liferay</h3> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> -</ul> -</li> -<li> -<p>Url SW360 : <code>https://localhost:8080</code></p> -</li> -</ul> -<h3 id="22-configure-liferay-portal">2.2 Configure Liferay Portal</h3> -<ul> -<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> -</ul> -<ul> -<li>Import users -<ol> -<li>Open the panel on the left side by clicking the button on the top left.</li> -<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> -<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> -<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> -<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very -beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> -* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> -</ol> -</li> -</ul> - - - - - - Docs: Upgrade Sw360 from 15.0 to 16.0 - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/ - - - - <h1 id="upgrade-sw360-version-160">Upgrade SW360 version 16.0</h1> -<h2 id="1-upgrade-sw360-from-150-to-160">1. Upgrade sw360 from 15.0 to 16.0</h2> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1.1 Checkout source code SW360 to Tag Version 16 -</span></span><span style="display:flex;"><span>1.2 Version of libraries -</span></span><span style="display:flex;"><span>1.3 Migrate database -</span></span><span style="display:flex;"><span>1.4 Build and deploy Sw360 Version 16 -</span></span><span style="display:flex;"><span>1.5 Start and Configure Liferay -</span></span></code></pre></div><h3 id="11-create-folder-contains-source-code-sw360-to-tag-version-16">1.1 Create Folder contains source code SW360 to Tag Version 16</h3> -<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> -<ul> -<li> -<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work15to16/sw360</code></p> -</li> -<li> -<p>Source code sw360 is in main branch with commit version 14.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 16 on the main branch of SW360</p> -</li> -<li> -<p>Checkout to tag Version 16.0.0 or checkout commit &ldquo;d15db4a1b07112fff126016103c1a8d8dd03c230&rdquo;</p> -<ul> -<li><code>$ git checkout d15db4a1b07112fff126016103c1a8d8dd03c230 </code> or <code>$ git checkout sw360-16.0.0-M1</code></li> -</ul> -</li> -<li> -<p>Upgrade Thrift from 0.14.0 to 0.16.0</p> -<ul> -<li>Move to folder sw360 with path <code>/home/user/work15to16/sw360</code></li> -</ul> -<p>Run command line:</p> -<p>Uninstall thrift version 0.14.0</p> -<ul> -<li><code>./scripts/install-thrift.sh --uninstall</code></li> -</ul> -<p>Install thrift version 0.16.0</p> -<ul> -<li><code>./scripts/install-thrift.sh</code></li> -</ul> -<p>Check version thrift</p> -<ul> -<li><code>thrift --version</code></li> -</ul> -</li> -<li> -<p>Update Dependency for SW360 version 16</p> -<p>Download dependency:</p> -<ul> -<li><code>wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.7/commons-io-2.7.jar -O commons-io-2.7.jar</code></li> -<li><code>wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.9/gson-2.8.9.jar -O gson-2.8.9.jar</code></li> -<li><code>wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar -O guava-31.0.1-jre.jar</code></li> -<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.13.2/jackson-annotations-2.13.2.jar -O jackson-annotations-2.13.2.jar</code></li> -<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.13.2/jackson-core-2.13.2.jar -O jackson-core-2.13.2.jar</code></li> -<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.13.2.2/jackson-databind-2.13.2.2.jar -O jackson-databind-2.13.2.2.jar</code></li> -<li><code>wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -O libthrift-0.16.0.jar</code></li> -</ul> -<p>Move dependency to folder <code>/opt/liferay-ce-portal-7.3.4-ga5/deploy</code></p> -</li> -</ul> -<h3 id="12-version-of-libraries">1.2 Version of libraries</h3> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.3.4</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.33</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.16.0</td> -</tr> -</tbody> -</table> -<h3 id="13-migrate-database">1.3 Migrate database</h3> -<ul> -<li> -<p>Check migrate scripts from 15.0 to 16.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> -</li> -<li> -<p>3 file migration:</p> -</li> -</ul> -<ul> -<li> -<p><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/048_add_component_businessunit.py</code></p> -</li> -<li> -<p><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/049_migrate_admin_obligation.py</code></p> -</li> -<li> -<p><code>https://github.com/eclipse/sw360/blob/main/scripts/utilities/003_update_project_field_value_couchdb_2_x.py</code></p> -<p>Install enviroment for python 2.7</p> -<ul> -<li><code>$ sudo apt-add-repository universe</code></li> -<li><code>$ sudo apt update</code></li> -<li><code>$ sudo apt install python2-minimal</code></li> -</ul> -<p>Check version</p> -<ul> -<li><code>$ python2 --version</code></li> -</ul> -<p>Install pip for python 2.7 --<code>curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py</code> --<code>sudo python2 get-pip.py --proxy=http://username:password@hostname</code> --<code>pip --version</code></p> -<p>Import package couchdb --<code>pip install --proxy=http://username:password@hostname couchdb</code></p> -<p>How to run migration data</p> -<ol> -<li> -<p>stop SW360 (i.e. the tomcat)</p> -<ul> -<li>Set Environment for <code>${LIFERAY_INSTALL}</code></li> -</ul> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -<ul> -<li>Stop SW360 version 15.0, ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</li> -</ul> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh</code></li> -</ul> -</li> -<li> -<p>ensure that couchdb is accessible (try to open http://localhost:5984/_utils/)</p> -</li> -<li> -<p>run the migration scripts (i.e. for each script call python2 /PATH/TO/00?_some_migration_script.py) -be aware that some scripts are using an internal dry-run switch which you have to change manually in the script&rsquo;s code.</p> -<p>3.1 move to folder with path <code>/home/user/work15to16/sw360/scripts/migrations</code></p> -<p>Run command:</p> -<ul> -<li><code>python2 048_add_component_businessunit.py</code></li> -<li><code>python2 049_migrate_admin_obligation.py</code></li> -</ul> -<p>Check data change in file log:</p> -<ul> -<li>048_add_component_businessunit.log</li> -<li>049_migrate_admin_obligation.log</li> -</ul> -<p>3.2 move to folder with path <code>/home/user/work15to16/sw360/scripts/utilities</code></p> -<ul> -<li><code>python2 003_update_project_field_value_couchdb_2_x.py</code></li> -</ul> -<p>Check data change in file log:</p> -<ul> -<li>003_update_project_field_value_couchdb_2_x.log</li> -</ul> -</li> -</ol> -</li> -</ul> -<h3 id="14-compile-and-deploy">1.4. Compile and deploy</h3> -<ul> -<li>Set Environment for <code>${LIFERAY_INSTALL}</code> -- <code>$ cd /home/user/work/sw360</code> -- <code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -<pre><code>To clean everything and install without running the tests - +Eclipse SW360 – Upgrade from previous instanceshttps://www.eclipse.org/sw360/docs/deployment/upgrading/Recent content in Upgrade from previous instances on Eclipse SW360Hugo -- gohugo.ioDocs: Liferay 7.3 and Java 11https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/ +<h2 id="introduction">Introduction</h2> +<p>We are covering the update for ubuntu here, because that is our main / agreed base system for running sw360. sw360 may run on a varienty of other linux distributions or OSes such as macosx, but in order to avoid problem we agreed on having a reference OS, which are the ubuntu long term releases.</p> +<p>With the update to Java 11, we upgraded from Ubuntu 16.04 to Ubuntu 18.04, both LTS version. This OS is used for example by the <a href="https://github.com/sw360/sw360vagrant">https://github.com/sw360/sw360vagrant</a> project.</p> +<p>So the update covers the following:</p> +<table> +<thead> +<tr> +<th>orign</th> +<th>target</th> +</tr> +</thead> +<tbody> +<tr> +<td>Ubuntu 16.04 LTS</td> +<td>Ubuntu 18.04 LTS</td> +</tr> +<tr> +<td>CoucbdDB 1.X (comes with Ubuntu)</td> +<td>CouchDB 2.X (not with Ubuntu anymore)</td> +</tr> +<tr> +<td>Postgresql 9.X (comes with Ubuntu)</td> +<td>Postgresql 10.X (comes with Ubuntu)</td> +</tr> +<tr> +<td>OpenJDK 8 (comes with Ubuntu)</td> +<td>openJDK 11 (comes with Ubuntu)</td> +</tr> +<tr> +<td>Apache Thrift 0.11/0.12</td> +<td>Apache Thrift 0.13</td> +</tr> +</tbody> +</table> +<h2 id="overview">Overview</h2> +<p>The upgrade consists of quite some tasks, as an overview:</p> +<ol> +<li>Make a backup</li> +<li>Execute sw360 migration scripts</li> +<li>Linux release upgrade</li> +<li>Java 11</li> +<li>Postgresql</li> +<li>CouchDB 2.X</li> +<li>Thrift to 0.13</li> +<li>Liferay ce 7.3.3</li> +<li>Copy your existing <code>portal-ext.properties</code> to now liferay_install location</li> +<li>copy from old liferay installation the <code>data/document_library</code> to the new liferay</li> +<li>Adjust <code>/etc/ini.d/tomcat</code> with path of new liferay</li> +<li>Adjust <code>$liferay_install</code> variable</li> +<li>add Java prerequisites to OSGi container</li> +<li>Update couchdb-lucene</li> +<li>Deploy new version of sw360</li> +<li>Adjust Liferay</li> +</ol> +<h2 id="initial-steps">Initial steps</h2> +<p>In order to &ldquo;calibrate the system&rdquo; just run the update / upgrade cycle once:</p> +<p><code># sudo apt update</code></p> +<p><code># sudo apt upgrade</code></p> +<h3 id="keeping-more-settings-files">Keeping More Settings Files</h3> +<p><strong>apache.conf:</strong> Keep also the mod security conf files that are asked to update during installation</p> +<p><strong>sshd:</strong> Changes on the ssh / sshd conf files should be kept in case you have setup up dome remote public private key login (usually the case for server installation). Otherwise you re locked out maybe.</p> +<p><strong>Maven:</strong> if you change Maven, for example with your proxy settings, keep it too.</p> +<p>In general, whenever there is functionality you need, consider keeping existing settings files.</p> +<h2 id="ubuntu-release-upgrade">Ubuntu Release Upgrade</h2> +<p>There is maybe the remark to overwrite the current apache configuration. We propose to keep the currently installed apache files.</p> +<p><code># sudo do-release-upgrade</code></p> +<p>Answer &ldquo;yes&rdquo; for the download of packages and also confirm the update of the glibc, of course. Update the <code>system.conf</code>(install maintainer&rsquo;s version), depending on if you actually edited this. Some for <code>sysctl.conf</code>.</p> +<h2 id="migration-of-postgresql">Migration of PostgreSQL</h2> +<p>The existing 9.5 will not be upgraded, instead this message comes: After the release upgrade, you can check again if postgresql is installed:</p> +<p><code>sudo apt list postgre* --installed</code></p> +<p>Postgresql 9.5 should be the only installed. The old postgresql 9.5 must stay in fact, because the migration tool needs to be executing on a running postgresql 9.5 instance. Just having popstgresql 10 and a database only from postgresql 9.5 will not work. You can go ahead install postgresql 10:</p> +<p><code>sudo apt install postgresql-10</code></p> +<p>Then, apply the instruction to update from 9.5 to 10.0 from this page: <a href="https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04">https://stackoverflow.com/questions/47029055/how-do-i-upgrade-my-postgresql-9-5-to-postgresql-10-on-ubuntu-16-04</a></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span># service postgresql stop +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span># pg_dropcluster --stop 10 main +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span># pg_upgradecluster -m upgrade 9.5 main +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span># pg_dropcluster 9.5 main --stop +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span># apt-get autoremove --purge postgresql-9.5 +</span></span><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span># service postgresql start +</span></span></code></pre></div><p>(note that # means you need to be root or execute with sudo)</p> +<h2 id="migration-of-couchdb">Migration of CouchDB</h2> +<p>CouchDB is not part of the Ubuntu package management anymore. Thus, you need to add the Apache CouchDb package repository to install it, first the key for signing:</p> +<p><code>curl -L https://couchdb.apache.org/repo/bintray-pubkey.asc | sudo apt-key add -</code></p> +<p>The add the repo to the sources:</p> +<p><code>echo &quot;deb https://apache.bintray.com/couchdb-deb bionic main&quot; | sudo tee -a /etc/apt/sources.list</code></p> +<p>Then, add its contents to the package database by updating apt:</p> +<p><code>sudo apt-get update -y</code></p> +<p>Ultimately install CouchDB, we tried with 2.1.2 initiall not to make a too far jump from 1.X, later versions may work as well. Note that for upgrading to CouchDB 3.X you would need an upgrade to 2.X first.</p> +<p><code>sudo apt-get install -y couchdb=2.1.2~bionic</code></p> +<p>The installer will ask a couple of questions:</p> +<ol> +<li>Bind address: for CouchDB and SW360 <code>127.0.0.1</code> (localhost) is a good bind address, if you would like to access the server from a remote computer because your sw360 runs as a server in the network, you would need to change accordingly.</li> +<li>Admin user: <strong>Warning</strong> The couchdb migration utility does not support authentication! Please do not enter an admin password, but apply it later. You can set the password for CouchDB in <code>couchdb.properties</code> and place it centrally in <code>/etc/sw360</code></li> +<li>Migration: yes you need to use <code>couchup</code> for migrating the databases</li> +</ol> +<p>In case you added an admin and need to remove it, try:</p> +<p><code>curl -X DELETE http://admin:password@127.0.0.1:5984/_config/admins/admin</code></p> +<p>where the two occurrences <code>admin</code> is the name of the admin user in the URL, whatever the user was called.</p> +<h3 id="migration-of-couchdb-databases">Migration of CouchDB Databases</h3> +<p>As a preparation: the CouchDB migration works by copying the databases, so the file system needs at least as much free space as the CouchDB databases use.</p> +<p>CouchDB offers a migration utility. It is advised that you remove all test databases as they do not seem to work with the migration utility. Important links are:</p> +<ul> +<li><a href="https://docs.couchdb.org/en/2.3.1/install/upgrading.html">https://docs.couchdb.org/en/2.3.1/install/upgrading.html</a></li> +<li><a href="https://github.com/apache/couchdb/pull/483">https://github.com/apache/couchdb/pull/483</a></li> +</ul> +<p>For some reason after installation, the <code>couchup</code>utility is not part of the path, so execute:</p> +<p><code>/opt/couchdb/bin/couchup list</code></p> +<p>It lists all DBs found. The go ahead with:</p> +<p><code>/opt/couchdb/bin/couchup replicate -a</code></p> +<p>It should replicate all databases in <code>/var/lib/couchdb</code>. Please refer to the couchup documentation, for the subsequent steps. A few remarks from our experience:</p> +<ol> +<li>The rebuold of the couchdb does not work for our test databases. Please refer to the documentation how to do this manually if you like.</li> +<li>The couchup utility crashes for large DB sizes with a time out error. Consider using the timeout option: <code>/opt/couchdb/bin/couchup replicate -a --timeout==10000</code> (with almost infinite timeout here)</li> +<li>On very large attachment database sizes (500GB), the couchdb configuration must be changed. We increased almost every related value by factor 10 (timeouts, memory, etc) in <code>/opt/couchdb/etc/default.ini</code> and good success with this.</li> +</ol> +<h2 id="update-thrift">Update Thrift</h2> +<p>For thrift, we need version 0.13. The installation script <code>scripts/install-thrift.sh</code>allows for uninstalling old versions:</p> +<p><code>sudo ./install-thrift.sh --uninstall</code></p> +<p>and then install</p> +<p><code>sudo ./install-thrift.sh</code></p> +<h2 id="from-openjdk-8-to-openjdk-11">From OpenJDK 8 to OpenJDK 11</h2> +<p>First check, what is installed.</p> +<p><code># sudo apt list openjdk* --installed</code></p> +<p>Then you could check what is available:</p> +<p><code># sudo apt list openjdk*</code></p> +<p>It should be that OpenJDK 8 is installed and both OpenJDK 8 and 11 are available. Then, remove the OpenJDK 8 and install 11:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sudo apt remove openjdk-8-jdk +</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jre +</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jdk-headless +</span></span><span style="display:flex;"><span>sudo apt remove openjdk-8-jre-headless +</span></span></code></pre></div><p>check if nothing is installed:</p> +<p><code># sudo apt list openjdk* --installed</code></p> +<p>Then install the openjdk-11-jdk:</p> +<p><code># sudo apt install openjdk-11-jdk</code></p> +<p>Then the <code>$JAVA_HOME</code> needs to be updated, most likely it is defined in <code>/etc/environment</code>. Please check for your installation how to set the <code>$JAVA_HOME</code> correctly.</p> +<h2 id="updating-liferay">Updating Liferay</h2> +<p>Download Liferay from this link</p> +<p><a href="https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz">https://sourceforge.net/projects/lportal/files/Liferay%20Portal/7.3.3%20GA4/liferay-ce-portal-tomcat-7.3.3-ga4-20200701015330959.tar.gz</a></p> +<p>and unpack it, ideally in the <code>/opt</code> directory, so resulting path would look like <code>liferay-ce-portal-7.3.3-ga4</code>.</p> +<p>Then, you need to update the <code>$LIFERAY_INSTALL</code> in <code>/etc/environment</code> from <code>LIFERAY_INSTALL=/opt/liferay-portal-7.2.0-ga1/ </code> to <code>LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.3-ga4</code>.</p> +<p>First, you will need to copy the <code>portal-ext.properties</code> from the old liferay folder to the new liferay folder (or new <code>$LIFERAY_HOME</code>):</p> +<p><code># cp /$old-liferay/portal-ext.properties $LIFERAY_INSTALL/portal-ext.properties</code></p> +<h3 id="migration-of-existing-database">Migration of existing database</h3> +<p>For a version upgrade from Liferay CE 7.2 to Liferay 7.3, migration scripts must be applied, they are located in <code>$LIFERAY_HOME/ tools/portal-tools-db-upgrade-client</code>. From there the following files needs to be adapted:</p> +<ul> +<li><code>app-server.properties</code>: most likely uncomment tomcat, because we re using liferay with tomcat.</li> +<li><code>portal-upgrade-database.properties</code>: uncomment postgresql section and add database user, default from installation is <code>liferay/liferay</code>, or it is stored in <code>portal-ext.properties</code> right where the JDBC driver is selected. Please note that your <code>portal-ext.properties</code> file in <code>$LIFERAY_INSTALL</code>can have the following line <code>include-and-override=/etc/sw360/portal-ext.properties</code>. In this case, consider the <code>portal-ext.properties</code>at that location.</li> +<li><code>portal-upgrade-ext.properties</code>: just the liferay home, you can leave it as it is</li> +</ul> +<p>If everything is done (and the postgresql migration took place), execute:</p> +<p><code># ./db_upgrade.sh</code></p> +<p>It should return a battery of <code>INFO</code> log level messages end with:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Completed Liferay core upgrade process in 96 seconds +</span></span><span style="display:flex;"><span>Checking to see if all upgrades have completed... done. +</span></span></code></pre></div><h3 id="more-migration">More Migration</h3> +<p>The liferay migration covers apparently only the database, but not the files in the <code>$LIFERAY_HOME/data</code> folder. It would have been nicer, if that would have been covered too. Instead these must be copied manually. In fact, for the migration, it is advised to copy only the <code>/old-liferay/data/document_library</code> to the new location. Something like (different pwd &hellip;):</p> +<p><code># cp -r _attic/liferay-portal-7.2.1-ga2/data/document_library/ liferay-ce-portal-7.3.3-ga4/data/</code></p> +<h3 id="auto-start">Auto Start</h3> +<p>For auto start, you need an according init.d entry. It could be a file like <code>/etc/init.d/tomcat</code>. The file could be created if not there already, with the following contents:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#099">#!/bin/bash +</span></span></span><span style="display:flex;"><span><span style="color:#099"></span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### BEGIN INIT INFO</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Provides: tomcat7</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Start: $network</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Required-Stop: $network</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Start: 2 3 4 5</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Default-Stop: 0 1 6</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Short-Description: Start/Stop Tomcat server</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">### END INIT INFO</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#033">PATH</span><span style="color:#555">=</span>/sbin:/bin:/usr/sbin:/usr/bin +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>start<span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/startup.sh +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>stop<span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> su -l siemagrant -c /opt/liferay-ce-portal-7.3.3-ga4/tomcat-9.0.33/bin/shutdown.sh +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">case</span> <span style="color:#033">$1</span> in +</span></span><span style="display:flex;"><span> start|stop<span style="color:#555">)</span> <span style="color:#033">$1</span>;; +</span></span><span style="display:flex;"><span> restart<span style="color:#555">)</span> stop; start;; +</span></span><span style="display:flex;"><span> *<span style="color:#555">)</span> <span style="color:#366">echo</span> <span style="color:#c30">&#34;Run as </span><span style="color:#033">$0</span><span style="color:#c30"> &lt;start|stop|restart&gt;&#34;</span>; <span style="color:#366">exit</span> 1;; +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">esac</span> +</span></span></code></pre></div><p>Te user <code>siemagrant</code> is used in the sw360vagrant project. it is the username of the user where the liefray / sw360 server runs under in vagrant. Regardless how the user is named, it is important that liferay runs under an unprivileged user (for security reasons).</p> +<h3 id="adjust-memory">Adjust Memory</h3> +<p>When you have downloaded the liferay distribution, Tomcat is likely configured with very basic memory settings. For trying sw360, the standard memory settings are OK. But of course, the memory settings in <code>$LIFERAY_HOME/tomcat-X.0.XX/bin/setenv.sh</code> should be adapted again.</p> +<h2 id="install-prerequisites">Install Prerequisites</h2> +<p>For old installations, libthrift is not there (which causes an error at container startup), it should be downloaded and deployed:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.13.0/libthrift-0.13.0.jar +</span></span><span style="display:flex;"><span>mv libthrift-0.13.0.jar $LIFEARY_HOME/deploy/ +</span></span></code></pre></div><p>The the existing prerequisites needs to be copied from the <code>osgi/modules</code> from the old liferay installation:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>cp commons-lang-2.4.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp commons-io-2.6.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp commons-csv-1.4.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp commons-collections4-4.1.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp commons-codec-1.12.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp commons-logging-1.2.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp gson-2.8.5.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp guava-21.0.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp jackson-annotations-2.9.8.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp jackson-core-2.9.8.jar $LIFERAY_HOME/deploy +</span></span><span style="display:flex;"><span>cp jackson-databind-2.9.8.jar $LIFERAY_HOME/deploy +</span></span></code></pre></div><p>note that with the <a href="https://github.com/eclipse/sw360/commit/71348b4fffa6e3e5fd761a3f63590a0a60663827">commit</a> to sw360-13.0.0-M1 you need also another dependency for apache poi:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>cp commons-compress-1.20.jar $LIFERAY_HOME/deploy +</span></span></code></pre></div><h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene. The main thing is that it requires pathing for the use in the normal SW3360 setups. The reason for the patch is that the developers presume that couchdb-lucene runs as the only component in the application server, while in the sw360 setup, there is a setup in which couchdb-lucene runs along with other components in the same application container.</p> +<p>Start with downloading the couchdb-lucene and rename the archive so the resulting URL path element will be <code>couchdb-lucene</code>:</p> +<p><code>wget https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz ./couchdb-lucene.tar.gz</code></p> +<p>Please refer to the script in sw360vagrant how to apply the patch to couchdb-lucene:</p> +<p><a href="https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh">https://github.com/sw360/sw360vagrant/blob/master/shared/scripts/install-lucene.sh</a></p> +<p>Please note that the patching issue is well known in the project and it is unclear why it is not merged:</p> +<ul> +<li><a href="https://github.com/rnewson/couchdb-lucene/issues/161">https://github.com/rnewson/couchdb-lucene/issues/161</a> &ldquo;allow context-root other than &ldquo;/&rdquo; when running in servlet container&rdquo;</li> +<li><a href="https://github.com/rnewson/couchdb-lucene/pull/162">https://github.com/rnewson/couchdb-lucene/pull/162</a></li> +<li><a href="https://github.com/rnewson/couchdb-lucene/pull/152">https://github.com/rnewson/couchdb-lucene/pull/152</a></li> +</ul> +<p>Now, for CouchDB 2.X the hook for integration of a search component has chaned compared to CouchDB 1.X. Accordingly, the old couchdb-lucene component must be replaced with the latest version.</p> +<h2 id="deploy-new-sw360">Deploy New SW360</h2> +<p>You will need to checkout new Java-11 based version of the SW360, which is either tagged version 11 or some few commits before that. Then build in the sw360 project root using:</p> +<p><code>mvn clean install -DskipTests</code></p> +<p>This will install new artfacts, such as lib-datahandler in your maven repostiory. Then apply in the same:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span>mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>DskipTests +</span></span></code></pre></div><p>Skipping tests has the reason that usually, the sw360 is tested in the CI and thus, local tests are note necessary, if the code has not been changed locally. Note that the REST API documentation framework is based on building test cases and thus for deploying a version with REST API documentation, tests should be executed:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span>cd rest +</span></span><span style="display:flex;"><span>mvn clean <span style="color:#069;font-weight:bold">package</span> <span style="color:#555">-</span>P deploy <span style="color:#555">-</span>Dbase.deploy.dir=. <span style="color:#555">-</span>Dliferay.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>deploy<span style="color:#555">/</span> <span style="color:#555">-</span>Dbackend.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> <span style="color:#555">-</span>Drest.deploy.dir=<span style="color:#555">/</span>opt<span style="color:#555">/</span>liferay<span style="color:#555">-</span>ce<span style="color:#555">-</span>portal<span style="color:#555">-</span><span style="color:#f60">7.3.3</span><span style="color:#555">-</span>ga4<span style="color:#555">/</span>tomcat<span style="color:#555">-</span><span style="color:#f60">9.0.33</span><span style="color:#555">/</span>webapps<span style="color:#555">/</span> +</span></span></code></pre></div><h2 id="final-steps-in-liferay">Final Steps in Liferay</h2> +<p>Liferay CE 7.3 bring some changes that still require manually applied settings to the running liferay server. Thus, you could start the liferay server or just restart the entire machine. The following two things need to be adaptedin liferay after successful startup in order to get the migration done:</p> +<ol> +<li> +<p>The automatic verification of e-mail adresses maybe be needed to be switched off, because it kicks in also for existing users. This can be done in &ldquo;Control Panerl&rdquo; -&gt; &ldquo;Instance Settings&rdquo; -&gt; &ldquo;User Authentication&rdquo; -&gt; &quot;&quot;</p> +</li> +<li> +<p>The JavaScript components jquery and fontawesone (that come with liferay) must be manually enabled now. For this got into &ldquo;Control Panel&rdquo; -&gt; &ldquo;System Settings&rdquo; -&gt; &ldquo;Thrid Party&rdquo;. and from then select the two JavaScript components from the left and enable them accordingly.</p> +</li> +</ol> +<h2 id="known-issues">Known Issues</h2> +<h3 id="database-availability-right-after-update">Database Availability Right after Update</h3> +<p>Right after updating, the sw360 will not show up data at all, but sometimes nothing or &ldquo;portlet unavailable&rdquo;. The problem is the re-indexing of the DB and the search index which takes a while. You can trigger reindexing in the systems. A lazy way is call all (main) views so the database stumbles accross it and starts the indexing tasks (see job view in the couchdb admin interface of Futon). The sam eis for searches, the first searches will fail and the lucene will do some internal updates. leaving the system working for some time and follow the log will help. Could take 30 minutes.</p> +<h3 id="e-mail-verification-trap">E-Mail Verification Trap</h3> +<p>Liferay has automatically enabled password verification for all accounts right after migration. Not sure what motivates persons to enable such feature by default right after migration from an instance where it was not there? In case you have attached the system to an external login solution, but your liferay is not configured to send mails, then it is a trap, because you cannot verify the e-mail address and thus, cannot login. You need to disable the external login solution and use the original initial setup user to login (which is not asked for verification by e-mail) to disable this feature (see above).</p>Docs: Upgrade Sw360 from 14.0 to 15.0https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/ +<h1 id="upgrade-sw360-version-150">Upgrade SW360 version 15.0</h1> +<h2 id="1-upgrade-sw360-from-140-to-150">1. Upgrade sw360 from 14.0 to 15.0</h2> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1.1 Checkout source code SW360 to Tag Version 15 +</span></span><span style="display:flex;"><span>1.2 Version of libraries +</span></span><span style="display:flex;"><span>1.3 Migrate database +</span></span><span style="display:flex;"><span>1.4 Build and deploy Sw360 Version 15.0 +</span></span></code></pre></div><h3 id="11-checkout-source-code-sw360-to-tag-version-15">1.1 Checkout source code SW360 to Tag Version 15</h3> +<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> +<ul> +<li> +<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work/sw360</code></p> +</li> +<li> +<p>Source code sw360 is in master branch with commit version 14.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 15 on the master branch of SW360</p> +</li> +<li> +<p>Checkout to tag Version 15.0.0</p> +<ul> +<li><code>$ git checkout . </code></li> +<li><code>$ git checkout sw360-15.0.0-M1</code></li> +</ul> +</li> +</ul> +<h3 id="12-version-of-libraries">1.2 Version of libraries</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.3.4</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.33</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.14.0</td> +</tr> +<tr> +<td style="text-align:left">SW360</td> +<td style="text-align:center">14.0.0</td> +</tr> +</tbody> +</table> +<h3 id="13-migrate-database">1.3 Migrate database</h3> +<ul> +<li>Check migrate scripts from 14.0 to 15.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></li> +</ul> +<ul> +<li>There is no migrate script, skip this step.</li> +</ul> +<h3 id="14-build-and-deploy-sw360-version-150">1.4 Build and deploy SW360 Version 15.0</h3> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +<li> +<p>Stop SW360 version 14.0, ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh</code></li> +</ul> +</li> +</ul> +<h2 id="2-compile-and-deploy">2. Compile and deploy</h2> +<ul> +<li> +<p>Start couchdb</p> +<ul> +<li><code>$ sudo service couchdb start</code></li> +</ul> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ cd /home/user/work/sw360</code></li> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +</ul> +<ol> +<li> +<p>To clean everything and install without running the tests</p> +<ul> +<li><code>$ mvn clean install -DskipTests </code></li> +</ul> +</li> +<li> +<p>For deployment run the command</p> +<ul> +<li><code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests</code></li> +</ul> +</li> +</ol> +<h3 id="21-start-and-configure-liferay">2.1 Start and Configure Liferay</h3> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> +</ul> +</li> +<li> +<p>Url SW360 : <code>https://localhost:8080</code></p> +</li> +</ul> +<h3 id="22-configure-liferay-portal">2.2 Configure Liferay Portal</h3> +<ul> +<li>Can follow the steps in the following link <a href="https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3">https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3</a> or follow these steps:</li> +</ul> +<ul> +<li>Import users +<ol> +<li>Open the panel on the left side by clicking the button on the top left.</li> +<li>Click on <code>SW360</code> on the top right to go to the homepage.</li> +<li>Click on <code>Start</code> inside the &ldquo;Welcome&rdquo; section.</li> +<li>Go to <code>Admin</code> -&gt; <code>User</code> (URL: <code>/group/guest/users</code>).</li> +<li>Scroll down to section <code>UPLOAD USERS</code>, select a user file from the very +beginning and click <code>Upload Users</code> on the right side. <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">A user file can be found here in the sw360vagrant project</a> +* Download: <code>$ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv</code></li> +</ol> +</li> +</ul>Docs: Upgrade Sw360 from 15.0 to 16.0https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/ +<h1 id="upgrade-sw360-version-160">Upgrade SW360 version 16.0</h1> +<h2 id="1-upgrade-sw360-from-150-to-160">1. Upgrade sw360 from 15.0 to 16.0</h2> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1.1 Checkout source code SW360 to Tag Version 16 +</span></span><span style="display:flex;"><span>1.2 Version of libraries +</span></span><span style="display:flex;"><span>1.3 Migrate database +</span></span><span style="display:flex;"><span>1.4 Build and deploy Sw360 Version 16 +</span></span><span style="display:flex;"><span>1.5 Start and Configure Liferay +</span></span></code></pre></div><h3 id="11-create-folder-contains-source-code-sw360-to-tag-version-16">1.1 Create Folder contains source code SW360 to Tag Version 16</h3> +<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> +<ul> +<li> +<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work15to16/sw360</code></p> +</li> +<li> +<p>Source code sw360 is in main branch with commit version 14.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 16 on the main branch of SW360</p> +</li> +<li> +<p>Checkout to tag Version 16.0.0 or checkout commit &ldquo;d15db4a1b07112fff126016103c1a8d8dd03c230&rdquo;</p> +<ul> +<li><code>$ git checkout d15db4a1b07112fff126016103c1a8d8dd03c230 </code> or <code>$ git checkout sw360-16.0.0-M1</code></li> +</ul> +</li> +<li> +<p>Upgrade Thrift from 0.14.0 to 0.16.0</p> +<ul> +<li>Move to folder sw360 with path <code>/home/user/work15to16/sw360</code></li> +</ul> +<p>Run command line:</p> +<p>Uninstall thrift version 0.14.0</p> +<ul> +<li><code>./scripts/install-thrift.sh --uninstall</code></li> +</ul> +<p>Install thrift version 0.16.0</p> +<ul> +<li><code>./scripts/install-thrift.sh</code></li> +</ul> +<p>Check version thrift</p> +<ul> +<li><code>thrift --version</code></li> +</ul> +</li> +<li> +<p>Update Dependency for SW360 version 16</p> +<p>Download dependency:</p> +<ul> +<li><code>wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.7/commons-io-2.7.jar -O commons-io-2.7.jar</code></li> +<li><code>wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.9/gson-2.8.9.jar -O gson-2.8.9.jar</code></li> +<li><code>wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar -O guava-31.0.1-jre.jar</code></li> +<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.13.2/jackson-annotations-2.13.2.jar -O jackson-annotations-2.13.2.jar</code></li> +<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.13.2/jackson-core-2.13.2.jar -O jackson-core-2.13.2.jar</code></li> +<li><code>wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.13.2.2/jackson-databind-2.13.2.2.jar -O jackson-databind-2.13.2.2.jar</code></li> +<li><code>wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -O libthrift-0.16.0.jar</code></li> +</ul> +<p>Move dependency to folder <code>/opt/liferay-ce-portal-7.3.4-ga5/deploy</code></p> +</li> +</ul> +<h3 id="12-version-of-libraries">1.2 Version of libraries</h3> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.3.4</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.33</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.16.0</td> +</tr> +</tbody> +</table> +<h3 id="13-migrate-database">1.3 Migrate database</h3> +<ul> +<li> +<p>Check migrate scripts from 15.0 to 16.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> +</li> +<li> +<p>3 file migration:</p> +</li> +</ul> +<ul> +<li> +<p><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/048_add_component_businessunit.py</code></p> +</li> +<li> +<p><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/049_migrate_admin_obligation.py</code></p> +</li> +<li> +<p><code>https://github.com/eclipse/sw360/blob/main/scripts/utilities/003_update_project_field_value_couchdb_2_x.py</code></p> +<p>Install enviroment for python 2.7</p> +<ul> +<li><code>$ sudo apt-add-repository universe</code></li> +<li><code>$ sudo apt update</code></li> +<li><code>$ sudo apt install python2-minimal</code></li> +</ul> +<p>Check version</p> +<ul> +<li><code>$ python2 --version</code></li> +</ul> +<p>Install pip for python 2.7 +-<code>curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py</code> +-<code>sudo python2 get-pip.py --proxy=http://username:password@hostname</code> +-<code>pip --version</code></p> +<p>Import package couchdb +-<code>pip install --proxy=http://username:password@hostname couchdb</code></p> +<p>How to run migration data</p> +<ol> +<li> +<p>stop SW360 (i.e. the tomcat)</p> +<ul> +<li>Set Environment for <code>${LIFERAY_INSTALL}</code></li> +</ul> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +<ul> +<li>Stop SW360 version 15.0, ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</li> +</ul> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh</code></li> +</ul> +</li> +<li> +<p>ensure that couchdb is accessible (try to open http://localhost:5984/_utils/)</p> +</li> +<li> +<p>run the migration scripts (i.e. for each script call python2 /PATH/TO/00?_some_migration_script.py) +be aware that some scripts are using an internal dry-run switch which you have to change manually in the script&rsquo;s code.</p> +<p>3.1 move to folder with path <code>/home/user/work15to16/sw360/scripts/migrations</code></p> +<p>Run command:</p> +<ul> +<li><code>python2 048_add_component_businessunit.py</code></li> +<li><code>python2 049_migrate_admin_obligation.py</code></li> +</ul> +<p>Check data change in file log:</p> +<ul> +<li>048_add_component_businessunit.log</li> +<li>049_migrate_admin_obligation.log</li> +</ul> +<p>3.2 move to folder with path <code>/home/user/work15to16/sw360/scripts/utilities</code></p> +<ul> +<li><code>python2 003_update_project_field_value_couchdb_2_x.py</code></li> +</ul> +<p>Check data change in file log:</p> +<ul> +<li>003_update_project_field_value_couchdb_2_x.log</li> +</ul> +</li> +</ol> +</li> +</ul> +<h3 id="14-compile-and-deploy">1.4. Compile and deploy</h3> +<ul> +<li>Set Environment for <code>${LIFERAY_INSTALL}</code> +- <code>$ cd /home/user/work/sw360</code> +- <code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +<pre><code>To clean everything and install without running the tests - `mvn clean install -DskipTests ` - -For deployment run the command +For deployment run the command - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests` -</code></pre> -<h3 id="15-start-and-configure-liferay">1.5 Start and Configure Liferay</h3> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> -<ul> -<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> -</ul> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> -</ul> -</li> -<li> -<p>Url SW360 : <code>https://localhost:8080</code></p> -</li> -</ul> - - - - - - Docs: Upgrade SW360 from 16.0 to 17.0 - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/ - - - - <p><a href="#ref1">Checkout source code SW360 to Tag Version 17</a></p> -<p><a href="#ref2">Version of libraries</a></p> -<p><a href="#ref3">Migrate Database</a></p> -<p><a href="#ref4">Build and deploy SW360 Version 17</a></p> -<p><a href="#ref5">Start and Configure Liferay</a></p> -<h2 id="ref1">Prepare source code to use release 17</h2> -<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> -<ul> -<li> -<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work16to17/sw360</code></p> -</li> -<li> -<p>Source code sw360 is in main branch with commit version 16.0.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 16 on the main branch of SW360</p> -</li> -<li> -<p>Checkout to tag Version 17.0.0</p> -<ul> -<li><code>$ git checkout 6c1aeacea3b0c5f37dc1752b5409cce1433e40c2</code></li> -</ul> -</li> -<li> -<p>Check version thrift</p> -<ul> -<li><code>thrift --version</code></li> -</ul> -</li> -<li> -<p>If thrift version 0.14.0 then upgrade Thrift from 0.14.0 to 0.16.0</p> -<ul> -<li> -<p>Move to folder sw360 with path <code>/home/user/work16to17/sw360</code></p> -<p>To uninstall thrift version 0.14.0:</p> -<ul> -<li><code>./scripts/install-thrift.sh --uninstall</code></li> -</ul> -<p>To install thrift version 0.16.0</p> -<ul> -<li><code>./scripts/install-thrift.sh</code></li> -</ul> -</li> -</ul> -</li> -<li> -<p>Download Liferay Portal CE 7.4.3.18 GA18</p> -<ul> -<li> -<p><code>$ cd work16to17</code></p> -</li> -<li> -<p><code>$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></p> -</li> -</ul> -</li> -<li> -<p>Extract downloaded file</p> -<ul> -<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> -</ul> -</li> -<li> -<p>Copy file <code>portal-ext.properties</code> from <code>liferay-ce-portal-7.3.4-ga5</code> folder to <code>liferay-ce-portal-7.4.3.18-ga18</code> folder</p> -</li> -<li> -<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic</code></p> -<p><code>$ rm -rf /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*</code></p> -</li> -<li> -<p>Copy all file <code>liferay-ce-portal-7.3.4-ga5/osgi/configs</code> folder to <code>liferay-ce-portal-7.4.3.18-ga18/osgi/configs</code> folder</p> -</li> -</ul> -<h2 id="liferay-database-migration">Liferay Database Migration</h2> -<ul> -<li> -<p>Go to <code>liferay-ce-portal-7.4.3.18-ga18/tools/portal-tools-db-upgrade-client</code> folder</p> -</li> -<li> -<p>Edit <code>app-server.properties</code> to add the following parameters:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> dir={LIFERAY_PATH_7.4}/tomcat-9.0.56 -</span></span><span style="display:flex;"><span> extra.lib.dirs=/bin -</span></span><span style="display:flex;"><span> global.lib.dir=/lib -</span></span><span style="display:flex;"><span> portal.dir=/webapps/ROOT -</span></span><span style="display:flex;"><span> server.detector.server.id=tomcat -</span></span></code></pre></div><ul> -<li>Edit <code>portal-upgrade-database.properties</code> to add the following parameters:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> jdbc.default.driverClassName=org.postgresql.Driver -</span></span><span style="display:flex;"><span> jdbc.default.url=jdbc:postgresql://{POSTGRE_HOST}:5432/lportal -</span></span><span style="display:flex;"><span> jdbc.default.username={POSTGRES_USER} -</span></span><span style="display:flex;"><span> jdbc.default.password={POSTGRES_PASSWORD} -</span></span></code></pre></div><ul> -<li>Edit <code>portal-upgrade-ext.properties</code> to add the following parameter:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> liferay.home={LIFERAY_PATH_7.4} -</span></span></code></pre></div><ul> -<li>Finally, you can run the script with the following command:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>$ ./db_upgrade.sh -j &#34;-Xmx8000m -Dfile.encoding=UTF-8 -Duser.timezone=GMT&#34; -</span></span></code></pre></div><ul> -<li> -<p>Move folder <code>liferay-ce-portal-7.4.3.18-ga18</code> to <code>/opt</code></p> -<p><code>$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt</code></p> -</li> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> -<p><code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> -</li> -<li> -<p>Move folder <code>/home/user/work16to17/sw360</code> run command</p> -<p><code>$ mvn clean install -DskipTests</code></p> -</li> -<li> -<p>After run command &ldquo;mvn clean install -DskipTests&rdquo; above, copy dependency in folder <code>/home/user/work16to17/sw360/deploy/jars</code> to <code>${LIFERAY_INSTALL_7_4}/deploy</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> /home/user/work16to17/sw360/deploy/jars -</span></span><span style="display:flex;"><span> $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/deploy/ -</span></span></code></pre></div></li> -<li> -<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360 or can reuse 7.3.4&rsquo;s setenv.sh.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ sudo rm -rf <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/setenv.sh -</span></span><span style="display:flex;"><span> $ sudo cp /home/user/work16to17/sw360/frontend/configuration/setenv.sh <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/ -</span></span></code></pre></div></li> -</ul> -<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> -<ul> -<li> -<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> -</li> -<li> -<p>Run command download Couchdb Lucene</p> -<ul> -<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Note extract couchdb-lucene to folder <code>work</code> with path of work: <code>/home/user/work</code></p> -<ul> -<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> -</ul> -</li> -<li> -<p>Run command:</p> -<ul> -<li><code>cd couchdb-lucene-2.1.0</code></li> -<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> -<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> -<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> -<li><code>mvn clean install war:war</code></li> -<li><code>sudo cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war</code></li> -</ul> -</li> -</ul> -<h2 id="ref2">Version of libraries</h2> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.4.3</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.56</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.16.0</td> -</tr> -</tbody> -</table> -<ul> -<li>To check couchdb version: run <code>curl http://localhost_or_yourcouchdbserver:5984 | json_pp</code></li> -</ul> -<h2 id="ref3">Migrate database</h2> -<ul> -<li> -<p>Check migrate scripts from 16.0 to 17.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> -</li> -<li> -<p>File migration:</p> -<ul> -<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/050_cleanup_eccinformation_duplicate_attributes.py</code></li> -<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/051_change_eccStatus.py</code></li> -<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/052_migrate_clearing_request_status.py</code></li> -<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/053_remove_whitespace_component_name.py</code></li> -</ul> -</li> -<li> -<p>Install pip for python 3</p> -<p>if there is no proxy, skip option <code>--proxy=http://username:password@hostname:port</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ sudo apt update -</span></span><span style="display:flex;"><span> $ sudo apt install python3-pip -</span></span></code></pre></div></li> -<li> -<p>Import package couchdb -<code>pip3 install --proxy=http://username:password@hostname:port couchdb</code></p> -<p>How to run migration data</p> -<ol> -<li> -<p>stop SW360 (i.e. the tomcat)</p> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> -<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> -</li> -<li> -<p>Stop SW360 version 16.0 with path <code>LIFERAY_INSTALL_7_3= /opt/liferay-ce-portal-7.3.4-ga5</code> -<code>$ ${LIFERAY_INSTALL_7_3}/tomcat-9.0.33/bin/shutdown.sh</code></p> -</li> -</ul> -</li> -<li> -<p>Ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</p> -</li> -<li> -<p>run the migration scripts (i.e. for each script call python3 /PATH/TO/00?_some_migration_script.py) -be aware that some scripts are using an internal dry-run switch which you have to change manually in the script&rsquo;s code.</p> -<ul> -<li> -<p>Move to folder with path <code>/home/user/work16to17/sw360/scripts/migrations</code></p> -</li> -<li> -<p>Edit file migration to add the following parameters:</p> -<pre><code> ``` - DRY_RUN = False - # set admin name and password for couchdb3 - DB_USER_NAME = 'admin' - DB_USER_PASSWORD = 'password' - # set credentials for couchdb3 - couch.resource.credentials=(DB_USER_NAME, DB_USER_PASSWORD) - ``` -</code></pre> -</li> -<li> -<p>Need to update 052 for python script</p> -<ul> -<li>Python 2.x code with Python 3.x. In Python 2, print is a statement and can be used without parentheses. However, in Python 3, print is a function and therefore always requires parentheses.</li> -</ul> -</li> -</ul> -<ul> -<li> -<p>Install library <code>pandas</code> of python.</p> -<ul> -<li><code>$ pip3 install pandas </code></li> -</ul> -</li> -<li> -<p>Run command:</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ python3 050_cleanup_eccinformation_duplicate_attributes.py -</span></span><span style="display:flex;"><span> $ python3 051_change_eccStatus.py -</span></span><span style="display:flex;"><span> $ python3 052_migrate_clearing_request_status.py -</span></span><span style="display:flex;"><span> $ python3 053_remove_whitespace_component_name.py -</span></span></code></pre></div><p>Check data change in file log:</p> -<pre><code>* 050_cleanup_eccinformation_duplicate_attributes.py.log +</code></pre> +<h3 id="15-start-and-configure-liferay">1.5 Start and Configure Liferay</h3> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL}</code></p> +<ul> +<li><code>$ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5</code></li> +</ul> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*</code></li> +</ul> +</li> +<li> +<p>Url SW360 : <code>https://localhost:8080</code></p> +</li> +</ul>Docs: Upgrade SW360 from 16.0 to 17.0https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/ +<p><a href="#ref1">Checkout source code SW360 to Tag Version 17</a></p> +<p><a href="#ref2">Version of libraries</a></p> +<p><a href="#ref3">Migrate Database</a></p> +<p><a href="#ref4">Build and deploy SW360 Version 17</a></p> +<p><a href="#ref5">Start and Configure Liferay</a></p> +<h2 id="ref1">Prepare source code to use release 17</h2> +<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> +<ul> +<li> +<p>Path <code>SW360_REPOSITORY</code> = <code>/home/user/work16to17/sw360</code></p> +</li> +<li> +<p>Source code sw360 is in main branch with commit version 16.0.0 . User into <code>${SW360_REPOSITORY}</code> use git checkout to tag version 16 on the main branch of SW360</p> +</li> +<li> +<p>Checkout to tag Version 17.0.0</p> +<ul> +<li><code>$ git checkout 6c1aeacea3b0c5f37dc1752b5409cce1433e40c2</code></li> +</ul> +</li> +<li> +<p>Check version thrift</p> +<ul> +<li><code>thrift --version</code></li> +</ul> +</li> +<li> +<p>If thrift version 0.14.0 then upgrade Thrift from 0.14.0 to 0.16.0</p> +<ul> +<li> +<p>Move to folder sw360 with path <code>/home/user/work16to17/sw360</code></p> +<p>To uninstall thrift version 0.14.0:</p> +<ul> +<li><code>./scripts/install-thrift.sh --uninstall</code></li> +</ul> +<p>To install thrift version 0.16.0</p> +<ul> +<li><code>./scripts/install-thrift.sh</code></li> +</ul> +</li> +</ul> +</li> +<li> +<p>Download Liferay Portal CE 7.4.3.18 GA18</p> +<ul> +<li> +<p><code>$ cd work16to17</code></p> +</li> +<li> +<p><code>$ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></p> +</li> +</ul> +</li> +<li> +<p>Extract downloaded file</p> +<ul> +<li><code>$ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz</code></li> +</ul> +</li> +<li> +<p>Copy file <code>portal-ext.properties</code> from <code>liferay-ce-portal-7.3.4-ga5</code> folder to <code>liferay-ce-portal-7.4.3.18-ga18</code> folder</p> +</li> +<li> +<p>Remove files in folder <code>hypersonic</code> with path: <code>/home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic</code></p> +<p><code>$ rm -rf /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*</code></p> +</li> +<li> +<p>Copy all file <code>liferay-ce-portal-7.3.4-ga5/osgi/configs</code> folder to <code>liferay-ce-portal-7.4.3.18-ga18/osgi/configs</code> folder</p> +</li> +</ul> +<h2 id="liferay-database-migration">Liferay Database Migration</h2> +<ul> +<li> +<p>Go to <code>liferay-ce-portal-7.4.3.18-ga18/tools/portal-tools-db-upgrade-client</code> folder</p> +</li> +<li> +<p>Edit <code>app-server.properties</code> to add the following parameters:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> dir={LIFERAY_PATH_7.4}/tomcat-9.0.56 +</span></span><span style="display:flex;"><span> extra.lib.dirs=/bin +</span></span><span style="display:flex;"><span> global.lib.dir=/lib +</span></span><span style="display:flex;"><span> portal.dir=/webapps/ROOT +</span></span><span style="display:flex;"><span> server.detector.server.id=tomcat +</span></span></code></pre></div><ul> +<li>Edit <code>portal-upgrade-database.properties</code> to add the following parameters:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> jdbc.default.driverClassName=org.postgresql.Driver +</span></span><span style="display:flex;"><span> jdbc.default.url=jdbc:postgresql://{POSTGRE_HOST}:5432/lportal +</span></span><span style="display:flex;"><span> jdbc.default.username={POSTGRES_USER} +</span></span><span style="display:flex;"><span> jdbc.default.password={POSTGRES_PASSWORD} +</span></span></code></pre></div><ul> +<li>Edit <code>portal-upgrade-ext.properties</code> to add the following parameter:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> liferay.home={LIFERAY_PATH_7.4} +</span></span></code></pre></div><ul> +<li>Finally, you can run the script with the following command:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>$ ./db_upgrade.sh -j &#34;-Xmx8000m -Dfile.encoding=UTF-8 -Duser.timezone=GMT&#34; +</span></span></code></pre></div><ul> +<li> +<p>Move folder <code>liferay-ce-portal-7.4.3.18-ga18</code> to <code>/opt</code></p> +<p><code>$ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt</code></p> +</li> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> +<p><code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> +</li> +<li> +<p>Move folder <code>/home/user/work16to17/sw360</code> run command</p> +<p><code>$ mvn clean install -DskipTests</code></p> +</li> +<li> +<p>After run command &ldquo;mvn clean install -DskipTests&rdquo; above, copy dependency in folder <code>/home/user/work16to17/sw360/deploy/jars</code> to <code>${LIFERAY_INSTALL_7_4}/deploy</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> /home/user/work16to17/sw360/deploy/jars +</span></span><span style="display:flex;"><span> $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/deploy/ +</span></span></code></pre></div></li> +<li> +<p>We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360 or can reuse 7.3.4&rsquo;s setenv.sh.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ sudo rm -rf <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/setenv.sh +</span></span><span style="display:flex;"><span> $ sudo cp /home/user/work16to17/sw360/frontend/configuration/setenv.sh <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/ +</span></span></code></pre></div></li> +</ul> +<h2 id="install-couchdb-lucene">Install Couchdb Lucene</h2> +<ul> +<li> +<p>SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene</p> +</li> +<li> +<p>Run command download Couchdb Lucene</p> +<ul> +<li><code>wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Note extract couchdb-lucene to folder <code>work</code> with path of work: <code>/home/user/work</code></p> +<ul> +<li><code>tar -xzf couchdb-lucene.tar.gz</code></li> +</ul> +</li> +<li> +<p>Run command:</p> +<ul> +<li><code>cd couchdb-lucene-2.1.0</code></li> +<li><code>sed -i &quot;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>sed -i &quot;s/localhost:5984/admin:password@localhost:5984/&quot; ./src/main/resources/couchdb-lucene.ini </code></li> +<li><code>wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch </code></li> +<li><code>patch -p1 &lt; couchdb-lucene.patch </code></li> +<li><code>mvn clean install war:war</code></li> +<li><code>sudo cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war</code></li> +</ul> +</li> +</ul> +<h2 id="ref2">Version of libraries</h2> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.4.3</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.56</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.16.0</td> +</tr> +</tbody> +</table> +<ul> +<li>To check couchdb version: run <code>curl http://localhost_or_yourcouchdbserver:5984 | json_pp</code></li> +</ul> +<h2 id="ref3">Migrate database</h2> +<ul> +<li> +<p>Check migrate scripts from 16.0 to 17.0 by <a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> +</li> +<li> +<p>File migration:</p> +<ul> +<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/050_cleanup_eccinformation_duplicate_attributes.py</code></li> +<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/051_change_eccStatus.py</code></li> +<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/052_migrate_clearing_request_status.py</code></li> +<li><code>https://github.com/eclipse/sw360/blob/main/scripts/migrations/053_remove_whitespace_component_name.py</code></li> +</ul> +</li> +<li> +<p>Install pip for python 3</p> +<p>if there is no proxy, skip option <code>--proxy=http://username:password@hostname:port</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ sudo apt update +</span></span><span style="display:flex;"><span> $ sudo apt install python3-pip +</span></span></code></pre></div></li> +<li> +<p>Import package couchdb +<code>pip3 install --proxy=http://username:password@hostname:port couchdb</code></p> +<p>How to run migration data</p> +<ol> +<li> +<p>stop SW360 (i.e. the tomcat)</p> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> +<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> +</li> +<li> +<p>Stop SW360 version 16.0 with path <code>LIFERAY_INSTALL_7_3= /opt/liferay-ce-portal-7.3.4-ga5</code> +<code>$ ${LIFERAY_INSTALL_7_3}/tomcat-9.0.33/bin/shutdown.sh</code></p> +</li> +</ul> +</li> +<li> +<p>Ensure that couchdb is accessible (try to open <code>http://localhost:5984/_utils/</code>)</p> +</li> +<li> +<p>run the migration scripts (i.e. for each script call python3 /PATH/TO/00?_some_migration_script.py) +be aware that some scripts are using an internal dry-run switch which you have to change manually in the script&rsquo;s code.</p> +<ul> +<li> +<p>Move to folder with path <code>/home/user/work16to17/sw360/scripts/migrations</code></p> +</li> +<li> +<p>Edit file migration to add the following parameters:</p> +<pre><code> ``` +DRY_RUN = False +# set admin name and password for couchdb3 +DB_USER_NAME = 'admin' +DB_USER_PASSWORD = 'password' +# set credentials for couchdb3 +couch.resource.credentials=(DB_USER_NAME, DB_USER_PASSWORD) +``` +</code></pre> +</li> +<li> +<p>Need to update 052 for python script</p> +<ul> +<li>Python 2.x code with Python 3.x. In Python 2, print is a statement and can be used without parentheses. However, in Python 3, print is a function and therefore always requires parentheses.</li> +</ul> +</li> +</ul> +<ul> +<li> +<p>Install library <code>pandas</code> of python.</p> +<ul> +<li><code>$ pip3 install pandas </code></li> +</ul> +</li> +<li> +<p>Run command:</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span> $ python3 050_cleanup_eccinformation_duplicate_attributes.py +</span></span><span style="display:flex;"><span> $ python3 051_change_eccStatus.py +</span></span><span style="display:flex;"><span> $ python3 052_migrate_clearing_request_status.py +</span></span><span style="display:flex;"><span> $ python3 053_remove_whitespace_component_name.py +</span></span></code></pre></div><p>Check data change in file log:</p> +<pre><code>* 050_cleanup_eccinformation_duplicate_attributes.py.log * 051_change_eccStatus.py.log * 052_migrate_clearing_request_status.log * 053_remove_whitespace_component_name.log -</code></pre> -</li> -</ol> -</li> -</ul> -<h2 id="ref4">Compile and deploy</h2> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> -<code>$ cd /home/user/work16to17/sw360</code> -<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> -<p>To clean everything and install without running the tests -<code>mvn clean install -DskipTests</code></p> -</li> -<li> -<p>For deployment run the command -<code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true </code></p> -</li> -</ul> -<h2 id="ref5">Start and Configure Liferay</h2> -<ul> -<li> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> -<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> -</li> -<li> -<p>Start liferay</p> -<ul> -<li><code>$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh</code></li> -</ul> -</li> -<li> -<p>Log</p> -<ul> -<li><code>$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/*</code></li> -</ul> -</li> -<li> -<p>Url SW360 : <code>https://localhost:8080</code></p> -</li> -</ul> -<h3 id="re-indexing-search-indexes-is-required-for-major-version-upgrades-heres-how-to-re-index">Re-indexing search indexes is required for major version upgrades. Here’s how to re-index:</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears. -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done. -</span></span></code></pre></div> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/ReIndexSearch.png"/> -</figure> - -<h3 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h3> -<ul> -<li><code>You need over-import *.lar files to the portet can show the sw360 icons/images</code></li> -</ul> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> -</figure> - -<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> -</figure> - - - - - - - Docs: Upgrade SW360 from 17.00 to 18.1.0 - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/ - - - - <p><a href="#ref1">Version of libraries</a></p> -<p><a href="#ref2">Checkout source code SW360 to Tag Version 18.1.0</a></p> -<p><a href="#ref3">Config Couchdb Lucene</a></p> -<p><a href="#ref4">Build and deploy</a></p> -<p><a href="#ref5">Start and Configure Liferay</a></p> -<p><a href="#ref6">Setup SW360 for Liferay: Import *.lar Files</a></p> -<h2 id="ref1">Version of libraries</h2> -<table> -<thead> -<tr> -<th style="text-align:left">Package Name</th> -<th style="text-align:center">Version</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">Liferay</td> -<td style="text-align:center">7.4.3</td> -</tr> -<tr> -<td style="text-align:left">Tomcat</td> -<td style="text-align:center">9.0.56</td> -</tr> -<tr> -<td style="text-align:left">Couchdb</td> -<td style="text-align:center">3.2.2</td> -</tr> -<tr> -<td style="text-align:left">Open JDK</td> -<td style="text-align:center">11.0.15</td> -</tr> -<tr> -<td style="text-align:left">Thrift</td> -<td style="text-align:center">0.16.0</td> -</tr> -</tbody> -</table> -<p>To check couchdb version: run <code>curl http://localhost_or_yourcouchdbserver:5984 | json_pp</code></p> -<h2 id="ref2">Prepare source code to use release 18.1.0</h2> -<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> -<p>Create folder to store new source code of version 18.1.0:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mkdir /home/user/work17to18 -</span></span></code></pre></div><p>Clone source code from github:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git -</span></span></code></pre></div><p>Checkout to tag Version 18.1.0</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git checkout sw360-18.1.0-M1 -</span></span></code></pre></div><p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18 -</span></span></code></pre></div><p>Move folder <code>/home/user/work17to18/sw360</code> run command</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean install -DskipTests -</span></span></code></pre></div><p>Copy dependencies from folder <strong>/home/user/work17to18/sw360/deploy/jars</strong> to <strong>${LIFERAY_INSTALL_7_4}/osgi/modules</strong></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360/utils/jars -</span></span><span style="display:flex;"><span>$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/ -</span></span></code></pre></div><h2 id="ref3">Config Couchdb Lucene</h2> -<p>Run following commands to config Couchdb Lucene (remember to replace <strong>COUCHDB_USER</strong> and <strong>COUCHDB_PASSWORD</strong> by username and password of couchdb):</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360/third-party/couchdb-lucene/ -</span></span><span style="display:flex;"><span>$ sed -i <span style="color:#c30">&#34;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&#34;</span> ./src/main/resources/couchdb-lucene.ini -</span></span><span style="display:flex;"><span>$ sed -i <span style="color:#c30">&#34;s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/&#34;</span> ./src/main/resources/couchdb-lucene.ini -</span></span><span style="display:flex;"><span>$ mvn clean install war:war -</span></span><span style="display:flex;"><span>$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war -</span></span></code></pre></div><h2 id="ref4">Build and deploy</h2> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360 -</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18 -</span></span></code></pre></div><p>To clean everything and install without running the tests</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean install -DskipTests -</span></span></code></pre></div><p>For deployment run the command</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/deploy -Dbackend.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/webapps -Drest.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/webapps -Dtest<span style="color:#555">=</span>org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests<span style="color:#555">=</span><span style="color:#366">false</span> -DRunRestIntegrationTest<span style="color:#555">=</span><span style="color:#366">true</span> -</span></span></code></pre></div><h2 id="ref5">Start and Configure Liferay</h2> -<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18<span style="color:#c30">`</span> -</span></span></code></pre></div><p>Start liferay</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/startup.sh -</span></span></code></pre></div><p>Log</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ tail -f <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/logs/catalina.out -</span></span></code></pre></div><p>SW360 url : <a href="https://localhost:8080">https://localhost:8080</a></p> -<h2 id="ref6">Setup SW360 for Liferay: Import *.lar Files</h2> -<p><strong>You need over-import lar files to the portet can show the sw360 icons/images</strong></p> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> -</figure> - -<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> -</figure> - - - - - - - +</code></pre> +</li> +</ol> +</li> +</ul> +<h2 id="ref4">Compile and deploy</h2> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> +<code>$ cd /home/user/work16to17/sw360</code> +<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> +<p>To clean everything and install without running the tests +<code>mvn clean install -DskipTests</code></p> +</li> +<li> +<p>For deployment run the command +<code>mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true </code></p> +</li> +</ul> +<h2 id="ref5">Start and Configure Liferay</h2> +<ul> +<li> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code> +<code>$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18</code></p> +</li> +<li> +<p>Start liferay</p> +<ul> +<li><code>$ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh</code></li> +</ul> +</li> +<li> +<p>Log</p> +<ul> +<li><code>$ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/*</code></li> +</ul> +</li> +<li> +<p>Url SW360 : <code>https://localhost:8080</code></p> +</li> +</ul> +<h3 id="re-indexing-search-indexes-is-required-for-major-version-upgrades-heres-how-to-re-index">Re-indexing search indexes is required for major version upgrades. Here’s how to re-index:</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears. +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done. +</span></span></code></pre></div> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/ReIndexSearch.png"/> +</figure> +<h3 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h3> +<ul> +<li><code>You need over-import *.lar files to the portet can show the sw360 icons/images</code></li> +</ul> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> +</figure> +<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> +</figure>Docs: Upgrade SW360 from 17.00 to 18.1.0https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/ +<p><a href="#ref1">Version of libraries</a></p> +<p><a href="#ref2">Checkout source code SW360 to Tag Version 18.1.0</a></p> +<p><a href="#ref3">Config Couchdb Lucene</a></p> +<p><a href="#ref4">Build and deploy</a></p> +<p><a href="#ref5">Start and Configure Liferay</a></p> +<p><a href="#ref6">Setup SW360 for Liferay: Import *.lar Files</a></p> +<h2 id="ref1">Version of libraries</h2> +<table> +<thead> +<tr> +<th style="text-align:left">Package Name</th> +<th style="text-align:center">Version</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">Liferay</td> +<td style="text-align:center">7.4.3</td> +</tr> +<tr> +<td style="text-align:left">Tomcat</td> +<td style="text-align:center">9.0.56</td> +</tr> +<tr> +<td style="text-align:left">Couchdb</td> +<td style="text-align:center">3.2.2</td> +</tr> +<tr> +<td style="text-align:left">Open JDK</td> +<td style="text-align:center">11.0.15</td> +</tr> +<tr> +<td style="text-align:left">Thrift</td> +<td style="text-align:center">0.16.0</td> +</tr> +</tbody> +</table> +<p>To check couchdb version: run <code>curl http://localhost_or_yourcouchdbserver:5984 | json_pp</code></p> +<h2 id="ref2">Prepare source code to use release 18.1.0</h2> +<p>Link contains source: <a href="https://github.com/eclipse/sw360.git">https://github.com/eclipse/sw360.git</a></p> +<p>Create folder to store new source code of version 18.1.0:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mkdir /home/user/work17to18 +</span></span></code></pre></div><p>Clone source code from github:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git +</span></span></code></pre></div><p>Checkout to tag Version 18.1.0</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ git checkout sw360-18.1.0-M1 +</span></span></code></pre></div><p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18 +</span></span></code></pre></div><p>Move folder <code>/home/user/work17to18/sw360</code> run command</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean install -DskipTests +</span></span></code></pre></div><p>Copy dependencies from folder <strong>/home/user/work17to18/sw360/deploy/jars</strong> to <strong>${LIFERAY_INSTALL_7_4}/osgi/modules</strong></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360/utils/jars +</span></span><span style="display:flex;"><span>$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/ +</span></span></code></pre></div><h2 id="ref3">Config Couchdb Lucene</h2> +<p>Run following commands to config Couchdb Lucene (remember to replace <strong>COUCHDB_USER</strong> and <strong>COUCHDB_PASSWORD</strong> by username and password of couchdb):</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360/third-party/couchdb-lucene/ +</span></span><span style="display:flex;"><span>$ sed -i <span style="color:#c30">&#34;s/allowLeadingWildcard=false/allowLeadingWildcard=true/&#34;</span> ./src/main/resources/couchdb-lucene.ini +</span></span><span style="display:flex;"><span>$ sed -i <span style="color:#c30">&#34;s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/&#34;</span> ./src/main/resources/couchdb-lucene.ini +</span></span><span style="display:flex;"><span>$ mvn clean install war:war +</span></span><span style="display:flex;"><span>$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war +</span></span></code></pre></div><h2 id="ref4">Build and deploy</h2> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /home/user/work17to18/sw360 +</span></span><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18 +</span></span></code></pre></div><p>To clean everything and install without running the tests</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn clean install -DskipTests +</span></span></code></pre></div><p>For deployment run the command</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ mvn package -P deploy -Dbase.deploy.dir<span style="color:#555">=</span>. -Dliferay.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/deploy -Dbackend.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/webapps -Drest.deploy.dir<span style="color:#555">=</span><span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/webapps -Dtest<span style="color:#555">=</span>org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests<span style="color:#555">=</span><span style="color:#366">false</span> -DRunRestIntegrationTest<span style="color:#555">=</span><span style="color:#366">true</span> +</span></span></code></pre></div><h2 id="ref5">Start and Configure Liferay</h2> +<p>Set Environment for <code>${LIFERAY_INSTALL_7_4}</code></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#366">export</span> <span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#555">=</span>/opt/liferay-ce-portal-7.4.3.18-ga18<span style="color:#c30">`</span> +</span></span></code></pre></div><p>Start liferay</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/bin/startup.sh +</span></span></code></pre></div><p>Log</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span>$ tail -f <span style="color:#a00">${</span><span style="color:#033">LIFERAY_INSTALL_7_4</span><span style="color:#a00">}</span>/tomcat-9.0.56/logs/catalina.out +</span></span></code></pre></div><p>SW360 url : <a href="https://localhost:8080">https://localhost:8080</a></p> +<h2 id="ref6">Setup SW360 for Liferay: Import *.lar Files</h2> +<p><strong>You need over-import lar files to the portet can show the sw360 icons/images</strong></p> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/13.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/14.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>Public_Pages_7_4_3_18_GA18.lar</code> file the selection <code>Public_Pages_7_4_3_18_GA18.lar</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/15.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>Private_Pages_7_4_3_18_GA18.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/16.png"/> +</figure> +<p>Make sure that <code>Private_Pages_7_4_3_18_GA18.lar </code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy74/17.png"/> +</figure> \ No newline at end of file diff --git a/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html b/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html index 77888a1..30834fe 100644 --- a/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html +++ b/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html @@ -1,935 +1,95 @@ - - - - - - - - - - - - - - - - - - - - -Upgrade Sw360 from 14.0 to 15.0 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Upgrade Sw360 from 14.0 to 15.0

    -
    Upgrade Sw360 from 14.0 to 15.0
    -
    - - - - - - - - - - - - - -
    -

    Upgrade SW360 version 15.0

    -

    1. Upgrade sw360 from 14.0 to 15.0

    -
    1.1 Checkout source code SW360 to Tag Version 15
-1.2 Version of libraries
-1.3 Migrate database
-1.4 Build and deploy Sw360 Version 15.0
-

    1.1 Checkout source code SW360 to Tag Version 15

    -

    Link contains source: https://github.com/eclipse/sw360.git

    -
      -
    • -

      Path SW360_REPOSITORY = /home/user/work/sw360

      -
      • -
    • -

      Source code sw360 is in master branch with commit version 14.0 . User into ${SW360_REPOSITORY} use git checkout to tag version 15 on the master branch of SW360

      -
      • -
    • -

      Checkout to tag Version 15.0.0

      -
        -
      • $ git checkout .
        • -
      • $ git checkout sw360-15.0.0-M1
        • -
      -
      • -
    -

    1.2 Version of libraries

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Liferay7.3.4
    Tomcat9.0.33
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.14.0
    SW36014.0.0
    -

    1.3 Migrate database

    - -
      -
    • There is no migrate script, skip this step.
      • -
    -

    1.4 Build and deploy SW360 Version 15.0

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    • -

      Stop SW360 version 14.0, ensure that couchdb is accessible (try to open http://localhost:5984/_utils/)

      -
        -
      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh
        • -
      -
      • -
    -

    2. Compile and deploy

    -
      -
    • -

      Start couchdb

      -
        -
      • $ sudo service couchdb start
        • -
      -
      • -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ cd /home/user/work/sw360
        • -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    -
      -
    1. -

      To clean everything and install without running the tests

      -
        -
      • $ mvn clean install -DskipTests
        • -
      -
      2. -
    2. -

      For deployment run the command

      -
        -
      • mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests
        • -
      -
      3. -
    -

    2.1 Start and Configure Liferay

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    • -

      Start liferay

      -
        -
      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh
        • -
      -
      • -
    • -

      Log

      -
        -
      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*
        • -
      -
      • -
    • -

      Url SW360 : https://localhost:8080

      -
      • -
    -

    2.2 Configure Liferay Portal

    - -
      -
    • Import users -
        -
      1. Open the panel on the left side by clicking the button on the top left.
        2. -
      2. Click on SW360 on the top right to go to the homepage.
        3. -
      3. Click on Start inside the “Welcome” section.
        4. -
      4. Go to Admin -> User (URL: /group/guest/users).
        5. -
      5. Scroll down to section UPLOAD USERS, select a user file from the very -beginning and click Upload Users on the right side. A user file can be found here in the sw360vagrant project -* Download: $ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv
        6. -
      -
      • -
    - - - -
    - Last modified July 7, 2022: Guide Native_install_version_14_and_upgrade_15 (515f3ec) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Upgrade Sw360 from 14.0 to 15.0 | Eclipse SW360 +

    Upgrade Sw360 from 14.0 to 15.0

    Upgrade Sw360 from 14.0 to 15.0

    Upgrade SW360 version 15.0

    1. Upgrade sw360 from 14.0 to 15.0

    1.1 Checkout source code SW360 to Tag Version 15
+1.2 Version of libraries
+1.3 Migrate database
+1.4 Build and deploy Sw360 Version 15.0
+

    1.1 Checkout source code SW360 to Tag Version 15

    Link contains source: https://github.com/eclipse/sw360.git

    • Path SW360_REPOSITORY = /home/user/work/sw360

    • Source code sw360 is in master branch with commit version 14.0 . User into ${SW360_REPOSITORY} use git checkout to tag version 15 on the master branch of SW360

    • Checkout to tag Version 15.0.0

      • $ git checkout .
      • $ git checkout sw360-15.0.0-M1

    1.2 Version of libraries

    Package NameVersion
    Liferay7.3.4
    Tomcat9.0.33
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.14.0
    SW36014.0.0

    1.3 Migrate database

    • There is no migrate script, skip this step.

    1.4 Build and deploy SW360 Version 15.0

    • Set Environment for ${LIFERAY_INSTALL}

      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5

    • Stop SW360 version 14.0, ensure that couchdb is accessible (try to open http://localhost:5984/_utils/)

      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/shutdown.sh

    2. Compile and deploy

    • Start couchdb

      • $ sudo service couchdb start

    • Set Environment for ${LIFERAY_INSTALL}

      • $ cd /home/user/work/sw360
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5

    1. To clean everything and install without running the tests

      • $ mvn clean install -DskipTests

    2. For deployment run the command

      • mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests

    2.1 Start and Configure Liferay

    • Set Environment for ${LIFERAY_INSTALL}

      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5

    • Start liferay

      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh

    • Log

      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*

    • Url SW360 : https://localhost:8080

    2.2 Configure Liferay Portal

    • Import users
      1. Open the panel on the left side by clicking the button on the top left.
      2. Click on SW360 on the top right to go to the homepage.
      3. Click on Start inside the “Welcome” section.
      4. Go to Admin -> User (URL: /group/guest/users).
      5. Scroll down to section UPLOAD USERS, select a user file from the very +beginning and click Upload Users on the right side. A user file can be found here in the sw360vagrant project +* Download: $ wget https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv
    Last modified July 7, 2022: Guide Native_install_version_14_and_upgrade_15 (515f3ec)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html b/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html index 012db33..d613c7c 100644 --- a/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html +++ b/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html @@ -1,983 +1,107 @@ - - - - - - - - - - - - - - - - - - - - -Upgrade Sw360 from 15.0 to 16.0 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Upgrade Sw360 from 15.0 to 16.0

    -
    Upgrade Sw360 from 15.0 to 16.0
    -
    - - - - - - - - - - - - - -
    -

    Upgrade SW360 version 16.0

    -

    1. Upgrade sw360 from 15.0 to 16.0

    -
    1.1 Checkout source code SW360 to Tag Version 16
-1.2 Version of libraries
-1.3 Migrate database
-1.4 Build and deploy Sw360 Version 16
-1.5 Start and Configure Liferay 
-

    1.1 Create Folder contains source code SW360 to Tag Version 16

    -

    Link contains source: https://github.com/eclipse/sw360.git

    -
      -
    • -

      Path SW360_REPOSITORY = /home/user/work15to16/sw360

      -
      • -
    • -

      Source code sw360 is in main branch with commit version 14.0 . User into ${SW360_REPOSITORY} use git checkout to tag version 16 on the main branch of SW360

      -
      • -
    • -

      Checkout to tag Version 16.0.0 or checkout commit “d15db4a1b07112fff126016103c1a8d8dd03c230”

      -
        -
      • $ git checkout d15db4a1b07112fff126016103c1a8d8dd03c230 or $ git checkout sw360-16.0.0-M1
        • -
      -
      • -
    • -

      Upgrade Thrift from 0.14.0 to 0.16.0

      -
        -
      • Move to folder sw360 with path /home/user/work15to16/sw360
        • -
      -

      Run command line:

      -

      Uninstall thrift version 0.14.0

      -
        -
      • ./scripts/install-thrift.sh --uninstall
        • -
      -

      Install thrift version 0.16.0

      -
        -
      • ./scripts/install-thrift.sh
        • -
      -

      Check version thrift

      -
        -
      • thrift --version
        • -
      -
      • -
    • -

      Update Dependency for SW360 version 16

      -

      Download dependency:

      -
        -
      • wget https://search.maven.org/remotecontent?filepath=commons-io/commons-io/2.7/commons-io-2.7.jar -O commons-io-2.7.jar
        • -
      • wget https://search.maven.org/remotecontent?filepath=com/google/code/gson/gson/2.8.9/gson-2.8.9.jar -O gson-2.8.9.jar
        • -
      • wget https://search.maven.org/remotecontent?filepath=com/google/guava/guava/31.0.1-jre/guava-31.0.1-jre.jar -O guava-31.0.1-jre.jar
        • -
      • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-annotations/2.13.2/jackson-annotations-2.13.2.jar -O jackson-annotations-2.13.2.jar
        • -
      • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-core/2.13.2/jackson-core-2.13.2.jar -O jackson-core-2.13.2.jar
        • -
      • wget https://search.maven.org/remotecontent?filepath=com/fasterxml/jackson/core/jackson-databind/2.13.2.2/jackson-databind-2.13.2.2.jar -O jackson-databind-2.13.2.2.jar
        • -
      • wget https://repo1.maven.org/maven2/org/apache/thrift/libthrift/0.16.0/libthrift-0.16.0.jar -O libthrift-0.16.0.jar
        • -
      -

      Move dependency to folder /opt/liferay-ce-portal-7.3.4-ga5/deploy

      -
      • -
    -

    1.2 Version of libraries

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Liferay7.3.4
    Tomcat9.0.33
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.16.0
    -

    1.3 Migrate database

    - -
    To clean everything and  install without running the tests
 
 - `mvn clean install -DskipTests `
 
 For deployment run the command 
 - `mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -Drest.deploy.dir=${LIFERAY_INSTALL}/tomcat-9.0.33/webapps -DskipTests`
-
    -

    1.5 Start and Configure Liferay

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL}

      -
        -
      • $ export LIFERAY_INSTALL=/opt/liferay-ce-portal-7.3.4-ga5
        • -
      -
      • -
    • -

      Start liferay

      -
        -
      • $ ${LIFERAY_INSTALL}/tomcat-9.0.33/bin/startup.sh
        • -
      -
      • -
    • -

      Log

      -
        -
      • $ tail -f ${LIFERAY_INSTALL}/tomcat-9.0.33/logs/*
        • -
      -
      • -
    • -

      Url SW360 : https://localhost:8080

      -
      • -
    - - - -
    - Last modified January 13, 2023: fix content native install 17 and add file Upgrade_Version_SW360_15_To_16.md (73265ee) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +

    1.5 Start and Configure Liferay

    Last modified January 13, 2023: fix content native install 17 and add file Upgrade_Version_SW360_15_To_16.md (73265ee)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html b/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html index 4d73227..50a88c4 100644 --- a/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html +++ b/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html @@ -1,31 +1,8 @@ - - - - - - - - - - - - - - - - - - - - -Upgrade SW360 from 16.0 to 17.0 | Eclipse SW360 -Upgrade SW360 from 16.0 to 17.0 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Upgrade SW360 from 16.0 to 17.0

    - -
    - - - - - - - - - - - - - -
    -

    Checkout source code SW360 to Tag Version 17

    -

    Version of libraries

    -

    Migrate Database

    -

    Build and deploy SW360 Version 17

    -

    Start and Configure Liferay

    -

    Prepare source code to use release 17

    -

    Link contains source: https://github.com/eclipse/sw360.git

    -
      -
    • -

      Path SW360_REPOSITORY = /home/user/work16to17/sw360

      -
      • -
    • -

      Source code sw360 is in main branch with commit version 16.0.0 . User into ${SW360_REPOSITORY} use git checkout to tag version 16 on the main branch of SW360

      -
      • -
    • -

      Checkout to tag Version 17.0.0

      -
        -
      • $ git checkout 6c1aeacea3b0c5f37dc1752b5409cce1433e40c2
        • -
      -
      • -
    • -

      Check version thrift

      -
        -
      • thrift --version
        • -
      -
      • -
    • -

      If thrift version 0.14.0 then upgrade Thrift from 0.14.0 to 0.16.0

      -
        -
      • -

        Move to folder sw360 with path /home/user/work16to17/sw360

        -

        To uninstall thrift version 0.14.0:

        -
          -
        • ./scripts/install-thrift.sh --uninstall
          • -
        -

        To install thrift version 0.16.0

        -
          -
        • ./scripts/install-thrift.sh
          • -
        -
        • -
      -
      • -
    • -

      Download Liferay Portal CE 7.4.3.18 GA18

      -
        -
      • -

        $ cd work16to17

        -
        • -
      • -

        $ wget https://github.com/liferay/liferay-portal/releases/download/7.4.3.18-ga18/liferay-ce-portal-tomcat-7.4.3.18-ga18-20220329092001364.tar.gz -O liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz

        -
        • -
      -
      • -
    • -

      Extract downloaded file

      -
        -
      • $ tar -xzf liferay-ce-portal-tomcat-7.4.3.18-ga18.tar.gz
        • -
      -
      • -
    • -

      Copy file portal-ext.properties from liferay-ce-portal-7.3.4-ga5 folder to liferay-ce-portal-7.4.3.18-ga18 folder

      -
      • -
    • -

      Remove files in folder hypersonic with path: /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic

      -

      $ rm -rf /home/user/work16to17/liferay-ce-portal-7.4.3.18-ga18/data/hypersonic/*

      -
      • -
    • -

      Copy all file liferay-ce-portal-7.3.4-ga5/osgi/configs folder to liferay-ce-portal-7.4.3.18-ga18/osgi/configs folder

      -
      • -
    -

    Liferay Database Migration

    -
      -
    • -

      Go to liferay-ce-portal-7.4.3.18-ga18/tools/portal-tools-db-upgrade-client folder

      -
      • -
    • -

      Edit app-server.properties to add the following parameters:

      -
      • -
    -
      dir={LIFERAY_PATH_7.4}/tomcat-9.0.56
-  extra.lib.dirs=/bin
-  global.lib.dir=/lib
-  portal.dir=/webapps/ROOT
-  server.detector.server.id=tomcat
-
      -
    • Edit portal-upgrade-database.properties to add the following parameters:
      • -
    -
      jdbc.default.driverClassName=org.postgresql.Driver
-  jdbc.default.url=jdbc:postgresql://{POSTGRE_HOST}:5432/lportal
-  jdbc.default.username={POSTGRES_USER}
-  jdbc.default.password={POSTGRES_PASSWORD}
-
      -
    • Edit portal-upgrade-ext.properties to add the following parameter:
      • -
    -
      liferay.home={LIFERAY_PATH_7.4}
-
      -
    • Finally, you can run the script with the following command:
      • -
    -
    $ ./db_upgrade.sh -j "-Xmx8000m -Dfile.encoding=UTF-8 -Duser.timezone=GMT"
-
      -
    • -

      Move folder liferay-ce-portal-7.4.3.18-ga18 to /opt

      -

      $ sudo mv liferay-ce-portal-7.4.3.18-ga18 /opt

      -
      • -
    • -

      Set Environment for ${LIFERAY_INSTALL_7_4}

      -

      $ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18

      -
      • -
    • -

      Move folder /home/user/work16to17/sw360 run command

      -

      $ mvn clean install -DskipTests

      -
      • -
    • -

      After run command “mvn clean install -DskipTests” above, copy dependency in folder /home/user/work16to17/sw360/deploy/jars to ${LIFERAY_INSTALL_7_4}/deploy

      -
         $ cd /home/user/work16to17/sw360/deploy/jars
-   $ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/deploy/
-
      • -
    • -

      We also suggest you change the environment settings (frontend/configuration/setenv.sh) to avoid the lack of memory before making and building SW360 or can reuse 7.3.4’s setenv.sh.

      -
         $ sudo rm -rf ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/setenv.sh
-   $ sudo cp /home/user/work16to17/sw360/frontend/configuration/setenv.sh ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/
-
      • -
    -

    Install Couchdb Lucene

    -
      -
    • -

      SW360 uses for searching the contents of the couchdb databases a lucene-based server named couchdb-lucene

      -
      • -
    • -

      Run command download Couchdb Lucene

      -
        -
      • wget --no-check-certificate https://github.com/rnewson/couchdb-lucene/archive/v2.1.0.tar.gz -O couchdb-lucene.tar.gz
        • -
      -
      • -
    • -

      Note extract couchdb-lucene to folder work with path of work: /home/user/work

      -
        -
      • tar -xzf couchdb-lucene.tar.gz
        • -
      -
      • -
    • -

      Run command:

      -
        -
      • cd couchdb-lucene-2.1.0
        • -
      • sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini
        • -
      • sed -i "s/localhost:5984/admin:password@localhost:5984/" ./src/main/resources/couchdb-lucene.ini
        • -
      • wget https://raw.githubusercontent.com/sw360/sw360vagrant/master/shared/couchdb-lucene.patch
        • -
      • patch -p1 < couchdb-lucene.patch
        • -
      • mvn clean install war:war
        • -
      • sudo cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war
        • -
      -
      • -
    -

    Version of libraries

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Liferay7.4.3
    Tomcat9.0.56
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.16.0
    -
      -
    • To check couchdb version: run curl http://localhost_or_yourcouchdbserver:5984 | json_pp
      • -
    -

    Migrate database

    -
      -
    • -

      Check migrate scripts from 16.0 to 17.0 by https://github.com/eclipse/sw360/tree/master/scripts/migrations

      -
      • -
    • -

      File migration:

      -
        -
      • https://github.com/eclipse/sw360/blob/main/scripts/migrations/050_cleanup_eccinformation_duplicate_attributes.py
        • -
      • https://github.com/eclipse/sw360/blob/main/scripts/migrations/051_change_eccStatus.py
        • -
      • https://github.com/eclipse/sw360/blob/main/scripts/migrations/052_migrate_clearing_request_status.py
        • -
      • https://github.com/eclipse/sw360/blob/main/scripts/migrations/053_remove_whitespace_component_name.py
        • -
      -
      • -
    • -

      Install pip for python 3

      -

      if there is no proxy, skip option --proxy=http://username:password@hostname:port

      -
         $ sudo apt update
-   $ sudo apt install python3-pip
-
      • -
    • -

      Import package couchdb -pip3 install --proxy=http://username:password@hostname:port couchdb

      -

      How to run migration data

      -
        -
      1. -

        stop SW360 (i.e. the tomcat)

        -
          -
        • -

          Set Environment for ${LIFERAY_INSTALL_7_4} -$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18

          -
          • -
        • -

          Stop SW360 version 16.0 with path LIFERAY_INSTALL_7_3= /opt/liferay-ce-portal-7.3.4-ga5 -$ ${LIFERAY_INSTALL_7_3}/tomcat-9.0.33/bin/shutdown.sh

          -
          • -
        -
        2. -
      2. -

        Ensure that couchdb is accessible (try to open http://localhost:5984/_utils/)

        -
        3. -
      3. -

        run the migration scripts (i.e. for each script call python3 /PATH/TO/00?_some_migration_script.py) -be aware that some scripts are using an internal dry-run switch which you have to change manually in the script’s code.

        -
      -
      • -
    -

    Compile and deploy

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL_7_4} +

    Compile and deploy

    • Set Environment for ${LIFERAY_INSTALL_7_4} $ cd /home/user/work16to17/sw360 -$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18

      -

      To clean everything and install without running the tests -mvn clean install -DskipTests

      -
      • -
    • -

      For deployment run the command -mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true

      -
      • -
    -

    Start and Configure Liferay

    -
      -
    • -

      Set Environment for ${LIFERAY_INSTALL_7_4} -$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18

      -
      • -
    • -

      Start liferay

      -
        -
      • $ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh
        • -
      -
      • -
    • -

      Log

      -
        -
      • $ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/*
        • -
      -
      • -
    • -

      Url SW360 : https://localhost:8080

      -
      • -
    -

    Re-indexing search indexes is required for major version upgrades. Here’s how to re-index:

    -
    1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears.
-
-2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done.
-
    -
    - -
    - -

    Setup SW360 for Liferay: Import *.lar Files

    -
      -
    • You need over-import *.lar files to the portet can show the sw360 icons/images
      • -
    -

    For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

    - -
    - -
    - -

    The go into > Publishing > Import which shows like this:

    - -
    - -
    - -

    Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

    - -
    - -
    - -

    As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

    - -
    - -
    - -

    Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

    -

    After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

    - -
    - -
    - -

    Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

    - -
    - -
    - - - - -
    - Last modified July 19, 2023: removed unnecessary quotes (08cc9c3) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18

    To clean everything and install without running the tests +mvn clean install -DskipTests

  • For deployment run the command +mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true

    • Start and Configure Liferay

    Re-indexing search indexes is required for major version upgrades. Here’s how to re-index:

    1. Click on the Global Menu (Global Menu icon) and select the Control Panel tab. The Control Panel appears.
+
+2. Click on Search in the Configuration section, select the Index Actions tab, and click Execute for Re-index all search indexes. The re-index executes and displays a success message when done.
+

    Setup SW360 for Liferay: Import *.lar Files

    For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

    The go into > Publishing > Import which shows like this:

    Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

    As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

    Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

    After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

    Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

    Last modified July 19, 2023: removed unnecessary quotes (08cc9c3)
    + + + \ No newline at end of file diff --git a/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html b/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html index 6896815..fd972fa 100644 --- a/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html +++ b/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html @@ -1,32 +1,9 @@ - - - - - - - - - - - - - - - - - - - - -Upgrade SW360 from 17.00 to 18.1.0 | Eclipse SW360 -Upgrade SW360 from 17.00 to 18.1.0 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Upgrade SW360 from 17.00 to 18.1.0

    - -
    - - - - - - - - - - - - - -
    -

    Version of libraries

    -

    Checkout source code SW360 to Tag Version 18.1.0

    -

    Config Couchdb Lucene

    -

    Build and deploy

    -

    Start and Configure Liferay

    -

    Setup SW360 for Liferay: Import *.lar Files

    -

    Version of libraries

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package NameVersion
    Liferay7.4.3
    Tomcat9.0.56
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.16.0
    -

    To check couchdb version: run curl http://localhost_or_yourcouchdbserver:5984 | json_pp

    -

    Prepare source code to use release 18.1.0

    -

    Link contains source: https://github.com/eclipse/sw360.git

    -

    Create folder to store new source code of version 18.1.0:

    -
    $ mkdir /home/user/work17to18
-

    Clone source code from github:

    -
    $ git clone https://github.com/eclipse/sw360.git
-

    Checkout to tag Version 18.1.0

    -
    $ git checkout sw360-18.1.0-M1
-

    Set Environment for ${LIFERAY_INSTALL_7_4}

    -
    $ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18
-

    Move folder /home/user/work17to18/sw360 run command

    -
    $ mvn clean install -DskipTests
-

    Copy dependencies from folder /home/user/work17to18/sw360/deploy/jars to ${LIFERAY_INSTALL_7_4}/osgi/modules

    -
    $ cd /home/user/work17to18/sw360/utils/jars
-$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/
-

    Config Couchdb Lucene

    -

    Run following commands to config Couchdb Lucene (remember to replace COUCHDB_USER and COUCHDB_PASSWORD by username and password of couchdb):

    -
    $ cd /home/user/work17to18/sw360/third-party/couchdb-lucene/
-$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini
-$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini
-$ mvn clean install war:war
-$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war
-

    Build and deploy

    -

    Set Environment for ${LIFERAY_INSTALL_7_4}

    -
    $ cd /home/user/work17to18/sw360
-$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18
-

    To clean everything and install without running the tests

    -
    $ mvn clean install -DskipTests
-

    For deployment run the command

    -
    $ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true
-

    Start and Configure Liferay

    -

    Set Environment for ${LIFERAY_INSTALL_7_4}

    -
    $ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18`
-

    Start liferay

    -
    $ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh
-

    Log

    -
    $ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/catalina.out
-

    SW360 url : https://localhost:8080

    -

    Setup SW360 for Liferay: Import *.lar Files

    -

    You need over-import lar files to the portet can show the sw360 icons/images

    -

    For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

    - -
    - -
    - -

    The go into > Publishing > Import which shows like this:

    - -
    - -
    - -

    Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

    - -
    - -
    - -

    As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

    - -
    - -
    - -

    Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

    -

    After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

    - -
    - -
    - -

    Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

    - -
    - -
    - - - - -
    - Last modified February 28, 2024: feat(Upgrade version): Add upgrade version doc from 17.0.0 to 18.1.0 (b3cb567) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Create folder to store new source code of version 18."> +

    Upgrade SW360 from 17.00 to 18.1.0

    Version of libraries

    Checkout source code SW360 to Tag Version 18.1.0

    Config Couchdb Lucene

    Build and deploy

    Start and Configure Liferay

    Setup SW360 for Liferay: Import *.lar Files

    Version of libraries

    Package NameVersion
    Liferay7.4.3
    Tomcat9.0.56
    Couchdb3.2.2
    Open JDK11.0.15
    Thrift0.16.0

    To check couchdb version: run curl http://localhost_or_yourcouchdbserver:5984 | json_pp

    Prepare source code to use release 18.1.0

    Link contains source: https://github.com/eclipse/sw360.git

    Create folder to store new source code of version 18.1.0:

    $ mkdir /home/user/work17to18
+

    Clone source code from github:

    $ git clone https://github.com/eclipse/sw360.git
+

    Checkout to tag Version 18.1.0

    $ git checkout sw360-18.1.0-M1
+

    Set Environment for ${LIFERAY_INSTALL_7_4}

    $ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18
+

    Move folder /home/user/work17to18/sw360 run command

    $ mvn clean install -DskipTests
+

    Copy dependencies from folder /home/user/work17to18/sw360/deploy/jars to ${LIFERAY_INSTALL_7_4}/osgi/modules

    $ cd /home/user/work17to18/sw360/utils/jars
+$ sudo cp *.jar /opt/liferay-ce-portal-7.4.3.18-ga18/osgi/modules/
+

    Config Couchdb Lucene

    Run following commands to config Couchdb Lucene (remember to replace COUCHDB_USER and COUCHDB_PASSWORD by username and password of couchdb):

    $ cd /home/user/work17to18/sw360/third-party/couchdb-lucene/
+$ sed -i "s/allowLeadingWildcard=false/allowLeadingWildcard=true/" ./src/main/resources/couchdb-lucene.ini
+$ sed -i "s/localhost:5984/COUCHDB_USER:COUCHDB_USER@localhost:5984/" ./src/main/resources/couchdb-lucene.ini
+$ mvn clean install war:war
+$ cp target/couchdb-lucene-*.war /opt/liferay-ce-portal-7.4.3.18-ga18/tomcat-9.0.56/webapps/couchdb-lucene.war
+

    Build and deploy

    Set Environment for ${LIFERAY_INSTALL_7_4}

    $ cd /home/user/work17to18/sw360
+$ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18
+

    To clean everything and install without running the tests

    $ mvn clean install -DskipTests
+

    For deployment run the command

    $ mvn package -P deploy -Dbase.deploy.dir=. -Dliferay.deploy.dir=${LIFERAY_INSTALL_7_4}/deploy -Dbackend.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Drest.deploy.dir=${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/webapps -Dtest=org/eclipse/sw360/rest/resourceserver/restdocs/* -Dsurefire.failIfNoSpecifiedTests=false -DRunRestIntegrationTest=true
+

    Start and Configure Liferay

    Set Environment for ${LIFERAY_INSTALL_7_4}

    $ export LIFERAY_INSTALL_7_4=/opt/liferay-ce-portal-7.4.3.18-ga18`
+

    Start liferay

    $ ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/bin/startup.sh
+

    Log

    $ tail -f ${LIFERAY_INSTALL_7_4}/tomcat-9.0.56/logs/catalina.out
+

    SW360 url : https://localhost:8080

    Setup SW360 for Liferay: Import *.lar Files

    You need over-import lar files to the portet can show the sw360 icons/images

    For the setup of SW360 in Liferay, the portal description files, *.lar files need not be imported. There is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.

    The go into > Publishing > Import which shows like this:

    Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the frontend/configuration folder of the sw360 repository.

    As for import settings, follow the selection as shown on the screenshot. It is very important that for the Public_Pages_7_4_3_18_GA18.lar file the selection Public_Pages_7_4_3_18_GA18.lar is made.

    Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.

    After successful importing, the same steps shall be repeated for the Private_Pages_7_4_3_18_GA18.lar file.

    Make sure that Private_Pages_7_4_3_18_GA18.lar is selected. Follow the other selections made as shown on the screenshot … importing permissions … mirror with overwriting, use the current author …

    Last modified February 28, 2024: feat(Upgrade version): Add upgrade version doc from 17.0.0 to 18.1.0 (b3cb567)
    + + + \ No newline at end of file diff --git a/docs/development/dev-adding-a-new-portlet-backend/index.html b/docs/development/dev-adding-a-new-portlet-backend/index.html index 8cc9dad..50ffe57 100644 --- a/docs/development/dev-adding-a-new-portlet-backend/index.html +++ b/docs/development/dev-adding-a-new-portlet-backend/index.html @@ -1,850 +1,159 @@ - - - - - - - - - - - - - - - - - - - - -How to add a backend portlet to sw360 | Eclipse SW360 - - -How to add a backend portlet to sw360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    How to add a backend portlet to sw360

    - -
    - - - - - - - - - - - - - -
    -

    This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.

    -

    This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:

    -
      -
    1. Add methods to the thrift idl definition
      2. -
    2. Add methods to the data handler interface
      3. -
    3. Add implementation
      4. -
    4. Add tests
      5. -
    -

    Thrift

    -

    First we add some methods to the thrift files, components.thrift

    -
    //new Methods to ensure uniqueness of Identifiers
-map <string, list<string>> getDuplicateComponents();
-map <string, list<string>> getDuplicateReleases();
-

    Datahandler

    -

    then we install lib-datahandler. That way we see which methods we have to implement. -We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.

    -
    @Override
-public Map<String, List<String>> getDuplicateComponents() throws TException {
-    return handler.getDuplicateComponents();
-}
-
-@Override
-public Map<String, List<String>> getDuplicateReleases() throws TException {
-    return handler.getDuplicateReleases();
-}
-

    Implementation

    -

    The methods there are only a reference to the ComponentDatabaseHandler.java. +Add methods to the thrift idl definition Add methods to the data handler interface Add implementation Add tests Thrift First we add some methods to the thrift files, components."> +

    How to add a backend portlet to sw360

    This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.

    This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:

    1. Add methods to the thrift idl definition
    2. Add methods to the data handler interface
    3. Add implementation
    4. Add tests

    Thrift

    First we add some methods to the thrift files, components.thrift

    //new Methods to ensure uniqueness of Identifiers
+map <string, list<string>> getDuplicateComponents();
+map <string, list<string>> getDuplicateReleases();
+

    Datahandler

    then we install lib-datahandler. That way we see which methods we have to implement. +We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.

    @Override
+public Map<String, List<String>> getDuplicateComponents() throws TException {
+    return handler.getDuplicateComponents();
+}
+
+@Override
+public Map<String, List<String>> getDuplicateReleases() throws TException {
+    return handler.getDuplicateReleases();
+}
+

    Implementation

    The methods there are only a reference to the ComponentDatabaseHandler.java. In the ComponentHandler we only assert that the input is correct. Since we implement methods without parameters, there is nothing else for us to do. -In the ComponentDatabaseHandler.java we actually do some work and implement the methods

    -
    public Map<String, List<String>> getDuplicateComponents() {
-    ListMultimap<String, String> componentIdentifierToComponentId = ArrayListMultimap.create();
-
-    for (Component component : componentRepository.getSummaryForExport()) {
-        componentIdentifierToComponentId.put(SW360Utils.printName(component), component.getId());
-    }
-    return CommonUtils.getIdentifierToListOfDuplicates(componentIdentifierToComponentId);
-}
-
-public Map<String, List<String>> getDuplicateReleases() {
-    ListMultimap<String, String> releaseIdentifierToReleaseId = ArrayListMultimap.create();
-
-    for (Release release : releaseRepository.getReleaseSummary()) {
-        releaseIdentifierToReleaseId.put(SW360Utils.printName(release), release.getId());
-    }
-
-    return CommonUtils.getIdentifierToListOfDuplicates(releaseIdentifierToReleaseId);
-}
-

    Tests

    -

    We then write some tests in ComponentDatabaseHandlerTest.java

    -
    @Test
-public void testDuplicateComponentIsFound() throws Exception {
-    String originalComponentId = "C3";
-    final Component tmp = handler.getComponent(originalComponentId, user1);
-    tmp.unsetId();
-    tmp.unsetRevision();
-    String newComponentId = handler.addComponent(tmp, email1);
-
-    final Map<String, List<String>> duplicateComponents = handler.getDuplicateComponents();
-
-    assertThat(duplicateComponents.size(), is(1));
-    assertThat(duplicateComponents.get(printName(tmp)), containsInAnyOrder(newComponentId,originalComponentId));
-
-}
-
-
-@Test
-public void testDuplicateReleaseIsFound() throws Exception {
-
-    String originalReleaseId = "R1A";
-    final Release tmp = handler.getRelease(originalReleaseId, user1);
-    tmp.unsetId();
-    tmp.unsetRevision();
-    String newReleaseId = handler.addRelease(tmp, email1);
-
-    final Map<String, List<String>> duplicateReleases = handler.getDuplicateReleases();
-
-    assertThat(duplicateReleases.size(), is(1));
-    assertThat(duplicateReleases.get(printName(tmp)), containsInAnyOrder(newReleaseId,originalReleaseId));
-}
-

    Then we install the backend to make our methods available.

    - - - -
    - Last modified January 16, 2023: upd(project): Minor updates (aac964c) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +In the ComponentDatabaseHandler.java we actually do some work and implement the methods

    public Map<String, List<String>> getDuplicateComponents() {
+    ListMultimap<String, String> componentIdentifierToComponentId = ArrayListMultimap.create();
+
+    for (Component component : componentRepository.getSummaryForExport()) {
+        componentIdentifierToComponentId.put(SW360Utils.printName(component), component.getId());
+    }
+    return CommonUtils.getIdentifierToListOfDuplicates(componentIdentifierToComponentId);
+}
+
+public Map<String, List<String>> getDuplicateReleases() {
+    ListMultimap<String, String> releaseIdentifierToReleaseId = ArrayListMultimap.create();
+
+    for (Release release : releaseRepository.getReleaseSummary()) {
+        releaseIdentifierToReleaseId.put(SW360Utils.printName(release), release.getId());
+    }
+
+    return CommonUtils.getIdentifierToListOfDuplicates(releaseIdentifierToReleaseId);
+}
+

    Tests

    We then write some tests in ComponentDatabaseHandlerTest.java

    @Test
+public void testDuplicateComponentIsFound() throws Exception {
+    String originalComponentId = "C3";
+    final Component tmp = handler.getComponent(originalComponentId, user1);
+    tmp.unsetId();
+    tmp.unsetRevision();
+    String newComponentId = handler.addComponent(tmp, email1);
+
+    final Map<String, List<String>> duplicateComponents = handler.getDuplicateComponents();
+
+    assertThat(duplicateComponents.size(), is(1));
+    assertThat(duplicateComponents.get(printName(tmp)), containsInAnyOrder(newComponentId,originalComponentId));
+
+}
+
+
+@Test
+public void testDuplicateReleaseIsFound() throws Exception {
+
+    String originalReleaseId = "R1A";
+    final Release tmp = handler.getRelease(originalReleaseId, user1);
+    tmp.unsetId();
+    tmp.unsetRevision();
+    String newReleaseId = handler.addRelease(tmp, email1);
+
+    final Map<String, List<String>> duplicateReleases = handler.getDuplicateReleases();
+
+    assertThat(duplicateReleases.size(), is(1));
+    assertThat(duplicateReleases.get(printName(tmp)), containsInAnyOrder(newReleaseId,originalReleaseId));
+}
+

    Then we install the backend to make our methods available.

    Last modified January 16, 2023: upd(project): Minor updates (aac964c)
    + + + \ No newline at end of file diff --git a/docs/development/dev-adding-a-new-portlet-frontend/index.html b/docs/development/dev-adding-a-new-portlet-frontend/index.html index 165eff2..583bec8 100644 --- a/docs/development/dev-adding-a-new-portlet-frontend/index.html +++ b/docs/development/dev-adding-a-new-portlet-frontend/index.html @@ -1,898 +1,208 @@ - - - - - - - - - - - - - - - - - - - - -How to add a frontend portlet to sw360 | Eclipse SW360 -How to add a frontend portlet to sw360 | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    How to add a frontend portlet to sw360

    - -
    - - - - - - - - - - - - - -
    -

    We create a class in

    -
    sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/
-

    called

    -
    DatabaseSanitation.java
-

    Here are some code snippets that are important:

    -
    public class DatabaseSanitation extends Sw360Portlet 
-

    the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.

    -
    @Override
-public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException {
-    // Proceed with page rendering
-    super.doView(request, response);
-}
-

    This method is used to render different pages, a common pattern would be to have if/else tree like

    -
    //! VIEW and helpers
-@Override
-public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException {
-    String pageName = request.getParameter(PAGENAME);
-    if (PAGENAME_EDIT.equals(pageName)) {
-        prepareVendorEdit(request);
-        include("/html/vendors/edit.jsp", request, response);
-    } else {
-        prepareStandardView(request);
-        super.doView(request, response);
-    }
-}
-

    but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in

    -
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml
-

    but more on that later.

    -

    The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:

    -
    @Override
-public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
-    String action = request.getParameter(PortalConstants.ACTION);
-    if (PortalConstants.DUPLICATES.equals(action)) {
-              serveDuplicates(request, response);
-    }
-}
-

    similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.

    -

    Let’s have a look at

    -
    private void serveDuplicates(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
-
-    Map<String, List<String>> duplicateComponents=null;
-    Map<String, List<String>> duplicateReleases=null;
-    try {
-        final ComponentService.Iface componentClient = thriftClients.makeComponentClient();
-        duplicateComponents = componentClient.getDuplicateComponents();
-        duplicateReleases = componentClient.getDuplicateReleases();
-    } catch (TException e) {
-        log.error("Error in component client", e);
-    }
-
-    if(duplicateComponents== null || duplicateReleases==null) {
-        renderRequestStatus(request,response, RequestStatus.FAILURE);
-    } else if(duplicateComponents.isEmpty()  && duplicateReleases.isEmpty()) {
-        renderRequestStatus(request,response, RequestStatus.SUCCESS);
-    } else {
-        request.setAttribute(PortalConstants.DUPLICATE_RELEASES, duplicateReleases);
-        request.setAttribute(PortalConstants.DUPLICATE_COMPONENTS, duplicateComponents);
-        include("/html/admin/databaseSanitation/duplicatesAjax.jsp", request, response, PortletRequest.RESOURCE_PHASE);
-    }
-}
+@Override public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException { // Proceed with page rendering super.doView(request, response); } This method is used to render different pages, a common pattern would be to have if/else tree like">
+
    How to add a frontend portlet to sw360
    We create a class in
    sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/
+
    called
    DatabaseSanitation.java
+
    Here are some code snippets that are important:
    public class DatabaseSanitation extends Sw360Portlet 
+
    the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.
    @Override
+public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException {
+    // Proceed with page rendering
+    super.doView(request, response);
+}
+
    This method is used to render different pages, a common pattern would be to have if/else tree like
    //! VIEW and helpers
+@Override
+public void doView(RenderRequest request, RenderResponse response) throws IOException, PortletException {
+    String pageName = request.getParameter(PAGENAME);
+    if (PAGENAME_EDIT.equals(pageName)) {
+        prepareVendorEdit(request);
+        include("/html/vendors/edit.jsp", request, response);
+    } else {
+        prepareStandardView(request);
+        super.doView(request, response);
+    }
+}
+
    but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml
+
    but more on that later.
    The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:
    @Override
+public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
+    String action = request.getParameter(PortalConstants.ACTION);
+    if (PortalConstants.DUPLICATES.equals(action)) {
+              serveDuplicates(request, response);
+    }
+}
+
    similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.
    Let’s have a look at
    private void serveDuplicates(ResourceRequest request, ResourceResponse response) throws IOException, PortletException {
+
+    Map<String, List<String>> duplicateComponents=null;
+    Map<String, List<String>> duplicateReleases=null;
+    try {
+        final ComponentService.Iface componentClient = thriftClients.makeComponentClient();
+        duplicateComponents = componentClient.getDuplicateComponents();
+        duplicateReleases = componentClient.getDuplicateReleases();
+    } catch (TException e) {
+        log.error("Error in component client", e);
+    }
+
+    if(duplicateComponents== null || duplicateReleases==null) {
+        renderRequestStatus(request,response, RequestStatus.FAILURE);
+    } else if(duplicateComponents.isEmpty()  && duplicateReleases.isEmpty()) {
+        renderRequestStatus(request,response, RequestStatus.SUCCESS);
+    } else {
+        request.setAttribute(PortalConstants.DUPLICATE_RELEASES, duplicateReleases);
+        request.setAttribute(PortalConstants.DUPLICATE_COMPONENTS, duplicateComponents);
+        include("/html/admin/databaseSanitation/duplicatesAjax.jsp", request, response, PortletRequest.RESOURCE_PHASE);
+    }
+}
 
    The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend.
 We call the methods that we wrote in the first part of the tutorial.
 The error handling is reported with renderRequestStatus, also from Sw360Portlet.
 When we have findings then we report them by rendering a jsp in the RESOURCE_PHASE.
-This is then some html that our AJAX function gets as data.
    
-
    Then we have to register the portlets in some xml files:
    
-
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml
-
    ...
-<portlet id="databaseSanitation"/>
-
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml
-
    ...
-<portlet>
-    <portlet-name>databaseSanitation</portlet-name>
-    <icon>/icon.png</icon>
-    <instanceable>false</instanceable>
-    <header-portlet-css>/css/main.css</header-portlet-css>
-    <header-portlet-javascript>/js/main.js</header-portlet-javascript>
-    <header-portlet-javascript>/js/external/jquery-1.11.1.min.js</header-portlet-javascript>
-</portlet>
-
    Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.
    
-
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml
-
    ...
-<portlet>
-    <portlet-name>databaseSanitation</portlet-name>
-    <display-name>databaseSanitation</display-name>
-    <portlet-class>
-        com.siemens.sw360.portal.portlets.admin.DatabaseSanitation
-    </portlet-class>
-    <init-param>
-        <name>view-template</name>
-        <value>/html/admin/databaseSanitation/view.jsp</value>
-    </init-param>
-    <expiration-cache>0</expiration-cache>
-    <supports>
-        <mime-type>text/html</mime-type>
-        <portlet-mode>view</portlet-mode>
-    </supports>
-    <portlet-info>
-        <title>databaseSanitation</title>
-        <short-title>databaseSanitation</short-title>
-        <keywords/>
-    </portlet-info>
-    <security-role-ref>
-        <role-name>administrator</role-name>
-    </security-role-ref>
-</portlet>
+This is then some html that our AJAX function gets as data.
    Then we have to register the portlets in some xml files:
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml
+
    ...
+<portlet id="databaseSanitation"/>
+
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml
+
    ...
+<portlet>
+    <portlet-name>databaseSanitation</portlet-name>
+    <icon>/icon.png</icon>
+    <instanceable>false</instanceable>
+    <header-portlet-css>/css/main.css</header-portlet-css>
+    <header-portlet-javascript>/js/main.js</header-portlet-javascript>
+    <header-portlet-javascript>/js/external/jquery-1.11.1.min.js</header-portlet-javascript>
+</portlet>
+
    Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.
    sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml
+
    ...
+<portlet>
+    <portlet-name>databaseSanitation</portlet-name>
+    <display-name>databaseSanitation</display-name>
+    <portlet-class>
+        com.siemens.sw360.portal.portlets.admin.DatabaseSanitation
+    </portlet-class>
+    <init-param>
+        <name>view-template</name>
+        <value>/html/admin/databaseSanitation/view.jsp</value>
+    </init-param>
+    <expiration-cache>0</expiration-cache>
+    <supports>
+        <mime-type>text/html</mime-type>
+        <portlet-mode>view</portlet-mode>
+    </supports>
+    <portlet-info>
+        <title>databaseSanitation</title>
+        <short-title>databaseSanitation</short-title>
+        <keywords/>
+    </portlet-info>
+    <security-role-ref>
+        <role-name>administrator</role-name>
+    </security-role-ref>
+</portlet>
 
    After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file.
 We sign in as admin,
-go to
    
-
    Admin -> Site administration 
--> Private Pages
+go to
    Admin -> Site administration 
+-> Private Pages
 
    To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page.
 Then we select the Private Pages under My Sites.
 We can then go to the page we have just created.
 On the left side there is a plus sign, which opens a side menu with the available portlets that we can add to our page.
 Under SW360 we find the portlet DatabaseSanitation and we click add.
-Then we can change the option (The cog symbol on the right) Look and Feel  to Show Borders -> No and we save that.
-Then we change the theme of Private Pages back to SW360-Theme.
    
-
    Now we can change the theme back and export a new lar file as described else where.
    
-
-	
-	
-	
    
-  Last modified January 16, 2023: upd(project): Minor updates (aac964c)
-
    
-
-
    
-
-
-          
    
-        
    
-      
    
-      
-
-
-    
    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -> No and we save that.
+Then we change the theme of Private Pages back to SW360-Theme.
    Now we can change the theme back and export a new lar file as described else where.
    Last modified January 16, 2023: upd(project): Minor updates (aac964c)
    + + + \ No newline at end of file diff --git a/docs/development/dev-adding-new-fields-to-existing-classes/index.html b/docs/development/dev-adding-new-fields-to-existing-classes/index.html index a27ef16..3e5a1e2 100644 --- a/docs/development/dev-adding-new-fields-to-existing-classes/index.html +++ b/docs/development/dev-adding-new-fields-to-existing-classes/index.html @@ -1,806 +1,128 @@ - - - - - - - - - - - - - - - - - - - - -How to add fields to an existing class | Eclipse SW360 - - -How to add fields to an existing class | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    How to add fields to an existing class

    - -
    - - - - - - - - - - - - - -
    -

    The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. -We will add the license text to licenses in the thrift file:

    -
    13: optional string text;
-

    To update the text we write a liferay Action in the LicensesPortlet:

    -
        @UsedAsLiferayAction
-    public void changeText(ActionRequest request, ActionResponse response) throws PortletException, IOException {
-        String licenseId = request.getParameter(LICENSE_ID);
-        String text = request.getParameter(License._Fields.TEXT.name());
-
-        if(!Strings.isNullOrEmpty(licenseId)) {
-
-            try {
-                User user = UserCacheHolder.getUserFromRequest(request);
-                LicenseService.Iface client = thriftClients.makeLicenseClient();
-                final License license = client.getFromID(licenseId);
-
-                license.setText(CommonUtils.nullToEmptyString(text));
-                final RequestStatus requestStatus = client.updateLicense(license, user);
-
-                renderRequestStatus(request,response,requestStatus);
-            } catch (TException e) {
-                log.error("Error updating license", e);
-            }
-        }
-
-        response.setRenderParameter(LICENSE_ID, licenseId);
-        response.setRenderParameter(PAGENAME, PAGENAME_DETAIL);
-        response.setRenderParameter(SELECTED_TAB, "LicenseText");
-    }
-

    To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:

    -
    <portlet:actionURL var="changeLicenseTextURL" name="changeText">
-    <portlet:param name="<%=PortalConstants.LICENSE_ID%>" value="${licenseDetail.id}" />
-</portlet:actionURL>
-

    A good practice to name fields in jsps is to use the thrift field names:

    -
      <textarea name="<portlet:namespace/><%=License._Fields.TEXT%>" rows="5"  style="width: 100%" id="<portlet:namespace/><%=License._Fields.TEXT%>"
-            placeholder="Enter the License-Text here..."
-          >${licenseDetail.text}</textarea>
-
    - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +@UsedAsLiferayAction public void changeText(ActionRequest request, ActionResponse response) throws PortletException, IOException { String licenseId = request.getParameter(LICENSE_ID); String text = request."> +

    How to add fields to an existing class

    The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. +We will add the license text to licenses in the thrift file:

    13: optional string text;
+

    To update the text we write a liferay Action in the LicensesPortlet:

        @UsedAsLiferayAction
+    public void changeText(ActionRequest request, ActionResponse response) throws PortletException, IOException {
+        String licenseId = request.getParameter(LICENSE_ID);
+        String text = request.getParameter(License._Fields.TEXT.name());
+
+        if(!Strings.isNullOrEmpty(licenseId)) {
+
+            try {
+                User user = UserCacheHolder.getUserFromRequest(request);
+                LicenseService.Iface client = thriftClients.makeLicenseClient();
+                final License license = client.getFromID(licenseId);
+
+                license.setText(CommonUtils.nullToEmptyString(text));
+                final RequestStatus requestStatus = client.updateLicense(license, user);
+
+                renderRequestStatus(request,response,requestStatus);
+            } catch (TException e) {
+                log.error("Error updating license", e);
+            }
+        }
+
+        response.setRenderParameter(LICENSE_ID, licenseId);
+        response.setRenderParameter(PAGENAME, PAGENAME_DETAIL);
+        response.setRenderParameter(SELECTED_TAB, "LicenseText");
+    }
+

    To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:

    <portlet:actionURL var="changeLicenseTextURL" name="changeText">
+    <portlet:param name="<%=PortalConstants.LICENSE_ID%>" value="${licenseDetail.id}" />
+</portlet:actionURL>
+

    A good practice to name fields in jsps is to use the thrift field names:

      <textarea name="<portlet:namespace/><%=License._Fields.TEXT%>" rows="5"  style="width: 100%" id="<portlet:namespace/><%=License._Fields.TEXT%>"
+            placeholder="Enter the License-Text here..."
+          >${licenseDetail.text}</textarea>
+
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-branches/index.html b/docs/development/dev-branches/index.html index 846954d..efb8d59 100644 --- a/docs/development/dev-branches/index.html +++ b/docs/development/dev-branches/index.html @@ -1,770 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -SW360 Development Branches | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 Development Branches

    -
    Helps to see who is responsible and to which issue the Pull Request corresponds
    -
    - - - - - - - - - - - - - -
    -

    Branches structure

    -

    <github-nickname>/<issue>/<description>

    -

    Examples:

    -
      -
    • maierthomas/#1/fix-dowload-bundle
      • -
    • maierthomas/#3/sw360portal-specific-links
      • -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +SW360 Development Branches | Eclipse SW360 +

    SW360 Development Branches

    Helps to see who is responsible and to which issue the Pull Request corresponds

    Branches structure

    <github-nickname>/<issue>/<description>

    Examples:

    • maierthomas/#1/fix-dowload-bundle
    • maierthomas/#3/sw360portal-specific-links
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-database-migration-using-costco/index.html b/docs/development/dev-database-migration-using-costco/index.html index ad8b09b..f5d57b6 100644 --- a/docs/development/dev-database-migration-using-costco/index.html +++ b/docs/development/dev-database-migration-using-costco/index.html @@ -1,870 +1,144 @@ - - - - - - - - - - - - - - - - - - - - -Database migration using Costco | Eclipse SW360 -Database migration using Costco | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Database migration using Costco

    - -
    - - - - - - - - - - - - - -
    -

    Praeamble

    -

    Please note that database migrations are done now in python scripts at

    -
    -

    https://github.com/eclipse/sw360/tree/master/scripts/migrations

    -
    -

    keeping the following page because Costco might be useful for development / testing / quick adaptations.

    -

    Problem

    -

    The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.

    -

    Solution

    -

    Use costco, an open source project that

    -
      -
    • is a couchapp (right, this implies that you install the couchapp environment)
      • -
    • offers a Web interface as sub path of the couchdb database
      • -
    • allows to iterate through the documents of a database and then apply modifications on a particular document
      • -
    • allows to perform modifications on documents using Java script
      • -
    -

    More information

    - -

    Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document ‘schema’ (not in the classic sense as there is no schema in couchdb).

    -

    Troubleshooting

    -

    If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a ’not-so-obvious’ python error during install of couchapp. The following line could be th dependencies that you might need:

    -
    sudo apt-get install python-dev libxml2-dev libxslt-dev
-

    Cheat Sheet: Installing costco inside an sw360vagrant deployment

    -

    OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:

    -
    $ sudo apt-get install python-dev libxml2-dev libxslt-dev
-$ sudo pip install couchapp
-$ git clone http://github.com/harthur/costco.git
-$ cd costco
-$ couchapp push . http://localhost:5984/sw360db
-

    Examples in sw360

    -

    The following examples show some costco code from the use with sw360.

    -

    Renaming a key

    -

    In order to rename a field’s key, the following code might be helpful. In the following example, the field’s key developement into development (correcting a typo in the datamodel).

    -
    function(doc) {
-   if(doc.type == 'todo') {
-     doc.development = doc.developement;
-     delete doc.developement;
-    }
-  return doc;
-}
-

    Renaming a key in a subdocument

    -

    Similar thing as above, rename a key from comment to createdcomment, but this time inside a nested list of documents.

    -
    function(doc) {
-  if (doc.type == 'release') {
-     for (var f = 0, len = doc.attachments.length; f < len; f +=1 ) {
-       doc.attachments[f].createdComment = doc.attachments[f].comment;
-       delete  doc.attachments[f].comment;
-     }
-  }
-  return doc;
-}
-

    More JavaScript Examples with CouchDB

    -

    In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.

    -

    The following example searched for attachments of type SOURCE at releases, which do not have the createdBy set:

    -
    function(doc) { 
-  if ((doc.type == 'release') 
-       && (doc.attachments)) {
-    for (var attachment in doc.attachments) {
-      if (!doc.attachments[attachment].createdBy) {
-        if (doc.attachments[attachment].attachmentType== 'SOURCE') {
-          emit(doc._id, doc.attachments[attachment].filename);
-        }
-      }
-    }
-  }
-}
-

    The following example looks into date fields, in this case createdOn, and checks if it uses dots (for changing them into dashes).

    -
    function(doc) {
-  if(
-      (doc.type == 'release')
-      && (doc.createdOn.indexOf('.') !== -1)
-    )
-  {
-      emit(doc.name, doc)
-  }
-}
-
    - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Problem The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible."> +

    Database migration using Costco

    Praeamble

    Please note that database migrations are done now in python scripts at

    https://github.com/eclipse/sw360/tree/master/scripts/migrations

    keeping the following page because Costco might be useful for development / testing / quick adaptations.

    Problem

    The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.

    Solution

    Use costco, an open source project that

    • is a couchapp (right, this implies that you install the couchapp environment)
    • offers a Web interface as sub path of the couchdb database
    • allows to iterate through the documents of a database and then apply modifications on a particular document
    • allows to perform modifications on documents using Java script

    More information

    Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document ‘schema’ (not in the classic sense as there is no schema in couchdb).

    Troubleshooting

    If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a ’not-so-obvious’ python error during install of couchapp. The following line could be th dependencies that you might need:

    sudo apt-get install python-dev libxml2-dev libxslt-dev
+

    Cheat Sheet: Installing costco inside an sw360vagrant deployment

    OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:

    $ sudo apt-get install python-dev libxml2-dev libxslt-dev
+$ sudo pip install couchapp
+$ git clone http://github.com/harthur/costco.git
+$ cd costco
+$ couchapp push . http://localhost:5984/sw360db
+

    Examples in sw360

    The following examples show some costco code from the use with sw360.

    Renaming a key

    In order to rename a field’s key, the following code might be helpful. In the following example, the field’s key developement into development (correcting a typo in the datamodel).

    function(doc) {
+   if(doc.type == 'todo') {
+     doc.development = doc.developement;
+     delete doc.developement;
+    }
+  return doc;
+}
+

    Renaming a key in a subdocument

    Similar thing as above, rename a key from comment to createdcomment, but this time inside a nested list of documents.

    function(doc) {
+  if (doc.type == 'release') {
+     for (var f = 0, len = doc.attachments.length; f < len; f +=1 ) {
+       doc.attachments[f].createdComment = doc.attachments[f].comment;
+       delete  doc.attachments[f].comment;
+     }
+  }
+  return doc;
+}
+

    More JavaScript Examples with CouchDB

    In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.

    The following example searched for attachments of type SOURCE at releases, which do not have the createdBy set:

    function(doc) { 
+  if ((doc.type == 'release') 
+       && (doc.attachments)) {
+    for (var attachment in doc.attachments) {
+      if (!doc.attachments[attachment].createdBy) {
+        if (doc.attachments[attachment].attachmentType== 'SOURCE') {
+          emit(doc._id, doc.attachments[attachment].filename);
+        }
+      }
+    }
+  }
+}
+

    The following example looks into date fields, in this case createdOn, and checks if it uses dots (for changing them into dashes).

    function(doc) {
+  if(
+      (doc.type == 'release')
+      && (doc.createdOn.indexOf('.') !== -1)
+    )
+  {
+      emit(doc.name, doc)
+  }
+}
+
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-dod-and-style/index.html b/docs/development/dev-dod-and-style/index.html index c796d22..1e44aaa 100644 --- a/docs/development/dev-dod-and-style/index.html +++ b/docs/development/dev-dod-and-style/index.html @@ -1,859 +1,109 @@ - - - - - - - - - - - - - - - - - - - - -Definition of Done | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Definition of Done

    -
    The definition of done helps to set a common understanding for solving a ticket.
    -
    - - - - - - - - - - - - - -
    -

    Policy

    -
      -
    • Review points should involve one person from another angle (not just the person you were sitting together with anyways)
      • -
    • Limit items in review to 5, try to coordinate
      • -
    • Using Github assignments to issues or pull requests
      • -
    • Open review items require conversation
      • -
    -

    Definition of Done

    -
      -
    • -

      File headers in file OK

      -
        -
      • EPL-2.0 license header
        • -
      • Or, if the file is too small, configuration file: license note (see code style)
        • -
      • Copyright and author
        • -
      -
      • -
    • -

      Create Branches for sw360

      -
        -
      • Please use conventional branch names for sw360 Dev-Branches
        • -
      -
      • -
    • -

      Avoid (serious) compiler warnings

      -
        -
      • Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please
        • -
      • Rebase onto current master so that a fast forward merge is possible
        • -
      • That means that merge to master is prepared
        • -
      -
      • -
    • -

      No breaking test

      -
        -
      • Unit testing as it is already present
        • -
      • You have more - use them!
        • -
      -
      • -
    • -

      New test

      -
        -
      • For new / added functionality
        • -
      -
      • -
    • -

      Documentation

      -
        -
      • in the Githuib Wiki-Section, if you have done something new
        • -
      • At least a technical note for newly added functionality
        • -
      -
      • -
    • -

      Commit style

      -
        -
      • try to squash commits. In the ideal case, a feature is contained in one commit.
        • -
      • try to use conventional changelog for commit messages. Dev-Semantic-Commits
        • -
      -
      • -
    -

    Review

    -

    Review basically checks for the D-o-D items, in particular

    -
      -
    • Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful
      • -
    • Design / architecture issues
      • -
    • Community contribution suitability
      • -
    • Issue coverage (does it actually solve the problem?)
      • -
    • Add to commit message of merge commit explicitly:
      • -
    -
    review-by:email@domain.com
-

    and

    -
    tested-by:email@domain.com
-

    Licensing and File Header

    -

    All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.

    -

    If a file has relevant functionality, note that we should move to Eclipse 2.0

    -
    /*
- * Copyright COPYRIGHT HOLDER, 2017.
- * Copyright NEXT COPYRIGHT HOLDER, 2017.
- * Part of the SW360 Portal Project.
- *
- * SPDX-License-Identifier: EPL-1.0
- *
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- */
-

    (please adapt comment characters usage)

    -

    For small files such as property files, configuration files or standard XML files:

    -
    # Copyright <COPYRIGHT_HOLDER>, <YEAR>. Part of the SW360 Portal Project.
-#
-# All rights reserved. This configuration file is provided to you under the
-# terms and conditions of the Eclipse Distribution License v1.0 which
-# accompanies this distribution, and is available at
-# http://www.eclipse.org/org/documents/edl-v10.php
-

    Code style

    -

    Just use the standard Java formatting rules of your IDE and do not reformat code from others, because you like to correct formatting of other’s code.

    - - - -
    - Last modified January 16, 2023: upd(project): Minor updates (aac964c) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Definition of Done | Eclipse SW360 +

    Definition of Done

    The definition of done helps to set a common understanding for solving a ticket.

    Policy

    • Review points should involve one person from another angle (not just the person you were sitting together with anyways)
    • Limit items in review to 5, try to coordinate
    • Using Github assignments to issues or pull requests
    • Open review items require conversation

    Definition of Done

    • File headers in file OK

      • EPL-2.0 license header
      • Or, if the file is too small, configuration file: license note (see code style)
      • Copyright and author

    • Create Branches for sw360

    • Avoid (serious) compiler warnings

      • Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please
      • Rebase onto current master so that a fast forward merge is possible
      • That means that merge to master is prepared

    • No breaking test

      • Unit testing as it is already present
      • You have more - use them!

    • New test

      • For new / added functionality

    • Documentation

      • in the Githuib Wiki-Section, if you have done something new
      • At least a technical note for newly added functionality

    • Commit style

      • try to squash commits. In the ideal case, a feature is contained in one commit.
      • try to use conventional changelog for commit messages. Dev-Semantic-Commits

    Review

    Review basically checks for the D-o-D items, in particular

    • Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful
    • Design / architecture issues
    • Community contribution suitability
    • Issue coverage (does it actually solve the problem?)
    • Add to commit message of merge commit explicitly:
    review-by:email@domain.com
+

    and

    tested-by:email@domain.com
+

    Licensing and File Header

    All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.

    If a file has relevant functionality, note that we should move to Eclipse 2.0

    /*
+ * Copyright COPYRIGHT HOLDER, 2017.
+ * Copyright NEXT COPYRIGHT HOLDER, 2017.
+ * Part of the SW360 Portal Project.
+ *
+ * SPDX-License-Identifier: EPL-1.0
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+

    (please adapt comment characters usage)

    For small files such as property files, configuration files or standard XML files:

    # Copyright <COPYRIGHT_HOLDER>, <YEAR>. Part of the SW360 Portal Project.
+#
+# All rights reserved. This configuration file is provided to you under the
+# terms and conditions of the Eclipse Distribution License v1.0 which
+# accompanies this distribution, and is available at
+# http://www.eclipse.org/org/documents/edl-v10.php
+

    Code style

    Just use the standard Java formatting rules of your IDE and do not reformat code from others, because you like to correct formatting of other’s code.

    Last modified January 16, 2023: upd(project): Minor updates (aac964c)
    + + + \ No newline at end of file diff --git a/docs/development/dev-external-documents-with-couchdb/index.html b/docs/development/dev-external-documents-with-couchdb/index.html index 232acfb..1579cc5 100644 --- a/docs/development/dev-external-documents-with-couchdb/index.html +++ b/docs/development/dev-external-documents-with-couchdb/index.html @@ -1,1089 +1,287 @@ - - - - - - - - - - - - - - - - - - - - -CouchDB External Documents | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    CouchDB External Documents

    - -
    - - - - - - - - - - - - - -
    -

    Motivation

    -

    In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. +CouchDB External Documents | Eclipse SW360 +

    CouchDB External Documents

    Motivation

    In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. Projects, components and releases contain attachments. The metadata of these attachments are stored as inline documents inside its parent document (which is the project, component or release). However these attachments may be used by other documents as well, e.g. license info files which are attached to releases are used by projects to generate the overall license information for that project. -In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.

    -

    Advantages of external documents

    -
      -
    • single documents with a clear separation to other documents
      • -
    • easy identification
      • -
    • might be loaded and updated standalone
      • -
    -

    Advantages of internal documents

    -
      -
    • Very fast loading along with the owner
      • -
    • Easy handling since only the owner must be loaded or updated
      • -
    -

    In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.

    -

    Possible implementations for linked documents

    -

    Special ResponseHandler with special views from CouchDB

    - - - - - - - - - - - - - - - -
    Easy to use?Performance?Effort to use in existing code
    :star::star: Middle, special views have to be created, fields of data objects has to be annotated.:star::star::star: Very good, fetching of multiple documents with a single request.:star: High, since existing code has to be changed
    -

    Couch-DB theory

    -

    At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:

    -
    project = {
-   _id: "p1",
-   type: "project",
-   name: "Testproject",
-   attachments: [
-       { _id: "a1" },
-       { _id: "z2" }
-   ]
-}
-attachment1 = {
-    _id: "a1",
-    type: "attachment",
-    name: "SourceFile",
-    sha1: "abc1234"
-}
-attachment2 = {
-    _id: "a2",
-    type: "attachment",
-    name: "LicenseFile",
-    sha1: "fed9876"
-}
-

    Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:

    -
    function(doc) {
-    if(doc.type === "attachment") {
-        emit(doc._id, null);
-        for(var in in doc.attachments) {
-            emit(doc._id, { _id: doc.attachments[i]._id });
-        }
-    }
-}
-

    You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:

    -
    {
-   "total_rows":5,
-   "offset":0,
-   "rows":[{
-         "id":"p1",
-         "key": "p1",
-         "doc":{
-            "_id":"p1",
-            "attachments":[
-               "a1", "a2"
-            ],
-            "name":"Testproject",
-            ...
-         },
-         ...
-      }, {
-         "id":"p1",
-         "doc":{
-            "_id":"a1",
-            name: "SourceFile",
-            ...
-         },
-         ...
-      }, {
-         "id":"p1",
-         "key": "p1",
-         "value":null,
-         "doc":{
-            "_id":"a2",
-            name: "LicenseFile",
-            ...
-         },
-         ...
-      }
-    ]
-}
+In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.
    Advantages of external documents
    • single documents with a clear separation to other documents
    • easy identification
    • might be loaded and updated standalone
    Advantages of internal documents
    • Very fast loading along with the owner
    • Easy handling since only the owner must be loaded or updated
    In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.
    Possible implementations for linked documents
    Special ResponseHandler with special views from CouchDB
    Easy to use?Performance?Effort to use in existing code
    :star::star: Middle, special views have to be created, fields of data objects has to be annotated.:star::star::star: Very good, fetching of multiple documents with a single request.:star: High, since existing code has to be changed
    Couch-DB theory
    At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:
    project = {
+   _id: "p1",
+   type: "project",
+   name: "Testproject",
+   attachments: [
+       { _id: "a1" },
+       { _id: "z2" }
+   ]
+}
+attachment1 = {
+    _id: "a1",
+    type: "attachment",
+    name: "SourceFile",
+    sha1: "abc1234"
+}
+attachment2 = {
+    _id: "a2",
+    type: "attachment",
+    name: "LicenseFile",
+    sha1: "fed9876"
+}
+
    Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:
    function(doc) {
+    if(doc.type === "attachment") {
+        emit(doc._id, null);
+        for(var in in doc.attachments) {
+            emit(doc._id, { _id: doc.attachments[i]._id });
+        }
+    }
+}
+
    You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:
    {
+   "total_rows":5,
+   "offset":0,
+   "rows":[{
+         "id":"p1",
+         "key": "p1",
+         "doc":{
+            "_id":"p1",
+            "attachments":[
+               "a1", "a2"
+            ],
+            "name":"Testproject",
+            ...
+         },
+         ...
+      }, {
+         "id":"p1",
+         "doc":{
+            "_id":"a1",
+            name: "SourceFile",
+            ...
+         },
+         ...
+      }, {
+         "id":"p1",
+         "key": "p1",
+         "value":null,
+         "doc":{
+            "_id":"a2",
+            name: "LicenseFile",
+            ...
+         },
+         ...
+      }
+    ]
+}
 
    Note is will only work if you query the view with include_docs set to true.
-Note include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:
    
-
      
-
    • null: if the value is null, the document which is identified by the key is included
      • 
-
    • { _id: “…” }: the document identified by the given id is included.
+Note include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:
      
-
      Implementation with Ektorp
      
-
      https://github.com/eclipse/sw360/pull/596 show an implementation to transparently read such results from Couch-DB. It consists of:
      
-
        
-
      • new methods in the database connector which are aware of loading linked documents
        • 
-
      • a response handler used for parsing the results when requesting linked documents
        • 
-
      • two annotation classes to mark fields which contain ids for linked documents
-After the branch was merged, the new feature can be used in only three steps. You need:
        • 
-
      
-
        
-
      1. A view that loads the “main” documents along with there linked documents
        2. 
-
      2. A special method in your database handler / database repository which calls the new method from the connector
        3. 
-
      3. A mixin for your data object which annotates the fields which contain ids to linked documents
        4. 
-
      
-
      Notes for 1.
      
-
      Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well.
-You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.
      
-
      Notes for 2.
      
-
      You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.
      
-
      Notes for 3.
      
-
      Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.
      
-
      Usage with Ektorp
      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
      Easy to use?Performance?Effort to use in existing code
      :no_entry: does not work:no_entry::no_entry:
      
-
      Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly.
-However Ektorp has a linking feature as well: You may annotate fields with the @DocumentReference-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type Set at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the @DocumentReference-annotation to work was not possible with a reasonable effort.
      
-
      Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.
      
-
      Own serializer/deserzialer
      
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
      Easy to use?Performance?Effort to use in existing code
      :star::star::star: Quite easy, just some Jackson configuration necessary:star::star: Good, but every type of linked objects needs an additional request:star::star::star: Low, existing code does not have to be changed
      
-
      This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object.
-The following classes are needed:
      
-
        
-
      1. Repository for the new external documents
        2. 
-
      2. DatabaseHandler for the new external documents
        3. 
-
      3. Mixin-Class to add annotations to the field with external documents
        4. 
-
      4. A new mapper factory to properly configure the custom serializer
        5. 
-
      5. Custom serializers/deserializer
        6. 
-
      
-
      Example for externalizing attachments
      
-
      Mixin-Class
      
-
      This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every
      
-
      public abstract class SplitAttachmentsMixin extends DatabaseMixIn {
-    @JsonSerialize(using = AttachmentSetSerializer.class)
-    @JsonDeserialize(using = AttachmentSetDeserializer.class)
-    public abstract void setAttachments(Set<Attachment> attachments);
-}
-
      Mapper factory
      
-
      public class SplitAttachmentsMapperFactory extends MapperFactory {
-
-    private final AttachmentHandlerInstantiator handlerInitiator;
-
-    public SplitAttachmentsMapperFactory(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
-        handlerInitiator = new AttachmentHandlerInstantiator(httpClient, dbName);
-    }
-
-    @Override
-    public ObjectMapper createObjectMapper() {
-        ObjectMapper objectMapper = super.createObjectMapper();
-
-        objectMapper.addMixInAnnotations(Project.class, SplitAttachmentsMixin.class);
-        objectMapper.setHandlerInstantiator(handlerInitiator);
-
-        return objectMapper;
-    }
-
-    private static class AttachmentHandlerInstantiator extends HandlerInstantiator {
-        private final AttachmentSetSerializer attachmentSetSerializer;
-        private final AttachmentSetDeserializer attachmentSetDeserializer;
-
-        public AttachmentHandlerInstantiator(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
-            attachmentSetSerializer = new AttachmentSetSerializer(httpClient, dbName);
-            attachmentSetDeserializer = new AttachmentSetDeserializer(httpClient, dbName);
-        }
-
-        @Override
-        public JsonDeserializer<?> deserializerInstance(DeserializationConfig config, Annotated annotated, Class<?> deserClass) {
-            if (deserClass.isInstance(attachmentSetDeserializer)) {
-                return attachmentSetDeserializer;
-            }
-            return null;
-        }
-        ...
-    }
-
-}
-
      Serializer
      
-
      public class AttachmentSetSerializer extends JsonSerializer<Set<Attachment>> {
-
-    private final AttachmentDatabaseHandler handler;
-
-    public AttachmentSetSerializer(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
-        this.handler = new AttachmentDatabaseHandler(httpClient, dbName);
-    }
-
-    @Override
-    public void serialize(Set<Attachment> attachments, JsonGenerator jsonGenerator, SerializerProvider provider)
-            throws IOException, JsonProcessingException {
-
-        try {
-            List<DocumentOperationResult> results = handler.bulkCreateOrUpdateAttachments(attachments);
-            if (!results.isEmpty()) {
-                throw new IOException("Cannot create or update attachments. Some failed: " + results);
-            }
-        } catch (SW360Exception exception) {
-            throw new IOException("Cannot create or update attachments.", exception);
-        }
-
-        jsonGenerator.writeStartArray();
-        for (Attachment attachment : attachments) {
-            jsonGenerator.writeStartObject();
-            jsonGenerator.writeStringField("_id", attachment.getId());
-            jsonGenerator.writeEndObject();
-        }
-        jsonGenerator.writeEndArray();
-    }
-}
-
      Deserializer
      
-
      public class AttachmentSetDeserializer extends JsonDeserializer<Set<Attachment>> {
-
-    private final AttachmentDatabaseHandler handler;
-
-    public AttachmentSetDeserializer(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
-        this.handler = new AttachmentDatabaseHandler(httpClient, dbName);
-    }
-
-    @Override
-    public Set<Attachment> deserialize(JsonParser jsonParser, DeserializationContext context) throws IOException, JsonProcessingException {
-        Set<Attachment> attachments = Sets.newHashSet();
-
-        if (!jsonParser.isExpectedStartArrayToken()) {
-            throw new IllegalStateException("Expected array token but found: " + jsonParser.getCurrentToken().asString());
-        }
-
-        Set<String> attachmentIds = Sets.newHashSet();
-        JsonToken token = jsonParser.nextToken();
-        while (!JsonToken.END_ARRAY.equals(token)) {
-            switch (token) {
-            case START_OBJECT:
-                Attachment attachment = jsonParser.readValueAs(Attachment.class);
-                if (attachment.isSetId() && !attachment.isSetRevision()) {
-                    attachmentIds.add(attachment.getId());
-                } else {
-                    attachments.add(attachment);
-                }
-                break;
-
-            default:
-                throw new IllegalStateException(
-                        "Unexpected token. Expected object or string but found: " + jsonParser.getCurrentToken().asString());
-            }
-
-            token = jsonParser.nextToken();
-        }
-
-        if (!attachmentIds.isEmpty()) {
-            try {
-                attachments.addAll(handler.retrieveAttachments(attachmentIds));
-            } catch (SW360Exception exception) {
-                throw new IOException("Cannot load attachments (" + attachmentIds + ")", exception);
-            }
-        }
-
-        return attachments;
-    }
-
-}
-
      
-	
-	
-	
      
-  Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
-
      
-
-
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Note See also https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents.

    Implementation with Ektorp

    https://github.com/eclipse/sw360/pull/596 show an implementation to transparently read such results from Couch-DB. It consists of:

    • new methods in the database connector which are aware of loading linked documents
    • a response handler used for parsing the results when requesting linked documents
    • two annotation classes to mark fields which contain ids for linked documents +After the branch was merged, the new feature can be used in only three steps. You need:
    1. A view that loads the “main” documents along with there linked documents
    2. A special method in your database handler / database repository which calls the new method from the connector
    3. A mixin for your data object which annotates the fields which contain ids to linked documents

    Notes for 1.

    Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. +You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.

    Notes for 2.

    You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.

    Notes for 3.

    Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.

    Usage with Ektorp

    Easy to use?Performance?Effort to use in existing code
    :no_entry: does not work:no_entry::no_entry:

    Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. +However Ektorp has a linking feature as well: You may annotate fields with the @DocumentReference-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type Set at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the @DocumentReference-annotation to work was not possible with a reasonable effort.

    Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.

    Own serializer/deserzialer

    Easy to use?Performance?Effort to use in existing code
    :star::star::star: Quite easy, just some Jackson configuration necessary:star::star: Good, but every type of linked objects needs an additional request:star::star::star: Low, existing code does not have to be changed

    This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. +The following classes are needed:

    1. Repository for the new external documents
    2. DatabaseHandler for the new external documents
    3. Mixin-Class to add annotations to the field with external documents
    4. A new mapper factory to properly configure the custom serializer
    5. Custom serializers/deserializer

    Example for externalizing attachments

    Mixin-Class

    This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every

    public abstract class SplitAttachmentsMixin extends DatabaseMixIn {
+    @JsonSerialize(using = AttachmentSetSerializer.class)
+    @JsonDeserialize(using = AttachmentSetDeserializer.class)
+    public abstract void setAttachments(Set<Attachment> attachments);
+}
+
    Mapper factory
    public class SplitAttachmentsMapperFactory extends MapperFactory {
+
+    private final AttachmentHandlerInstantiator handlerInitiator;
+
+    public SplitAttachmentsMapperFactory(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
+        handlerInitiator = new AttachmentHandlerInstantiator(httpClient, dbName);
+    }
+
+    @Override
+    public ObjectMapper createObjectMapper() {
+        ObjectMapper objectMapper = super.createObjectMapper();
+
+        objectMapper.addMixInAnnotations(Project.class, SplitAttachmentsMixin.class);
+        objectMapper.setHandlerInstantiator(handlerInitiator);
+
+        return objectMapper;
+    }
+
+    private static class AttachmentHandlerInstantiator extends HandlerInstantiator {
+        private final AttachmentSetSerializer attachmentSetSerializer;
+        private final AttachmentSetDeserializer attachmentSetDeserializer;
+
+        public AttachmentHandlerInstantiator(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
+            attachmentSetSerializer = new AttachmentSetSerializer(httpClient, dbName);
+            attachmentSetDeserializer = new AttachmentSetDeserializer(httpClient, dbName);
+        }
+
+        @Override
+        public JsonDeserializer<?> deserializerInstance(DeserializationConfig config, Annotated annotated, Class<?> deserClass) {
+            if (deserClass.isInstance(attachmentSetDeserializer)) {
+                return attachmentSetDeserializer;
+            }
+            return null;
+        }
+        ...
+    }
+
+}
+
    Serializer
    public class AttachmentSetSerializer extends JsonSerializer<Set<Attachment>> {
+
+    private final AttachmentDatabaseHandler handler;
+
+    public AttachmentSetSerializer(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
+        this.handler = new AttachmentDatabaseHandler(httpClient, dbName);
+    }
+
+    @Override
+    public void serialize(Set<Attachment> attachments, JsonGenerator jsonGenerator, SerializerProvider provider)
+            throws IOException, JsonProcessingException {
+
+        try {
+            List<DocumentOperationResult> results = handler.bulkCreateOrUpdateAttachments(attachments);
+            if (!results.isEmpty()) {
+                throw new IOException("Cannot create or update attachments. Some failed: " + results);
+            }
+        } catch (SW360Exception exception) {
+            throw new IOException("Cannot create or update attachments.", exception);
+        }
+
+        jsonGenerator.writeStartArray();
+        for (Attachment attachment : attachments) {
+            jsonGenerator.writeStartObject();
+            jsonGenerator.writeStringField("_id", attachment.getId());
+            jsonGenerator.writeEndObject();
+        }
+        jsonGenerator.writeEndArray();
+    }
+}
+

    Deserializer

    public class AttachmentSetDeserializer extends JsonDeserializer<Set<Attachment>> {
+
+    private final AttachmentDatabaseHandler handler;
+
+    public AttachmentSetDeserializer(Supplier<HttpClient> httpClient, String dbName) throws MalformedURLException {
+        this.handler = new AttachmentDatabaseHandler(httpClient, dbName);
+    }
+
+    @Override
+    public Set<Attachment> deserialize(JsonParser jsonParser, DeserializationContext context) throws IOException, JsonProcessingException {
+        Set<Attachment> attachments = Sets.newHashSet();
+
+        if (!jsonParser.isExpectedStartArrayToken()) {
+            throw new IllegalStateException("Expected array token but found: " + jsonParser.getCurrentToken().asString());
+        }
+
+        Set<String> attachmentIds = Sets.newHashSet();
+        JsonToken token = jsonParser.nextToken();
+        while (!JsonToken.END_ARRAY.equals(token)) {
+            switch (token) {
+            case START_OBJECT:
+                Attachment attachment = jsonParser.readValueAs(Attachment.class);
+                if (attachment.isSetId() && !attachment.isSetRevision()) {
+                    attachmentIds.add(attachment.getId());
+                } else {
+                    attachments.add(attachment);
+                }
+                break;
+
+            default:
+                throw new IllegalStateException(
+                        "Unexpected token. Expected object or string but found: " + jsonParser.getCurrentToken().asString());
+            }
+
+            token = jsonParser.nextToken();
+        }
+
+        if (!attachmentIds.isEmpty()) {
+            try {
+                attachments.addAll(handler.retrieveAttachments(attachmentIds));
+            } catch (SW360Exception exception) {
+                throw new IOException("Cannot load attachments (" + attachmentIds + ")", exception);
+            }
+        }
+
+        return attachments;
+    }
+
+}
+
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-filtering-in-portlets/index.html b/docs/development/dev-filtering-in-portlets/index.html index 353e590..0b05a92 100644 --- a/docs/development/dev-filtering-in-portlets/index.html +++ b/docs/development/dev-filtering-in-portlets/index.html @@ -1,784 +1,98 @@ - - - - - - - +Filtering in Portlets | Eclipse SW360 - - - - - - - - - - -Filtering in Portlets | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Filtering in Portlets

    - -
    - - - - - - - - - - - - - -
    -

    For the filters that are shown for components and listings, there are some options:

    -
      -
    1. -

      The Keyword search works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.

      -
      2. -
    2. -

      The filters actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, ProjectPortlet calls the thrift service refineSearch(), which is handled in ProjectHandler. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in ProjectSearchHandler.java. This is called with the LuceneAwareDatabaseConnector.java. After filtering, the visibility constraints for the requesting user are applied.

      -
      3. -
    3. -

      Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).

      -
      4. -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +The filters actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, ProjectPortlet calls the thrift service refineSearch(), which is handled in ProjectHandler."> +

    Filtering in Portlets

    For the filters that are shown for components and listings, there are some options:

    1. The Keyword search works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.

    2. The filters actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, ProjectPortlet calls the thrift service refineSearch(), which is handled in ProjectHandler. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in ProjectSearchHandler.java. This is called with the LuceneAwareDatabaseConnector.java. After filtering, the visibility constraints for the requesting user are applied.

    3. Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-fossology-integration/index.html b/docs/development/dev-fossology-integration/index.html index 0bfa771..6d0b3eb 100644 --- a/docs/development/dev-fossology-integration/index.html +++ b/docs/development/dev-fossology-integration/index.html @@ -1,822 +1,99 @@ - - - - - - - - - - - - - - - - - - - - -Fossology Integration | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Fossology Integration

    -
    Basis of communication between SW360 and FOSSology
    -
    - - - - - - - - - - - - - -
    -

    Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.

    -

    The commands that are executed are the bash scripts found inside src-fossology/src/main/resources/scripts/, they are copied into the home directory of the ssh user (either manually or through the admin portlet). -See Setup of connection with Fossology for configuration details.

    -
    \- src-fossology/src/main/resources/
- \- scripts/
-  |- duplicateUpload
-  |- folderManager
-  |- getStatusOfUpload
-  |- uploadFromSW360
-  \- utilsSW360
-

    These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...).

    -
      -
    • utilsSW360 contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes
      • -
    • folderManager (uses FO:fo_folder): get information about the folder structure of FOSSology to allow sharing of uploads between groups
      • -
    • getStatusOfUpload (uses FO:fossupload_status): to get the clearing status given an uploadId and a group
      • -
    • uploadFromSW360 (uses FO:cp2foss fossjobs): to create a new upload from the standard input and schedule scanners
      • -
    • duplicateUpload (uses FO:fo_chmod SW:folderManager): to make a previously uploaded file available for another group
      • -
    -

    Java libraries and settings

    -

    The java code utilizes the package com.jcraft.jsch to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.

    -

    Conventions

    -

    the sw360 user in FOSSology (the actual name is configured in utilsSW360) must be a member of every group to which it should be able to send Releases to be cleared. -File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).

    -

    Datamodel and thrift service

    -
      -
    • -

      each Release object in SW360 can have only one attachment of type SOURCE.

      -
      • -
    • -

      when a Release is sent for the first time to FOSSology through the Thrift method sendToFossology(1: string releaseId, 2: string clearingTeam ) its SOURCE attachement is sent as stdin to the script uploadFromSW360.

      -

      The field map<string, FossologyStatus> clearingTeamToFossologyStatus is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).

      -
      • -
    • -

      when the same Release is sent again for another team a new link in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:fo_chmod).

      -

      At the moment this gives access only to the files, not to the relative clearing decision. -In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]

      -
      • -
    • -

      when the current status is requested using the Thrift method Release getStatusInFossology(1: string releaseId, 2: string clearingTeam ) the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam

      -
      • -
    -

    Notes

    -
      -
    • Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.
      • -
    • Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.
      • -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Fossology Integration | Eclipse SW360 +

    Fossology Integration

    Basis of communication between SW360 and FOSSology

    Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.

    The commands that are executed are the bash scripts found inside src-fossology/src/main/resources/scripts/, they are copied into the home directory of the ssh user (either manually or through the admin portlet). +See Setup of connection with Fossology for configuration details.

    \- src-fossology/src/main/resources/
+ \- scripts/
+  |- duplicateUpload
+  |- folderManager
+  |- getStatusOfUpload
+  |- uploadFromSW360
+  \- utilsSW360
+

    These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...).

    • utilsSW360 contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes
    • folderManager (uses FO:fo_folder): get information about the folder structure of FOSSology to allow sharing of uploads between groups
    • getStatusOfUpload (uses FO:fossupload_status): to get the clearing status given an uploadId and a group
    • uploadFromSW360 (uses FO:cp2foss fossjobs): to create a new upload from the standard input and schedule scanners
    • duplicateUpload (uses FO:fo_chmod SW:folderManager): to make a previously uploaded file available for another group

    Java libraries and settings

    The java code utilizes the package com.jcraft.jsch to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.

    Conventions

    the sw360 user in FOSSology (the actual name is configured in utilsSW360) must be a member of every group to which it should be able to send Releases to be cleared. +File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).

    Datamodel and thrift service

    • each Release object in SW360 can have only one attachment of type SOURCE.

    • when a Release is sent for the first time to FOSSology through the Thrift method sendToFossology(1: string releaseId, 2: string clearingTeam ) its SOURCE attachement is sent as stdin to the script uploadFromSW360.

      The field map<string, FossologyStatus> clearingTeamToFossologyStatus is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).

    • when the same Release is sent again for another team a new link in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:fo_chmod).

      At the moment this gives access only to the files, not to the relative clearing decision. +In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]

    • when the current status is requested using the Thrift method Release getStatusInFossology(1: string releaseId, 2: string clearingTeam ) the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam

    Notes

    • Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.
    • Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-liferay-friendly-url/index.html b/docs/development/dev-liferay-friendly-url/index.html index cf487ea..9aec914 100644 --- a/docs/development/dev-liferay-friendly-url/index.html +++ b/docs/development/dev-liferay-friendly-url/index.html @@ -1,842 +1,109 @@ - - - - - - - - - - - - - - - - - - - - -Liferay Friendly | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Liferay Friendly

    -
    Basis of communication between SW360 and FOSSology
    -
    - - - - - - - - - - - - - -
    -

    The normal generated portlet URLs containing a set of internal Liferay request parameters.
    -These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.

    -

    General Liferay portlet URL:

    -
    http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_example_WAR_ExamplePortlet_javax.portlet.action=new
-

    Explanation of the Liferay request parameters:
    -p_p_id: The portlet ID (example_WAR_ExamplePortlet)
    -p_p_state: Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize)
    -p_p_mode: Mode of the portlet look like - (view) (edit) (help)
    -p_p_lifecycle: This is life cycle of portlet - 0 (render) 1 (action) 2 (server)
    -p_p_col_id: The reference ID of the column in Liferay template
    -p_p_col_pos: Specifiy the column position if the the layout having more than one columns
    -p_p_col_count: Shows the no of columns in the current layout

    -

    Friendly URL Mapper configuration

    -

    Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature.

    -How to configure the friendly URL Mapper in Liferay?

    -Configuration of URL routes in XML files

    -

    CREATE example-friendly-url-routes.xml

    -
    <?xml version="1.0"?>
-<!DOCTYPE routes PUBLIC "-//Liferay//DTD Friendly URL Routes 6.2.2//EN"
-"http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd">
-<routes>
-	<route>
-		<pattern>/action/{actionName}</pattern>
-		<generated-parameter name="javax.portlet.action">{actionName}</generated-parameter>
-		<ignored-parameter name="p_auth"/>
-		<ignored-parameter name="p_p_id"/>
-		<implicit-parameter name="p_p_lifecycle">1</implicit-parameter>
-		<implicit-parameter name="p_p_state">normal</implicit-parameter>
-		<implicit-parameter name="p_p_mode">view</implicit-parameter>
-	</route>
-</routes>
-

    Explanation of the Liferay Friendly Mapper route parameters:
    -routes: Routes element which contains all route entries
    -route: Single route element entry
    -pattern: Pattern of the mapped friendly URL (visible in address bar)
    -generated-parameter: These parameters will be generated from parameters in the request URL
    -ignored-parameter: These parameters will be igored and not included in generated URLs
    -implicit-parameter: Used for static attributes which can be ignored by recognition
    -overridden-parameter: Parameter that should be set to a certain value when a URL is recognized
    -
    -It is necessary to order the parameters as described above.
    -These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay.
    -
    -Configuration of friendly URL Java class
    -
    -MODIFY liferay-portlet.xml -

    -
    <friendly-url-mapper-class>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper</friendly-url-mapper-class>
-<friendly-url-mapping>example</friendly-url-mapping>
-<friendly-url-routes>com/.../example-friendly-url-routes.xml</friendly-url-routes>
-

    -In the next step we need one java implementation class to generate the Liferay friendly URLs.
    -

    Liferay provides the DefaultFriendlyURLMapper class to create the URLs based on our rules.

    -

    The Liferay Friendly URL Mapper configuration is placed after <icon/> and before <instanceable> -tag.

    -

    Friendly URL Mapper outcome

    -

    Liferay will generate the following friendly URL

    -
    http://localhost:8080/web/guest/examples/-/example/action/new
-

    -
      -
    1. The liferay framework will add “-” (dash)
      2. -
    2. Friendly URL mapper name which is configured in <friendly-url-mapping> (liferay-portlet.xml) element
      3. -
    3. Pattern name with generated parameters which is same as in <pattern> (example-friendly-url-routes.xml) defined.
      4. -
    -

    Additional

    -

    Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript.
    -It is helpful to generate <portlet:renderURL> placeholder and replace them by using dummy values.

    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Liferay Friendly | Eclipse SW360 +

    Liferay Friendly

    Basis of communication between SW360 and FOSSology

    The normal generated portlet URLs containing a set of internal Liferay request parameters.
    These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.

    General Liferay portlet URL:

    http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&_example_WAR_ExamplePortlet_javax.portlet.action=new
+

    Explanation of the Liferay request parameters:
    p_p_id: The portlet ID (example_WAR_ExamplePortlet)
    p_p_state: Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize)
    p_p_mode: Mode of the portlet look like - (view) (edit) (help)
    p_p_lifecycle: This is life cycle of portlet - 0 (render) 1 (action) 2 (server)
    p_p_col_id: The reference ID of the column in Liferay template
    p_p_col_pos: Specifiy the column position if the the layout having more than one columns
    p_p_col_count: Shows the no of columns in the current layout

    Friendly URL Mapper configuration

    Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature.

    How to configure the friendly URL Mapper in Liferay?

    Configuration of URL routes in XML files

    CREATE example-friendly-url-routes.xml

    <?xml version="1.0"?>
+<!DOCTYPE routes PUBLIC "-//Liferay//DTD Friendly URL Routes 6.2.2//EN"
+"http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd">
+<routes>
+	<route>
+		<pattern>/action/{actionName}</pattern>
+		<generated-parameter name="javax.portlet.action">{actionName}</generated-parameter>
+		<ignored-parameter name="p_auth"/>
+		<ignored-parameter name="p_p_id"/>
+		<implicit-parameter name="p_p_lifecycle">1</implicit-parameter>
+		<implicit-parameter name="p_p_state">normal</implicit-parameter>
+		<implicit-parameter name="p_p_mode">view</implicit-parameter>
+	</route>
+</routes>
+

    Explanation of the Liferay Friendly Mapper route parameters:
    routes: Routes element which contains all route entries
    route: Single route element entry
    pattern: Pattern of the mapped friendly URL (visible in address bar)
    generated-parameter: These parameters will be generated from parameters in the request URL
    ignored-parameter: These parameters will be igored and not included in generated URLs
    implicit-parameter: Used for static attributes which can be ignored by recognition
    overridden-parameter: Parameter that should be set to a certain value when a URL is recognized

    It is necessary to order the parameters as described above.
    These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay.

    Configuration of friendly URL Java class

    MODIFY liferay-portlet.xml

    <friendly-url-mapper-class>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper</friendly-url-mapper-class>
+<friendly-url-mapping>example</friendly-url-mapping>
+<friendly-url-routes>com/.../example-friendly-url-routes.xml</friendly-url-routes>
+

    In the next step we need one java implementation class to generate the Liferay friendly URLs.

    Liferay provides the DefaultFriendlyURLMapper class to create the URLs based on our rules.

    The Liferay Friendly URL Mapper configuration is placed after <icon/> and before <instanceable> +tag.

    Friendly URL Mapper outcome

    Liferay will generate the following friendly URL

    http://localhost:8080/web/guest/examples/-/example/action/new
+

    1. The liferay framework will add “-” (dash)
    2. Friendly URL mapper name which is configured in <friendly-url-mapping> (liferay-portlet.xml) element
    3. Pattern name with generated parameters which is same as in <pattern> (example-friendly-url-routes.xml) defined.

    Additional

    Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript.
    It is helpful to generate <portlet:renderURL> placeholder and replace them by using dummy values.

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-moderation-requests/index.html b/docs/development/dev-moderation-requests/index.html index e9bb911..5a75435 100644 --- a/docs/development/dev-moderation-requests/index.html +++ b/docs/development/dev-moderation-requests/index.html @@ -1,853 +1,100 @@ - - - - - - - - - - - - - - - - - - - - -Moderation Requests | Eclipse SW360 -Moderation Requests | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Moderation Requests

    - -
    - - - - - - - - - - - - - -
    -

    The concept of moderation is good for two things:

    -
      -
    • to cope with a large number of potential edits on documents.
      • -
    • to allow every user to propose edits.
      • -
    -

    Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.

    -

    Application Flow

    -

    A user changes a moderated document, which are component, release, project and todo’s of licenses (and the white list):

    -
      -
    • -

      The user switches in edit mode and applies a change.

      -
      • -
    • -

      The user submits the change by clicking “Update …”

      -
      • -
    • -

      The application checks, if the permissions are sufficient

      -
      • -
    • -

      For sufficient permissions, see here: https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model

      -
      • -
    • -

      If the permissions do not allow the edit right away, a moderation request is created.

      -
      • -
    • -

      Moderators can see the moderation request in the moderation portlet

      -
      • -
    • -

      Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators

      -
      • -
    -

    Technical Description

    -

    Checking Document Permissions

    -

    If a moderation requests needs to be created, because the user does not have sufficient permissions:

    -
      -
    • The request goes through the stack, for example: project portlet, project handler, project database handler.
      • -
    • Then the project database handler checks for permissions using makePermission() (DocumentPermission is the base class, then ProjectPermissions is the referring here for projects) and isActionAllowed().
      • -
    • For moderation requests, we assume that this action is not allowed. Then, the ProjectModerator is called (see package ...sw360.datahandler.entitlement).
      • -
    • This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.
      • -
    -

    Every moderation request is created using the thrift-based API.

    -

    Writing a Moderation Request to the Database

    -

    The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:

    -
      -
    • The requests arrives in the ModerationDatabaseHandler.
      • -
    • This handler writes the request to the database.
      • -
    -

    Creation Details in the Service

    -

    The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.

    -

    Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the ModerationDatabaseHandler class. At the same location the check for deletion is performed.

    -

    What is in the Database?

    -

    The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.

    -

    The following screen shot shows an example for a moderation request for a project.

    -

    Example Moderation Request in Database

    -

    Evaluating the Moderation Request

    -

    On the moderation portlet all moderations will be shown, for which the user is a moderator. +Application Flow A user changes a moderated document, which are component, release, project and todo’s of licenses (and the white list):"> +

    Moderation Requests

    The concept of moderation is good for two things:

    • to cope with a large number of potential edits on documents.
    • to allow every user to propose edits.

    Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.

    Application Flow

    A user changes a moderated document, which are component, release, project and todo’s of licenses (and the white list):

    • The user switches in edit mode and applies a change.

    • The user submits the change by clicking “Update …”

    • The application checks, if the permissions are sufficient

    • For sufficient permissions, see here: https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model

    • If the permissions do not allow the edit right away, a moderation request is created.

    • Moderators can see the moderation request in the moderation portlet

    • Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators

    Technical Description

    Checking Document Permissions

    If a moderation requests needs to be created, because the user does not have sufficient permissions:

    • The request goes through the stack, for example: project portlet, project handler, project database handler.
    • Then the project database handler checks for permissions using makePermission() (DocumentPermission is the base class, then ProjectPermissions is the referring here for projects) and isActionAllowed().
    • For moderation requests, we assume that this action is not allowed. Then, the ProjectModerator is called (see package ...sw360.datahandler.entitlement).
    • This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.

    Every moderation request is created using the thrift-based API.

    Writing a Moderation Request to the Database

    The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:

    • The requests arrives in the ModerationDatabaseHandler.
    • This handler writes the request to the database.

    Creation Details in the Service

    The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.

    Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the ModerationDatabaseHandler class. At the same location the check for deletion is performed.

    What is in the Database?

    The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.

    The following screen shot shows an example for a moderation request for a project.

    Example Moderation Request in Database

    Evaluating the Moderation Request

    On the moderation portlet all moderations will be shown, for which the user is a moderator. Only open moderation requests can be selected. Approved and declined moderation requests will only be shown. -On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the merge.jsp and all differences will be shown to the moderator. This is done via tags such as the sw360:CompareProject-tag. Opening the detailed view of the moderation request changes the state to in progress to show other moderators that the moderation request is in work.

    -

    The following actions are possible:

    -
      -
    • Accept request: the document within the moderation request will be accepted and written to the DB via e.g. the ProjectService. The state is set to ACCEPTED.
      • -
    • Remove Me from Moderators: the state of the moderation requests is set to PENDING again and the logged in moderator will be removed from the moderation list.
      • -
    • Decline request: the moderation requests will be set to REJECTED and still shown in the list
      • -
    • Postpone request: the state will be IN PROGRESS.
      • -
    • Cancel: the moderation state is set to PENDING and the moderation request will still be shown in the moderation request list
      • -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the merge.jsp and all differences will be shown to the moderator. This is done via tags such as the sw360:CompareProject-tag. Opening the detailed view of the moderation request changes the state to in progress to show other moderators that the moderation request is in work.

    The following actions are possible:

    • Accept request: the document within the moderation request will be accepted and written to the DB via e.g. the ProjectService. The state is set to ACCEPTED.
    • Remove Me from Moderators: the state of the moderation requests is set to PENDING again and the logged in moderator will be removed from the moderation list.
    • Decline request: the moderation requests will be set to REJECTED and still shown in the list
    • Postpone request: the state will be IN PROGRESS.
    • Cancel: the moderation state is set to PENDING and the moderation request will still be shown in the moderation request list
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-releasing-sw360/index.html b/docs/development/dev-releasing-sw360/index.html index 96b4c52..3590f51 100644 --- a/docs/development/dev-releasing-sw360/index.html +++ b/docs/development/dev-releasing-sw360/index.html @@ -1,860 +1,104 @@ - - - - - - - - - - - - - - - - - - - - -Release and Versioning | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Release and Versioning

    -
    Our Versioning and Release Principles
    -
    - - - - - - - - - - - - - -
    -

    We have the following main principles for versioning and releases. We consider semantic versioning:

    -
    -

    Given a version number MAJOR.MINOR.PATCH, increment the:

    -
      -
    • MAJOR version when you make incompatible API changes,
      • -
    • MINOR version when you add functionality in a backwards-compatible manner, and
      • -
    • PATCH version when you make backwards-compatible bug fixes.
      • -
    -

    Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.

    -
    -

    with the following implementation in our project:

    -

    Major Version

    -
      -
    • API breaking changes are considered for the upcoming REST API.
      • -
    • Breaking change is also if a migration script is required for the data base.
      • -
    • Thrift API is not considered a public API anymore.
      • -
    • Therefore milestones cannot correspond to our versions like 1.4, 1.5, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.
      • -
    -

    Minor Version

    -
      -
    • Changes to the thrift API will cause minor version increment.
      • -
    • Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.
      • -
    • Minor versions requires also tagging in the repo.
      • -
    -

    Patch Level

    -
      -
    • Every push (merged pull request) to master shall generate at least (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.
      • -
    • Could e also minor improvements like adding a button with some functionality
      • -
    • Patch level is not tagged.
      • -
    -

    Naming and Meaning of Milestones

    -
      -
    • Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.
      • -
    • We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.
      • -
    • However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.
      • -
    -

    Technical Implementation

    -
      -
    • Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.
      • -
    • Currently, the versioning is “manual maven based”, we look for a cleaner more automated approach.
      • -
    -

    Technical: Maven Universe How to make/tag a release⁽¹⁾:

    -

    The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.

    -

    Let us assume, that we want to tag the version 1.2.0 and that the current version in the pom’s is 1.2.0-SNAPSHOT.

    -

    0. Work in a clean environment

    -

    Especially should all poms be without uncommitted changes. The safe way is to start with:

    -
    $ cd /tmp/
-$ git clone https://github.com/eclipse/sw360.git
-$ cd sw360portal
-

    1. Write the version of the release into the poms

    -
    +Release and Versioning | Eclipse SW360
+
    Release and Versioning
    Our Versioning and Release Principles
    We have the following main principles for versioning and releases. We consider semantic versioning:
    Given a version number MAJOR.MINOR.PATCH, increment the:
    • MAJOR version when you make incompatible API changes,
    • MINOR version when you add functionality in a backwards-compatible manner, and
    • PATCH version when you make backwards-compatible bug fixes.
    Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
    with the following implementation in our project:
    Major Version
    • API breaking changes are considered for the upcoming REST API.
    • Breaking change is also if a migration script is required for the data base.
    • Thrift API is not considered a public API anymore.
    • Therefore milestones cannot correspond to our versions like 1.4, 1.5, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.
    Minor Version
    • Changes to the thrift API will cause minor version increment.
    • Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.
    • Minor versions requires also tagging in the repo.
    Patch Level
    • Every push (merged pull request) to master shall generate at least (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.
    • Could e also minor improvements like adding a button with some functionality
    • Patch level is not tagged.
    Naming and Meaning of Milestones
    • Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.
    • We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.
    • However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.
    Technical Implementation
    • Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.
    • Currently, the versioning is “manual maven based”, we look for a cleaner more automated approach.
    Technical: Maven Universe How to make/tag a release⁽¹⁾:
    The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.
    Let us assume, that we want to tag the version 1.2.0 and that the current version in the pom’s is 1.2.0-SNAPSHOT.
    0. Work in a clean environment
    Especially should all poms be without uncommitted changes. The safe way is to start with:
    $ cd /tmp/
+$ git clone https://github.com/eclipse/sw360.git
+$ cd sw360portal
+
    1. Write the version of the release into the poms
     $ mvn versions:set -DnewVersion=1.2.0
 $ git add pom.xml \*\*/pom.xml
 $ git commit -m "set version to 1.2.0"
-
    
-
    This will actually edit all pom.xml files and change the versions to 1.2.0, i.e. remove the SNAPSHOT.
    
-
    2. Test the project
    
-
    +
    This will actually edit all pom.xml files and change the versions to 1.2.0, i.e. remove the SNAPSHOT.
    2. Test the project
     $ mvn install
-
    
-
    or even better: use vagrant.
    
-
    3. Create and push the tag
    
-
    $ mvn scm:tag
-
    This creates the tag and pushes it to github.
    
-
    4. Write the new incremented SNAPSHOT-version into the poms
    
-
    $ mvn versions:set -DnewVersion=<b>1.3.0-SNAPSHOT</b>
-$ git add pom.xml \*\*/pom.xml
-$ git commit -m "set version to <b>1.3.0-SNAPSHOT</b>"
-$ git push origin master
+
    or even better: use vagrant.
    3. Create and push the tag
    $ mvn scm:tag
+
    This creates the tag and pushes it to github.
    4. Write the new incremented SNAPSHOT-version into the poms
    $ mvn versions:set -DnewVersion=<b>1.3.0-SNAPSHOT</b>
+$ git add pom.xml \*\*/pom.xml
+$ git commit -m "set version to <b>1.3.0-SNAPSHOT</b>"
+$ git push origin master
 
    –
-⁽¹⁾ based on: https://axelfontaine.com/blog/final-nail.html
    
-
-	
-	
-	
    
-  Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
-
    
-
-
    
-
-
-          
    
-        
    
-      
    
-      
-
-
-    
    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+⁽¹⁾ based on: https://axelfontaine.com/blog/final-nail.html
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-role-authorisation-model/index.html b/docs/development/dev-role-authorisation-model/index.html index 62e9003..5c8d6cc 100644 --- a/docs/development/dev-role-authorisation-model/index.html +++ b/docs/development/dev-role-authorisation-model/index.html @@ -1,1003 +1,90 @@ - - - - - - - - - - - - - - - - - - - - -Roles and Authorization | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Roles and Authorization

    -
    SW360 Roles and Authorization
    -
    - - - - - - - - - - - - - -
    -

    Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.

    -

    For setting roles of a user, the Liferay control panel is being used (Admin menu -> Control Panel -> Users and Organisations -> Users -> select one user and Edit -> Roles). Setting access at individual records happens in the edit view of that record.

    -

    Roles Overview

    -

    SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.

    -

    Setup Admin (Liferay Role)

    -

    The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.

    -

    SW360 Admin (Liferay Role)

    -

    The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role CLEARING_ADMIN. This role can change data from other groups, limited by visibility setting of a project.

    -

    Clearing Admin (Liferay Role)

    -

    The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.

    -

    Security Admin (Liferay Role)

    -

    In addition to the user rights, the security admin can set security vulnerabilities to irrelevant

    -

    ECC Admin (Liferay Role)

    -

    In addition to the user rights, the ECC admin can manipulate ECC data.

    -

    User

    -

    A user can create, modify and delete all own (=self created) records. A user cannot change records of others

    -

    Moderation Requests

    -

    If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.

    -

    In addition there are ACL-style roles, meaning that per data item access settings can be made:

    -
      -
    1. creator - a creator can modify in addition to the user’s read abilities, a user can be creator of a data item
      2. -
    2. moderator - a creator can define moderators for a data item. Moderators can change a data item as a creator can.
      3. -
    3. contributor (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). -In contrast, the contributor cannot delete data items.
      4. -
    4. project responsible (Project) - is a contributor, just named differently to identify the responsible person.
      5. -
    5. lead architect (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.
      6. -
    6. contact (Release) - deprecated, should be renamed to contributor see #100.
      7. -
    -

    group (department), contributor, moderator and owner roles are entity specific, user, clearing admin and admin are roles assigned to a user.

    -

    Additional Project Visibility

    -

    In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:

    -
      -
    1. Private - no one but the creator can read.
      2. -
    2. Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)
      3. -
    3. Department / business unit (should be renamed) - refer to the group the users are in.
      4. -
    4. Public - all registered users of the liferay / sw360 application (login required).
      5. -
    -

    The access rules are implemented inlib-datahandler. In the package, com.siemens.sw360.datahandler.permissions this is implemented in ProjectPermissions. See methods isVisible and userIsEquivalentToModeratorinProject() for the actual rules.

    -

    Overall Access Matrix

    -

    The following table presents the SW360 Role-Authorisation-Model.

    -

    The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    creatormoderatorcontributoruserclearing admin(sw360)admin
    create---PCRVPCRVLPCRVL
    readPPP(P²)CRVL(P²)CRVLPCRVL
    editPCRPCRPCR(all created ones)PCRVLPCRVL
    deletePCRPCR-(all created ones)LPCRVL
    -

    P² : only if the user is member of the group of the project (or has created the project)

    -

    Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.

    -

    Legend

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    acronymdescription
    Pproject
    Ccomponent
    Rrelease
    Vvendor
    Llicense
    -

    Technical Info

    -

    The role access rules are put into lib-datahandler. In the package, com.siemens.sw360.datahandler.permissions there are implementing classes of a template class DocumentPermissions. As an example, ProjectPermissions extends abstract class DocumentPermissions.

    -

    At run time, a permissions object consisting of a document and a user is created: In PermissionUtils (same package) there is a static method makePermissions<T>() that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.

    -

    Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of PermissionUtils for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the lib-datahandler library.

    -

    Further plans

    -
      -
    1. -

      Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: Issue #106

      -
      2. -
    2. -

      Issue #101 for

      -
      3. -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    contributormoderatorcreatoruserclearing adminadmin
    download OSS sources---RRR
    download internal sourcesRRR--R
    -
      -
    1. Issue #102 for
      2. -
    - - - - - - - - - - - - - - - - - - - - - - - -
    contributormoderatorcreatoruserclearing adminadmin
    send to clearing-PP--PCRL
    -
      -
    1. Issue #103 for
      2. -
    - - - - - - - - - - - - - - - - - - - - - - - -
    contributormoderatorcreatoruserclearing adminadmin
    edit clearing report-RR-R?PCRL
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Roles and Authorization | Eclipse SW360 +

    Roles and Authorization

    SW360 Roles and Authorization

    Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.

    For setting roles of a user, the Liferay control panel is being used (Admin menu -> Control Panel -> Users and Organisations -> Users -> select one user and Edit -> Roles). Setting access at individual records happens in the edit view of that record.

    Roles Overview

    SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.

    Setup Admin (Liferay Role)

    The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.

    SW360 Admin (Liferay Role)

    The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role CLEARING_ADMIN. This role can change data from other groups, limited by visibility setting of a project.

    Clearing Admin (Liferay Role)

    The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.

    Security Admin (Liferay Role)

    In addition to the user rights, the security admin can set security vulnerabilities to irrelevant

    ECC Admin (Liferay Role)

    In addition to the user rights, the ECC admin can manipulate ECC data.

    User

    A user can create, modify and delete all own (=self created) records. A user cannot change records of others

    Moderation Requests

    If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.

    In addition there are ACL-style roles, meaning that per data item access settings can be made:

    1. creator - a creator can modify in addition to the user’s read abilities, a user can be creator of a data item
    2. moderator - a creator can define moderators for a data item. Moderators can change a data item as a creator can.
    3. contributor (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). +In contrast, the contributor cannot delete data items.
    4. project responsible (Project) - is a contributor, just named differently to identify the responsible person.
    5. lead architect (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.
    6. contact (Release) - deprecated, should be renamed to contributor see #100.

    group (department), contributor, moderator and owner roles are entity specific, user, clearing admin and admin are roles assigned to a user.

    Additional Project Visibility

    In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:

    1. Private - no one but the creator can read.
    2. Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)
    3. Department / business unit (should be renamed) - refer to the group the users are in.
    4. Public - all registered users of the liferay / sw360 application (login required).

    The access rules are implemented inlib-datahandler. In the package, com.siemens.sw360.datahandler.permissions this is implemented in ProjectPermissions. See methods isVisible and userIsEquivalentToModeratorinProject() for the actual rules.

    Overall Access Matrix

    The following table presents the SW360 Role-Authorisation-Model.

    The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.

    creatormoderatorcontributoruserclearing admin(sw360)admin
    create---PCRVPCRVLPCRVL
    readPPP(P²)CRVL(P²)CRVLPCRVL
    editPCRPCRPCR(all created ones)PCRVLPCRVL
    deletePCRPCR-(all created ones)LPCRVL

    P² : only if the user is member of the group of the project (or has created the project)

    Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.

    Legend

    acronymdescription
    Pproject
    Ccomponent
    Rrelease
    Vvendor
    Llicense

    Technical Info

    The role access rules are put into lib-datahandler. In the package, com.siemens.sw360.datahandler.permissions there are implementing classes of a template class DocumentPermissions. As an example, ProjectPermissions extends abstract class DocumentPermissions.

    At run time, a permissions object consisting of a document and a user is created: In PermissionUtils (same package) there is a static method makePermissions<T>() that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.

    Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of PermissionUtils for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the lib-datahandler library.

    Further plans

    1. Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: Issue #106

    2. Issue #101 for

    contributormoderatorcreatoruserclearing adminadmin
    download OSS sources---RRR
    download internal sourcesRRR--R
    1. Issue #102 for
    contributormoderatorcreatoruserclearing adminadmin
    send to clearing-PP--PCRL
    1. Issue #103 for
    contributormoderatorcreatoruserclearing adminadmin
    edit clearing report-RR-R?PCRL
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-semantic-commits/index.html b/docs/development/dev-semantic-commits/index.html index d78f108..9339b50 100644 --- a/docs/development/dev-semantic-commits/index.html +++ b/docs/development/dev-semantic-commits/index.html @@ -1,813 +1,95 @@ - - - - - - - - - - - - - - - - - - - - -Semantic Commits | Eclipse SW360 -Semantic Commits | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Semantic Commits

    - -
    - - - - - - - - - - - - - -
    -

    The reason and benefit of semantic commit messages

    -
      -
    • automatic generating of the changelog
      • -
    • simple navigation through git history (e.g. ignoring style changes)
      • -
    -

    Semantic commit message structure

    -

    <type>(<scope>): <commit message>

    -

    The following are supported

    -
      -
    • feat (new feature for the user, not a new feature for build script)
      • -
    • fix (bug fix for the user, not a fix to a build script)
      • -
    • docs (changes to the documentation)
      • -
    • style (formatting, missing semi colons, etc; no production code change)
      • -
    • refactor (refactoring production code, eg. renaming a variable)
      • -
    • test (adding missing tests, refactoring tests; no production code change)
      • -
    • chore (updating grunt tasks etc; no production code change)
      • -
    -

    Example values:

    -
      -
    • ui (user interface)
      • -
    • rest (REST API)
      • -
    • thrift (apache thrift services)
      • -
    • project (project portlet)
      • -
    • component (component portlet)
      • -
    • user (user portlet)
      • -
    • etc.
      • -
    -

    Example of semantic commit message

    -

    fix(rest): change maven plugin order to generate the documentation correctly

    -

    <type>(<scope>): <commit message>

    -

    Referencing issues

    -

    Please reference in the pull request to the open issue

    -

    closes eclipse/sw360#<issue-number>

    -

    closes eclipse/sw360#758

    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +simple navigation through git history (e.g. ignoring style …"> +

    Semantic Commits

    The reason and benefit of semantic commit messages

    • automatic generating of the changelog
    • simple navigation through git history (e.g. ignoring style changes)

    Semantic commit message structure

    <type>(<scope>): <commit message>

    The following are supported

    • feat (new feature for the user, not a new feature for build script)
    • fix (bug fix for the user, not a fix to a build script)
    • docs (changes to the documentation)
    • style (formatting, missing semi colons, etc; no production code change)
    • refactor (refactoring production code, eg. renaming a variable)
    • test (adding missing tests, refactoring tests; no production code change)
    • chore (updating grunt tasks etc; no production code change)

    Example values:

    • ui (user interface)
    • rest (REST API)
    • thrift (apache thrift services)
    • project (project portlet)
    • component (component portlet)
    • user (user portlet)
    • etc.

    Example of semantic commit message

    fix(rest): change maven plugin order to generate the documentation correctly

    <type>(<scope>): <commit message>

    Referencing issues

    Please reference in the pull request to the open issue

    closes eclipse/sw360#<issue-number>

    closes eclipse/sw360#758

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-testing-frameworks/index.html b/docs/development/dev-testing-frameworks/index.html index c5a2910..cfe143f 100644 --- a/docs/development/dev-testing-frameworks/index.html +++ b/docs/development/dev-testing-frameworks/index.html @@ -1,769 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Testing Frameworks | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Testing Frameworks

    -
    Behaviour testing
    -
    - - - - - - - - - - - - - -
    -

    The implementation of complicated rules is not always easy to read. +Testing Frameworks | Eclipse SW360 +

    Testing Frameworks

    Behaviour testing

    The implementation of complicated rules is not always easy to read. A good way to document and explain the behaviour of rule engines are natural language tests. -A frame work we use for that is jgiven. -We write the tests using the [dataprovider] (https://github.com/TNG/junit-dataprovider) runner. -This is basically a runner that allows to use parametrized tests.

    -

    The basic testing frame work is still JUnit4, assertions are made using hamcrest and we mock complicated input classes with mockito.

    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +A frame work we use for that is jgiven. +We write the tests using the [dataprovider] (https://github.com/TNG/junit-dataprovider) runner. +This is basically a runner that allows to use parametrized tests.

    The basic testing frame work is still JUnit4, assertions are made using hamcrest and we mock complicated input classes with mockito.

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-troubleshooting/index.html b/docs/development/dev-troubleshooting/index.html index 30f8da0..88bbafc 100644 --- a/docs/development/dev-troubleshooting/index.html +++ b/docs/development/dev-troubleshooting/index.html @@ -1,878 +1,152 @@ - - - - - - - - - - - - - - - - - - - - -Troubleshooting | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Troubleshooting

    -
    List of small issues / tips when developing for SW360
    -
    - - - - - - - - - - - - - -
    -

    Development: problems building sw360portal with maven?

    -

    Before building the sw360portal with maven, ensure that the following components are installed in the development environment:

    -
      -
    • A git client
      • -
    • Apache Maven 3.0.X
      • -
    • Apache Thrift 0.9.3
      • -
    • Java 1.8.X
      • -
    • CouchDB, at least 1.5 (only if the tests will be executed locally)
      • -
    -

    Development: problems using Eclipse?

    -

    Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. -Recommended is IntelliJ IDEA or NetBeans.

    -

    Liferay: problems with displaying changes to page?

    -

    When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:

    -
    js_fast_load=0&css_fast_load=0&strip=0
-

    Liferay: where are the initial admin user settings?

    -

    It is the file portal-ext.properties in sw360/opt.

    -

    Maven: build generally fails

    -

    You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either “mvn install” on top level or inside build configuration.

    -

    Backend: problems with company proxy?

    -

    maybe try instead:

    -
    /opt/apache-tomcat-/bin/startup.sh
-

    just this:

    -
    CATALINA_OPTS="-Dhttps.proxy..." /opt/apache-tomcat-/bin/startup.sh
-

    for lucene it might be necessary to add:

    -
    [httpd_global_handlers]
-_fti = {couch_httpd_proxy, handle_proxy_req, <<"http://127.0.0.1:8085/couchdblucene">>}
-

    in lucene.ini of local.d of your CouchDB installation

    -

    Backend: are thrift services up?

    -
      -
    1. Check tomcat manager (if the services are there)
      2. -
    2. Check if the service is accessible: -
      http://your.url.to.server.com:8085/components  
-
      Should return “Welcome to …”.
      3. -
    3. Check if the service thrift page is there: -
      http://your.url.to.server.com:8085/components/thrift
-
      Should return HTTP status code 500, because in the browser, no valid thrift message was formed.
      4. -
    -

    Backend: org.ektorp.DbAccessException

    -

    What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “_id”

    -

    You add the class you have been trying to serialize to +Troubleshooting | Eclipse SW360 +

    Troubleshooting

    List of small issues / tips when developing for SW360

    Development: problems building sw360portal with maven?

    Before building the sw360portal with maven, ensure that the following components are installed in the development environment:

    • A git client
    • Apache Maven 3.0.X
    • Apache Thrift 0.9.3
    • Java 1.8.X
    • CouchDB, at least 1.5 (only if the tests will be executed locally)

    Development: problems using Eclipse?

    Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. +Recommended is IntelliJ IDEA or NetBeans.

    Liferay: problems with displaying changes to page?

    When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:

    js_fast_load=0&css_fast_load=0&strip=0
+

    Liferay: where are the initial admin user settings?

    It is the file portal-ext.properties in sw360/opt.

    Maven: build generally fails

    You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either “mvn install” on top level or inside build configuration.

    Backend: problems with company proxy?

    maybe try instead:

    /opt/apache-tomcat-/bin/startup.sh
+

    just this:

    CATALINA_OPTS="-Dhttps.proxy..." /opt/apache-tomcat-/bin/startup.sh
+

    for lucene it might be necessary to add:

    [httpd_global_handlers]
+_fti = {couch_httpd_proxy, handle_proxy_req, <<"http://127.0.0.1:8085/couchdblucene">>}
+

    in lucene.ini of local.d of your CouchDB installation

    Backend: are thrift services up?

    1. Check tomcat manager (if the services are there)
    2. Check if the service is accessible:
      http://your.url.to.server.com:8085/components  
+
      Should return “Welcome to …”.
    3. Check if the service thrift page is there:
      http://your.url.to.server.com:8085/components/thrift
+
      Should return HTTP status code 500, because in the browser, no valid thrift message was formed.

    Backend: org.ektorp.DbAccessException

    What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field “_id”

    You add the class you have been trying to serialize to THRIFT_CLASSES in -sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java

    -

    Backend: maven failed tomcat7 deploy

    -

    If the deployment via maven of the backend does fail with an error like this

    -
    Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
-2302/17930 KB   
-Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
-2102/17930 KB   
-Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
-2064/17930 KB   
-Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
-2064/17930 KB   
-[INFO] ------------------------------------------------------------------------
-[INFO] Reactor Summary:
-[INFO] 
-[INFO] backend ........................................... SUCCESS [2.579s]
-[INFO] backend-src ....................................... SUCCESS [0.058s]
-[INFO] src-licenses ...................................... SUCCESS [10.544s]
-[INFO] src-users ......................................... SUCCESS [1.485s]
-[INFO] src-vendors ....................................... SUCCESS [6.929s]
-[INFO] src-search ........................................ SUCCESS [5.837s]
-[INFO] src-components .................................... SUCCESS [19.439s]
-[INFO] src-projects ...................................... SUCCESS [14.280s]
-[INFO] src-attachments ................................... SUCCESS [6.188s]
-[INFO] src-moderation .................................... SUCCESS [1.169s]
-[INFO] src-fossology ..................................... SUCCESS [6.259s]
-[INFO] backend-svc ....................................... SUCCESS [0.038s]
-[INFO] svc-licenses ...................................... FAILURE [3.630s]
-[INFO] svc-users ......................................... SKIPPED
-[INFO] svc-vendors ....................................... SKIPPED
-[INFO] svc-search ........................................ SKIPPED
-[INFO] svc-components .................................... SKIPPED
-[INFO] svc-projects ...................................... SKIPPED
-[INFO] svc-attachments ................................... SKIPPED
-[INFO] svc-moderation .................................... SKIPPED
-[INFO] svc-fossology ..................................... SKIPPED
-[INFO] backend-utils ..................................... SKIPPED
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD FAILURE
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 1:19.836s
-[INFO] Finished at: Mon May 04 15:57:46 CEST 2015
-[INFO] Final Memory: 24M/311M
-[INFO] ------------------------------------------------------------------------
-[ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy (default-cli) on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -> [Help 1]
-[ERROR] 
-[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
-[ERROR] Re-run Maven using the -X switch to enable full debug logging.
-[ERROR] 
-[ERROR] For more information about the errors and possible solutions, please read the following articles:
-[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
-[ERROR] 
-[ERROR] After correcting the problems, you can resume the build with the command
-[ERROR]   mvn <goals> -rf :svc-licenses
-voyager:backend sam$
-

    One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a mvn tomcat7:redeploy command.

    -

    Deployment: liferay not accessible

    -

    If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:

    -
    /opt/apache-tomcat-.../bin/.startup.sh
-/opt/liferay-.../tomcat-.../bin/.startup.sh
-
    - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java

    Backend: maven failed tomcat7 deploy

    If the deployment via maven of the backend does fail with an error like this

    Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
+2302/17930 KB   
+Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
+2102/17930 KB   
+Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
+2064/17930 KB   
+Uploading: http://localhost:8085/manager/text/deploy?path=%2Flicenses
+2064/17930 KB   
+[INFO] ------------------------------------------------------------------------
+[INFO] Reactor Summary:
+[INFO] 
+[INFO] backend ........................................... SUCCESS [2.579s]
+[INFO] backend-src ....................................... SUCCESS [0.058s]
+[INFO] src-licenses ...................................... SUCCESS [10.544s]
+[INFO] src-users ......................................... SUCCESS [1.485s]
+[INFO] src-vendors ....................................... SUCCESS [6.929s]
+[INFO] src-search ........................................ SUCCESS [5.837s]
+[INFO] src-components .................................... SUCCESS [19.439s]
+[INFO] src-projects ...................................... SUCCESS [14.280s]
+[INFO] src-attachments ................................... SUCCESS [6.188s]
+[INFO] src-moderation .................................... SUCCESS [1.169s]
+[INFO] src-fossology ..................................... SUCCESS [6.259s]
+[INFO] backend-svc ....................................... SUCCESS [0.038s]
+[INFO] svc-licenses ...................................... FAILURE [3.630s]
+[INFO] svc-users ......................................... SKIPPED
+[INFO] svc-vendors ....................................... SKIPPED
+[INFO] svc-search ........................................ SKIPPED
+[INFO] svc-components .................................... SKIPPED
+[INFO] svc-projects ...................................... SKIPPED
+[INFO] svc-attachments ................................... SKIPPED
+[INFO] svc-moderation .................................... SKIPPED
+[INFO] svc-fossology ..................................... SKIPPED
+[INFO] backend-utils ..................................... SKIPPED
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD FAILURE
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 1:19.836s
+[INFO] Finished at: Mon May 04 15:57:46 CEST 2015
+[INFO] Final Memory: 24M/311M
+[INFO] ------------------------------------------------------------------------
+[ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy (default-cli) on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -> [Help 1]
+[ERROR] 
+[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
+[ERROR] Re-run Maven using the -X switch to enable full debug logging.
+[ERROR] 
+[ERROR] For more information about the errors and possible solutions, please read the following articles:
+[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
+[ERROR] 
+[ERROR] After correcting the problems, you can resume the build with the command
+[ERROR]   mvn <goals> -rf :svc-licenses
+voyager:backend sam$
+

    One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a mvn tomcat7:redeploy command.

    Deployment: liferay not accessible

    If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:

    /opt/apache-tomcat-.../bin/.startup.sh
+/opt/liferay-.../tomcat-.../bin/.startup.sh
+
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/dev-using-requirejs-for-javascript-modules/index.html b/docs/development/dev-using-requirejs-for-javascript-modules/index.html index dfaddf8..4bb6546 100644 --- a/docs/development/dev-using-requirejs-for-javascript-modules/index.html +++ b/docs/development/dev-using-requirejs-for-javascript-modules/index.html @@ -1,880 +1,133 @@ - - - - - - - - - - - - - - - - - - - - -Using RequireJS fro Javascript Modules | Eclipse SW360 - - -Using RequireJS fro Javascript Modules | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Using RequireJS fro Javascript Modules

    - -
    - - - - - - - - - - - - - -
    -

    Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.

    -

    Goal

    -

    We want to use RequireJS (http://requirejs.org/) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:

    -
      -
    • libraries like jquery or datatables can be imported by name but without a specified version
      • -
    • if necessary, specific versions can be imported for parts of the page
      • -
    • it is very easy to only load needed dependencies
      • -
    • good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.
      • -
    -

    How to use - example

    -

    There is a new jspf-file to be included in jsps to enable RequireJS support:

    -
    <%@ include file="/html/utils/includes/requirejs.jspf" %>
-
    -

    When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:

    -
    require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) {
+libraries like jquery or datatables can be imported by name but without a specified version if necessary, specific versions can be imported for parts of the page it is very easy to only load needed dependencies good support of webjars due to webjars-locator.">
+
    Using RequireJS fro Javascript Modules
    Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.
    Goal
    We want to use RequireJS (http://requirejs.org/) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:
    • libraries like jquery or datatables can be imported by name but without a specified version
    • if necessary, specific versions can be imported for parts of the page
    • it is very easy to only load needed dependencies
    • good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.
    How to use - example
    There is a new jspf-file to be included in jsps to enable RequireJS support:
    <%@ include file="/html/utils/includes/requirejs.jspf" %>
+
    When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:
    require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) {
     // code goes here, libraries can be used through the variables $, quickfilter and confirm
     // Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object
 });
-
    
-
    NOTE/WARNING: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:
    
-
    <%@ include file="/html/utils/includes/requirejs.jspf" %>
+
    NOTE/WARNING: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:
    <%@ include file="/html/utils/includes/requirejs.jspf" %>
 <script>
     require(['jquery'], function($) {
         // js stuff
     });
 </script>
-
    
-
    Explanation: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.
    
-
    Migration
    
-
    Migrate a JSP
    
-
    To migrate a JSP to use RequireJS the following steps have to be done:
    
-
      
-
    1. Enable RequireJS support by including requirejs.jspf. Do it JUST before the script tag with the main code (see NOTE above).
      2. 
-
    2. Enclose the existing code in a require-function (Attention: Also read “Co-existence with AUI().use()” below)
      3. 
-
    3. Remove existing script-tags that loads the javascript files “manually”
      4. 
-
    4. Rewrite code that access functions inside the new require-function from outside (e.g. click handlers, see below)
      5. 
-
    
-
    Co-existence with AUI().use()
    
-
    If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call require inside. Otherwise the code may not be executed correclty if the ‘Drag&Drop’ error occurs to early during page loading:
    
-
    AUI().use('liferay-portlet-url', function () {
+
    Explanation: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.
    Migration
    Migrate a JSP
    To migrate a JSP to use RequireJS the following steps have to be done:
    1. Enable RequireJS support by including requirejs.jspf. Do it JUST before the script tag with the main code (see NOTE above).
    2. Enclose the existing code in a require-function (Attention: Also read “Co-existence with AUI().use()” below)
    3. Remove existing script-tags that loads the javascript files “manually”
    4. Rewrite code that access functions inside the new require-function from outside (e.g. click handlers, see below)
    Co-existence with AUI().use()
    If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call require inside. Otherwise the code may not be executed correclty if the ‘Drag&Drop’ error occurs to early during page loading:
    AUI().use('liferay-portlet-url', function () {
     require(['jquery', 'module/quickfilter') {
         // AUI and require modules loaded and available
     });
 });
-
    
-
    Migrate click-handlers
    
-
    Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:
    
-
    $('#exportSpreadsheetButton').on('click.components', exportSpreadsheet)
-
    
-
    This click handler is added inside the RequireJS-scope where the function exportSpreadsheet is defined.
-You may also attach handler for distinct elements in each row of a table:
    
-
    $('#componentsTable').on('click.components', 'img.delete', function(event) {
+
    Migrate click-handlers
    Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:
    $('#exportSpreadsheetButton').on('click.components', exportSpreadsheet)
+
    This click handler is added inside the RequireJS-scope where the function exportSpreadsheet is defined.
+You may also attach handler for distinct elements in each row of a table:
    $('#componentsTable').on('click.components', 'img.delete', function(event) {
      // do stuff
 });
-
    
-
    Make a module out of a jspf-include
    
-
    There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:
    
-
      
-
    1. 
-
      Move the javascript code to an own file. Place it below the ‘html/js’-folder, following the same structure as the jspf-file. If the jspf-file is html/components/includes/vendors/addVendor.jspf place the javascript code in the file js/components/includes/vendors/addVendor.js.
      
-
      2. 
-
    2. 
-
      Enclose the code in a define statement to define a new module:
      
-
       define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() {
+
      Make a module out of a jspf-include
      There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:
      1. Move the javascript code to an own file. Place it below the ‘html/js’-folder, following the same structure as the jspf-file. If the jspf-file is html/components/includes/vendors/addVendor.jspf place the javascript code in the file js/components/includes/vendors/addVendor.js.
      2. Enclose the code in a define statement to define a new module:
         define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() {
      // define module code
  });
-
        
-
        3. 
-
      
-
      In order to use the new module include the jspf-file and load the js-code via RequireJS:
      
-
      <%@ include "html/components/includes/vendors/addVendor.jspf" %>
+
    In order to use the new module include the jspf-file and load the js-code via RequireJS:
    <%@ include "html/components/includes/vendors/addVendor.jspf" %>
     
 require(['components/includes/vendors/addVendor'], function(addVendor) {
     // use addVendor
 });
-
    
-
    Make a module out of a javascript file or function
    
-
    There are several javascript files and functions below `/html/js’. They can be make compatible to RequireJS as follows:
    
-
      
-
    1. 
-
      Create a new file inside /html/js/component with a proper name that describes the functionality for the new component
      
-
      2. 
-
    2. 
-
      Define the module and point to the legacy function, e.g.
      
-
       define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) {
+
      Make a module out of a javascript file or function
      There are several javascript files and functions below `/html/js’. They can be make compatible to RequireJS as follows:
      1. Create a new file inside /html/js/component with a proper name that describes the functionality for the new component
      2. Define the module and point to the legacy function, e.g.
         define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) {
      return {
          confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */
      };
  });
-
        
-
        3. 
-
      3. 
-
        Afterwards the module can be loaded using the name component/confirm, e.g.
        
-
         require(['module/confirm'], function(confirm) {
+
      4. Afterwards the module can be loaded using the name component/confirm, e.g.
         require(['module/confirm'], function(confirm) {
      confirm.confirmDeletion(/*...*/);
  });
-
        
-
        5. 
-
      
-
      Note The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only.
-Note You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.
      
-
-	
-	
-	
      
-  Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
-
      
-
-
    
-
-
-          
    
-        
    
-      
    
-      
-
-
-    
    
-    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-  
-
\ No newline at end of file
+

    Note The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. +Note You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/index.html b/docs/development/index.html index 0b1c177..0c6c817 100644 --- a/docs/development/index.html +++ b/docs/development/index.html @@ -1,1007 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Development | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Development

    -
    SW360 Development Information
    -
    - - - - - - - - - - - - - -
    -

    Developing sw360

    -

    The sw360 is Java-based application consisting of two main parts:

    -
      -
    1. A Liferay/based front end application that allows users to work with sw360
      2. -
    2. A Java-based servlet infrastructure Thrift interfaces that allows the Liferay part and other applications to manage and store data
      3. -
    3. In the backend, couchdb is used for storing project, component, release and license information as well as attachments.
      4. -
    -

    Submitting Issues

    -

    Please report issues to the issue tracker, but please keep also in mind that someone else has to read them! Issues should include:

    -
      -
    • What you intended to do?
      • -
    • What did you observe?
      • -
    • Why do you think it is wrong?
      • -
    • Screenshots of what you have observed presumably gone wrong or link to pages were another person can follow
      • -
    • Version where you have observed this.
      • -
    • Common written English and use of line breaks!!! Use the preview function!
      • -
    -

    Please refer to the following pages for writing issues:

    - -

    Contribution Workflow

    -

    As basic introduction, the dev ops works as following:

    -
      -
    1. We are issue-based, please do not hesitate to create issues - also for questions (and set the issue tag)
      2. -
    2. The issues are organised by milestones which do not represent releases anymore. Milestone are meant to be useful packages of work done
      3. -
    3. Contributions are made through pull requests
      4. -
    4. We do conversations directly on issues and pull requests
      5. -
    -

    More topics regarding “how” to develop:

    -
      -
    1. Definition of done and code style
      2. -
    2. Creating a sw360 release
      3. -
    3. Brief notes on the jgiven testing
      4. -
    4. For help with problems, you might want to check that
      5. -
    -

    Architecture

    -

    sw360 is a server application using Java servlets. It did some faint steps towards micro services (ie. one maintaining licenses, another for vulnerabilities), the front end is a portlet applications using good old JSPs.

    -
      -
    1. Introduction and Scope
      2. -
    2. High Level View
      3. -
    3. Architecture Topics
      4. -
    -

    General

    -
      -
    1. How to write a new portlet
      2. -
    2. Adding a new backend service
      3. -
    3. Changing the data model
      4. -
    4. REST API overview
      5. -
    5. Migrating to Javascript modules
      6. -
    -

    Special

    -
      -
    1. Filtering in portlets
      2. -
    2. The FOSSology integration
      3. -
    3. How moderation requests work
      4. -
    4. Roles and access rights
      5. -
    5. Attachment Types Description
      6. -
    6. Our ideas of Google-Summer-of-Code 2019
      7. -
    7. How Friendly URLs work with the Liferay Portlets
      8. -
    -

    Testing sw360

    -

    Generally, all modules have unit tests and these are executed (including deployment of couchdb) at CI times. In addtion, to test the front end, there are defined integration test cases for a manual check, if the sw360 is working properly in general:

    -
      -
    1. Test Cases: Components Functionality
      2. -
    2. Test Cases: Licenses Functionality
      3. -
    3. Test Cases: Moderations Functionality
      4. -
    4. Test Cases: Projects Functionality
      5. -
    - -
    - - - - - - - - -
    - - -
    -
    - SW360 RESTful API -
    -

    -
    - - -
    -
    - Test Cases -
    -

    SW360 Assorted Test Cases

    -
    - - -
    -
    - How to add a backend portlet to sw360 -
    -

    -
    - - -
    -
    - How to add a frontend portlet to sw360 -
    -

    -
    - - -
    -
    - SW360 Development Branches -
    -

    Helps to see who is responsible and to which issue the Pull Request corresponds

    -
    - - -
    -
    - How to add fields to an existing class -
    -

    -
    - - -
    -
    - CouchDB External Documents -
    -

    -
    - - -
    -
    - Database migration using Costco -
    -

    -
    - - -
    -
    - Definition of Done -
    -

    The definition of done helps to set a common understanding for solving a ticket.

    -
    - - -
    -
    - Filtering in Portlets -
    -

    -
    - - -
    -
    - Fossology Integration -
    -

    Basis of communication between SW360 and FOSSology

    -
    - - -
    -
    - Liferay Friendly -
    -

    Basis of communication between SW360 and FOSSology

    -
    - - -
    -
    - Moderation Requests -
    -

    -
    - - -
    -
    - Release and Versioning -
    -

    Our Versioning and Release Principles

    -
    - - -
    -
    - Roles and Authorization -
    -

    SW360 Roles and Authorization

    -
    - - -
    -
    - Semantic Commits -
    -

    -
    - - -
    -
    - Testing Frameworks -
    -

    Behaviour testing

    -
    - - -
    -
    - Troubleshooting -
    -

    List of small issues / tips when developing for SW360

    -
    - - -
    -
    - Using RequireJS fro Javascript Modules -
    -

    -
    - - -
    - - - -
    - Last modified January 16, 2023: upd(project): Minor updates (aac964c) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Development | Eclipse SW360 +

    Development

    SW360 Development Information

    Developing sw360

    The sw360 is Java-based application consisting of two main parts:

    1. A Liferay/based front end application that allows users to work with sw360
    2. A Java-based servlet infrastructure Thrift interfaces that allows the Liferay part and other applications to manage and store data
    3. In the backend, couchdb is used for storing project, component, release and license information as well as attachments.

    Submitting Issues

    Please report issues to the issue tracker, but please keep also in mind that someone else has to read them! Issues should include:

    • What you intended to do?
    • What did you observe?
    • Why do you think it is wrong?
    • Screenshots of what you have observed presumably gone wrong or link to pages were another person can follow
    • Version where you have observed this.
    • Common written English and use of line breaks!!! Use the preview function!

    Please refer to the following pages for writing issues:

    Contribution Workflow

    As basic introduction, the dev ops works as following:

    1. We are issue-based, please do not hesitate to create issues - also for questions (and set the issue tag)
    2. The issues are organised by milestones which do not represent releases anymore. Milestone are meant to be useful packages of work done
    3. Contributions are made through pull requests
    4. We do conversations directly on issues and pull requests

    More topics regarding “how” to develop:

    1. Definition of done and code style
    2. Creating a sw360 release
    3. Brief notes on the jgiven testing
    4. For help with problems, you might want to check that

    Architecture

    sw360 is a server application using Java servlets. It did some faint steps towards micro services (ie. one maintaining licenses, another for vulnerabilities), the front end is a portlet applications using good old JSPs.

    1. Introduction and Scope
    2. High Level View
    3. Architecture Topics

    General

    1. How to write a new portlet
    2. Adding a new backend service
    3. Changing the data model
    4. REST API overview
    5. Migrating to Javascript modules

    Special

    1. Filtering in portlets
    2. The FOSSology integration
    3. How moderation requests work
    4. Roles and access rights
    5. Attachment Types Description
    6. Our ideas of Google-Summer-of-Code 2019
    7. How Friendly URLs work with the Liferay Portlets

    Testing sw360

    Generally, all modules have unit tests and these are executed (including deployment of couchdb) at CI times. In addtion, to test the front end, there are defined integration test cases for a manual check, if the sw360 is working properly in general:

    1. Test Cases: Components Functionality
    2. Test Cases: Licenses Functionality
    3. Test Cases: Moderations Functionality
    4. Test Cases: Projects Functionality
    SW360 RESTful API

    Test Cases

    SW360 Assorted Test Cases

    How to add a backend portlet to sw360

    How to add a frontend portlet to sw360

    SW360 Development Branches

    Helps to see who is responsible and to which issue the Pull Request corresponds

    How to add fields to an existing class

    CouchDB External Documents

    Database migration using Costco

    Definition of Done

    The definition of done helps to set a common understanding for solving a ticket.

    Filtering in Portlets

    Fossology Integration

    Basis of communication between SW360 and FOSSology

    Liferay Friendly

    Basis of communication between SW360 and FOSSology

    Moderation Requests

    Release and Versioning

    Our Versioning and Release Principles

    Roles and Authorization

    SW360 Roles and Authorization

    Semantic Commits

    Testing Frameworks

    Behaviour testing

    Troubleshooting

    List of small issues / tips when developing for SW360

    Using RequireJS fro Javascript Modules

    Last modified January 16, 2023: upd(project): Minor updates (aac964c)
    + + + \ No newline at end of file diff --git a/docs/development/index.xml b/docs/development/index.xml index 3ce6897..4b2e7cb 100644 --- a/docs/development/index.xml +++ b/docs/development/index.xml @@ -1,1756 +1,1496 @@ - - - Eclipse SW360 – Development - https://www.eclipse.org/sw360/docs/development/ - Recent content in Development on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: SW360 RESTful API - https://www.eclipse.org/sw360/docs/development/restapi/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/restapi/ - - - - <p>Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution.</p> -<h2 id="methods-of-authentication">Methods of Authentication</h2> -<ol> -<li>OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early)</li> -<li>Access key obtained in the SW360 UI</li> -<li>OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens.</li> -</ol> -<p>API Documentation is available on the instances deployed:</p> -<ul> -<li><code>https://&lt;my_sw360_server&gt;/resource/docs/api-guide.html</code></li> -</ul> -<h2 id="brief-specs">Brief Specs</h2> -<table> -<thead> -<tr> -<th></th> -<th></th> -</tr> -</thead> -<tbody> -<tr> -<td>Implementation Technology</td> -<td>Java-based Spring-framework based</td> -</tr> -<tr> -<td>REST Flavor</td> -<td>Hypermedia-driven</td> -</tr> -<tr> -<td>Authentication</td> -<td>Now: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible</td> -</tr> -<tr> -<td>More Technical Information</td> -<td><a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a></td> -</tr> -</tbody> -</table> - - - - - - Docs: Test Cases - https://www.eclipse.org/sw360/docs/development/testcases/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/ - - - - - - - - - Docs: How to add a backend portlet to sw360 - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ - - - - <p>This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.</p> -<p>This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:</p> -<ol> -<li>Add methods to the thrift idl definition</li> -<li>Add methods to the data handler interface</li> -<li>Add implementation</li> -<li>Add tests</li> -</ol> -<h4 id="thrift">Thrift</h4> -<p>First we add some methods to the thrift files, components.thrift</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//new Methods to ensure uniqueness of Identifiers -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span></code></pre></div><h4 id="datahandler">Datahandler</h4> -<p>then we install lib-datahandler. That way we see which methods we have to implement. -We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="implementation">Implementation</h4> -<p>The methods there are only a reference to the ComponentDatabaseHandler.java. +Eclipse SW360 – Developmenthttps://www.eclipse.org/sw360/docs/development/Recent content in Development on Eclipse SW360Hugo -- gohugo.ioDocs: SW360 RESTful APIhttps://www.eclipse.org/sw360/docs/development/restapi/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/restapi/ +<p>Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution.</p> +<h2 id="methods-of-authentication">Methods of Authentication</h2> +<ol> +<li>OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early)</li> +<li>Access key obtained in the SW360 UI</li> +<li>OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens.</li> +</ol> +<p>API Documentation is available on the instances deployed:</p> +<ul> +<li><code>https://&lt;my_sw360_server&gt;/resource/docs/api-guide.html</code></li> +</ul> +<h2 id="brief-specs">Brief Specs</h2> +<table> +<thead> +<tr> +<th></th> +<th></th> +</tr> +</thead> +<tbody> +<tr> +<td>Implementation Technology</td> +<td>Java-based Spring-framework based</td> +</tr> +<tr> +<td>REST Flavor</td> +<td>Hypermedia-driven</td> +</tr> +<tr> +<td>Authentication</td> +<td>Now: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible</td> +</tr> +<tr> +<td>More Technical Information</td> +<td><a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a></td> +</tr> +</tbody> +</table>Docs: Test Caseshttps://www.eclipse.org/sw360/docs/development/testcases/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/Docs: How to add a backend portlet to sw360https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ +<p>This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.</p> +<p>This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:</p> +<ol> +<li>Add methods to the thrift idl definition</li> +<li>Add methods to the data handler interface</li> +<li>Add implementation</li> +<li>Add tests</li> +</ol> +<h4 id="thrift">Thrift</h4> +<p>First we add some methods to the thrift files, components.thrift</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//new Methods to ensure uniqueness of Identifiers +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span></code></pre></div><h4 id="datahandler">Datahandler</h4> +<p>then we install lib-datahandler. That way we see which methods we have to implement. +We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="implementation">Implementation</h4> +<p>The methods there are only a reference to the ComponentDatabaseHandler.java. In the ComponentHandler we only assert that the input is correct. Since we implement methods without parameters, there is nothing else for us to do. -In the ComponentDatabaseHandler.java we actually do some work and implement the methods</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> componentIdentifierToComponentId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Component component <span style="color:#555">:</span> componentRepository<span style="color:#555">.</span><span style="color:#309">getSummaryForExport</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> componentIdentifierToComponentId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>component<span style="color:#555">),</span> component<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>componentIdentifierToComponentId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> releaseIdentifierToReleaseId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Release release <span style="color:#555">:</span> releaseRepository<span style="color:#555">.</span><span style="color:#309">getReleaseSummary</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> releaseIdentifierToReleaseId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>release<span style="color:#555">),</span> release<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>releaseIdentifierToReleaseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="tests">Tests</h4> -<p>We then write some tests in ComponentDatabaseHandlerTest.java</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Test</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateComponentIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String originalComponentId <span style="color:#555">=</span> <span style="color:#c30">&#34;C3&#34;</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Component tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getComponent</span><span style="color:#555">(</span>originalComponentId<span style="color:#555">,</span> user1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> String newComponentId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addComponent</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newComponentId<span style="color:#555">,</span>originalComponentId<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#99f">@Test</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateReleaseIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> String originalReleaseId <span style="color:#555">=</span> <span style="color:#c30">&#34;R1A&#34;</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Release tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getRelease</span><span style="color:#555">(</span>originalReleaseId<span style="color:#555">,</span> user1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> String newReleaseId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addRelease</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newReleaseId<span style="color:#555">,</span>originalReleaseId<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>Then we install the backend to make our methods available.</p> - - - - - - Docs: How to add a frontend portlet to sw360 - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ - - - - <p>We create a class in</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ -</span></span></code></pre></div><p>called</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>DatabaseSanitation.java -</span></span></code></pre></div><p>Here are some code snippets that are important:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">DatabaseSanitation</span> <span style="color:#069;font-weight:bold">extends</span> Sw360Portlet -</span></span></code></pre></div><p>the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">// Proceed with page rendering -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>This method is used to render different pages, a common pattern would be to have if/else tree like</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//! VIEW and helpers -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String pageName <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>PAGENAME_EDIT<span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>pageName<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> prepareVendorEdit<span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/vendors/edit.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> prepareStandardView<span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span>sw360<span style="color:#555">/</span>src<span style="color:#555">/</span>frontend<span style="color:#555">/</span>sw360<span style="color:#555">-</span>portlets<span style="color:#555">/</span>src<span style="color:#555">/</span>main<span style="color:#555">/</span>webapp<span style="color:#555">/</span>WEB<span style="color:#555">-</span>INF<span style="color:#555">/</span>portlet<span style="color:#555">.</span><span style="color:#309">xml</span> -</span></span></code></pre></div><p>but more on that later.</p> -<p>The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>@Override -</span></span><span style="display:flex;"><span>public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { -</span></span><span style="display:flex;"><span> String action = request.getParameter(PortalConstants.ACTION); -</span></span><span style="display:flex;"><span> if (PortalConstants.DUPLICATES.equals(action)) { -</span></span><span style="display:flex;"><span> serveDuplicates(request, response); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.</p> -<p>Let&rsquo;s have a look at</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">private</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serveDuplicates</span><span style="color:#555">(</span>ResourceRequest request<span style="color:#555">,</span> ResourceResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> ComponentService<span style="color:#555">.</span><span style="color:#309">Iface</span> componentClient <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeComponentClient</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> duplicateComponents <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> duplicateReleases <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error in component client&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">==</span> <span style="color:#069;font-weight:bold">null</span> <span style="color:#555">||</span> duplicateReleases<span style="color:#555">==</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">FAILURE</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> duplicateReleases<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">SUCCESS</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_RELEASES</span><span style="color:#555">,</span> duplicateReleases<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_COMPONENTS</span><span style="color:#555">,</span> duplicateComponents<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/admin/databaseSanitation/duplicatesAjax.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">,</span> PortletRequest<span style="color:#555">.</span><span style="color:#309">RESOURCE_PHASE</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. +In the ComponentDatabaseHandler.java we actually do some work and implement the methods</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> componentIdentifierToComponentId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Component component <span style="color:#555">:</span> componentRepository<span style="color:#555">.</span><span style="color:#309">getSummaryForExport</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> componentIdentifierToComponentId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>component<span style="color:#555">),</span> component<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>componentIdentifierToComponentId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> releaseIdentifierToReleaseId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Release release <span style="color:#555">:</span> releaseRepository<span style="color:#555">.</span><span style="color:#309">getReleaseSummary</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> releaseIdentifierToReleaseId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>release<span style="color:#555">),</span> release<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>releaseIdentifierToReleaseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="tests">Tests</h4> +<p>We then write some tests in ComponentDatabaseHandlerTest.java</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Test</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateComponentIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String originalComponentId <span style="color:#555">=</span> <span style="color:#c30">&#34;C3&#34;</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Component tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getComponent</span><span style="color:#555">(</span>originalComponentId<span style="color:#555">,</span> user1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> String newComponentId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addComponent</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newComponentId<span style="color:#555">,</span>originalComponentId<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#99f">@Test</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateReleaseIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> String originalReleaseId <span style="color:#555">=</span> <span style="color:#c30">&#34;R1A&#34;</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Release tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getRelease</span><span style="color:#555">(</span>originalReleaseId<span style="color:#555">,</span> user1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> String newReleaseId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addRelease</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newReleaseId<span style="color:#555">,</span>originalReleaseId<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>Then we install the backend to make our methods available.</p>Docs: How to add a frontend portlet to sw360https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ +<p>We create a class in</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ +</span></span></code></pre></div><p>called</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>DatabaseSanitation.java +</span></span></code></pre></div><p>Here are some code snippets that are important:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">DatabaseSanitation</span> <span style="color:#069;font-weight:bold">extends</span> Sw360Portlet +</span></span></code></pre></div><p>the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">// Proceed with page rendering +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>This method is used to render different pages, a common pattern would be to have if/else tree like</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//! VIEW and helpers +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String pageName <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>PAGENAME_EDIT<span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>pageName<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> prepareVendorEdit<span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/vendors/edit.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> prepareStandardView<span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span>sw360<span style="color:#555">/</span>src<span style="color:#555">/</span>frontend<span style="color:#555">/</span>sw360<span style="color:#555">-</span>portlets<span style="color:#555">/</span>src<span style="color:#555">/</span>main<span style="color:#555">/</span>webapp<span style="color:#555">/</span>WEB<span style="color:#555">-</span>INF<span style="color:#555">/</span>portlet<span style="color:#555">.</span><span style="color:#309">xml</span> +</span></span></code></pre></div><p>but more on that later.</p> +<p>The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>@Override +</span></span><span style="display:flex;"><span>public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { +</span></span><span style="display:flex;"><span> String action = request.getParameter(PortalConstants.ACTION); +</span></span><span style="display:flex;"><span> if (PortalConstants.DUPLICATES.equals(action)) { +</span></span><span style="display:flex;"><span> serveDuplicates(request, response); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.</p> +<p>Let&rsquo;s have a look at</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">private</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serveDuplicates</span><span style="color:#555">(</span>ResourceRequest request<span style="color:#555">,</span> ResourceResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> ComponentService<span style="color:#555">.</span><span style="color:#309">Iface</span> componentClient <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeComponentClient</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> duplicateComponents <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> duplicateReleases <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error in component client&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">==</span> <span style="color:#069;font-weight:bold">null</span> <span style="color:#555">||</span> duplicateReleases<span style="color:#555">==</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">FAILURE</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> duplicateReleases<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">SUCCESS</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_RELEASES</span><span style="color:#555">,</span> duplicateReleases<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_COMPONENTS</span><span style="color:#555">,</span> duplicateComponents<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/admin/databaseSanitation/duplicatesAjax.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">,</span> PortletRequest<span style="color:#555">.</span><span style="color:#309">RESOURCE_PHASE</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. We call the methods that we wrote in the first part of the tutorial. The error handling is reported with renderRequestStatus, also from Sw360Portlet. When we have findings then we report them by rendering a jsp in the RESOURCE_PHASE. -This is then some html that our AJAX function gets as data.</p> -<p>Then we have to register the portlets in some xml files:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet</span> <span style="color:#309">id=</span><span style="color:#c30">&#34;databaseSanitation&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;icon&gt;</span>/icon.png<span style="color:#309;font-weight:bold">&lt;/icon&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;instanceable&gt;</span>false<span style="color:#309;font-weight:bold">&lt;/instanceable&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-css&gt;</span>/css/main.css<span style="color:#309;font-weight:bold">&lt;/header-portlet-css&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/main.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/external/jquery-1.11.1.min.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> -</span></span></code></pre></div><p>Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;display-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/display-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-class&gt;</span> -</span></span><span style="display:flex;"><span> com.siemens.sw360.portal.portlets.admin.DatabaseSanitation -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-class&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;init-param&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;name&gt;</span>view-template<span style="color:#309;font-weight:bold">&lt;/name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;value&gt;</span>/html/admin/databaseSanitation/view.jsp<span style="color:#309;font-weight:bold">&lt;/value&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/init-param&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;expiration-cache&gt;</span>0<span style="color:#309;font-weight:bold">&lt;/expiration-cache&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;supports&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;mime-type&gt;</span>text/html<span style="color:#309;font-weight:bold">&lt;/mime-type&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-mode&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/portlet-mode&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/supports&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-info&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/title&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;short-title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/short-title&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;keywords/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-info&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;security-role-ref&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;role-name&gt;</span>administrator<span style="color:#309;font-weight:bold">&lt;/role-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/security-role-ref&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> -</span></span></code></pre></div><p>After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. +This is then some html that our AJAX function gets as data.</p> +<p>Then we have to register the portlets in some xml files:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet</span> <span style="color:#309">id=</span><span style="color:#c30">&#34;databaseSanitation&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;icon&gt;</span>/icon.png<span style="color:#309;font-weight:bold">&lt;/icon&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;instanceable&gt;</span>false<span style="color:#309;font-weight:bold">&lt;/instanceable&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-css&gt;</span>/css/main.css<span style="color:#309;font-weight:bold">&lt;/header-portlet-css&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/main.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/external/jquery-1.11.1.min.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> +</span></span></code></pre></div><p>Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;display-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/display-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-class&gt;</span> +</span></span><span style="display:flex;"><span> com.siemens.sw360.portal.portlets.admin.DatabaseSanitation +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-class&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;init-param&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;name&gt;</span>view-template<span style="color:#309;font-weight:bold">&lt;/name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;value&gt;</span>/html/admin/databaseSanitation/view.jsp<span style="color:#309;font-weight:bold">&lt;/value&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/init-param&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;expiration-cache&gt;</span>0<span style="color:#309;font-weight:bold">&lt;/expiration-cache&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;supports&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;mime-type&gt;</span>text/html<span style="color:#309;font-weight:bold">&lt;/mime-type&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-mode&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/portlet-mode&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/supports&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-info&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/title&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;short-title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/short-title&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;keywords/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-info&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;security-role-ref&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;role-name&gt;</span>administrator<span style="color:#309;font-weight:bold">&lt;/role-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/security-role-ref&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> +</span></span></code></pre></div><p>After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. We sign in as admin, -go to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Admin -&gt; Site administration -</span></span><span style="display:flex;"><span>-&gt; Private Pages -</span></span></code></pre></div><p>To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. +go to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Admin -&gt; Site administration +</span></span><span style="display:flex;"><span>-&gt; Private Pages +</span></span></code></pre></div><p>To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. Then we select the Private Pages under My Sites. We can then go to the page we have just created. On the left side there is a plus sign, which opens a side menu with the available portlets that we can add to our page. Under SW360 we find the portlet DatabaseSanitation and we click add. -Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -&gt; No and we save that. -Then we change the theme of Private Pages back to SW360-Theme.</p> -<p>Now we can change the theme back and export a new lar file as described else where.</p> - - - - - - Docs: SW360 Development Branches - https://www.eclipse.org/sw360/docs/development/dev-branches/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-branches/ - - - - <h2 id="branches-structure">Branches structure</h2> -<p><code>&lt;github-nickname&gt;/&lt;issue&gt;/&lt;description&gt;</code></p> -<h3 id="examples">Examples:</h3> -<ul> -<li>maierthomas/#1/fix-dowload-bundle</li> -<li>maierthomas/#3/sw360portal-specific-links</li> -</ul> - - - - - - Docs: How to add fields to an existing class - https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ - - - - <p>The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. -We will add the license text to licenses in the thrift file:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-thrift" data-lang="thrift"><span style="display:flex;"><span><span style="color:#f60">13</span>:<span style="color:#bbb"> </span><span style="color:#069;font-weight:bold">optional</span><span style="color:#bbb"> </span><span style="color:#078;font-weight:bold">string</span><span style="color:#bbb"> </span>text;<span style="color:#bbb"> -</span></span></span></code></pre></div><p>To update the text we write a liferay Action in the LicensesPortlet:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#99f">@UsedAsLiferayAction</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">changeText</span><span style="color:#555">(</span>ActionRequest request<span style="color:#555">,</span> ActionResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> PortletException<span style="color:#555">,</span> IOException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String licenseId <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> String text <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>License<span style="color:#555">.</span><span style="color:#309">_Fields</span><span style="color:#555">.</span><span style="color:#309">TEXT</span><span style="color:#555">.</span><span style="color:#309">name</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(!</span>Strings<span style="color:#555">.</span><span style="color:#309">isNullOrEmpty</span><span style="color:#555">(</span>licenseId<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> User user <span style="color:#555">=</span> UserCacheHolder<span style="color:#555">.</span><span style="color:#309">getUserFromRequest</span><span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> LicenseService<span style="color:#555">.</span><span style="color:#309">Iface</span> client <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeLicenseClient</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> License license <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">getFromID</span><span style="color:#555">(</span>licenseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> license<span style="color:#555">.</span><span style="color:#309">setText</span><span style="color:#555">(</span>CommonUtils<span style="color:#555">.</span><span style="color:#309">nullToEmptyString</span><span style="color:#555">(</span>text<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> RequestStatus requestStatus <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">updateLicense</span><span style="color:#555">(</span>license<span style="color:#555">,</span> user<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span>requestStatus<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error updating license&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">,</span> licenseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">,</span> PAGENAME_DETAIL<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>SELECTED_TAB<span style="color:#555">,</span> <span style="color:#c30">&#34;LicenseText&#34;</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span></code></pre></div><p>To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span>&lt;<span style="color:#309;font-weight:bold">portlet:actionURL</span> <span style="color:#309">var</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeLicenseTextURL&#34;</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeText&#34;</span>&gt; -</span></span><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">portlet:param</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;%=PortalConstants.LICENSE_ID%&gt;&#34;</span> <span style="color:#309">value</span><span style="color:#555">=</span><span style="color:#c30">&#34;${licenseDetail.id}&#34;</span> /&gt; -</span></span><span style="display:flex;"><span>&lt;/<span style="color:#309;font-weight:bold">portlet:actionURL</span>&gt; -</span></span></code></pre></div><p>A good practice to name fields in jsps is to use the thrift field names:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">textarea</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> <span style="color:#309">rows</span><span style="color:#555">=</span><span style="color:#c30">&#34;5&#34;</span> <span style="color:#309">style</span><span style="color:#555">=</span><span style="color:#c30">&#34;width: 100%&#34;</span> <span style="color:#309">id</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309">placeholder</span><span style="color:#555">=</span><span style="color:#c30">&#34;Enter the License-Text here...&#34;</span> -</span></span><span style="display:flex;"><span> &gt;${licenseDetail.text}&lt;/<span style="color:#309;font-weight:bold">textarea</span>&gt; -</span></span></code></pre></div> - - - - - Docs: CouchDB External Documents - https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ - - - - <h2 id="motivation">Motivation</h2> -<p>In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. +Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -&gt; No and we save that. +Then we change the theme of Private Pages back to SW360-Theme.</p> +<p>Now we can change the theme back and export a new lar file as described else where.</p>Docs: SW360 Development Brancheshttps://www.eclipse.org/sw360/docs/development/dev-branches/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-branches/ +<h2 id="branches-structure">Branches structure</h2> +<p><code>&lt;github-nickname&gt;/&lt;issue&gt;/&lt;description&gt;</code></p> +<h3 id="examples">Examples:</h3> +<ul> +<li>maierthomas/#1/fix-dowload-bundle</li> +<li>maierthomas/#3/sw360portal-specific-links</li> +</ul>Docs: How to add fields to an existing classhttps://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ +<p>The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. +We will add the license text to licenses in the thrift file:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-thrift" data-lang="thrift"><span style="display:flex;"><span><span style="color:#f60">13</span>:<span style="color:#bbb"> </span><span style="color:#069;font-weight:bold">optional</span><span style="color:#bbb"> </span><span style="color:#078;font-weight:bold">string</span><span style="color:#bbb"> </span>text;<span style="color:#bbb"> +</span></span></span></code></pre></div><p>To update the text we write a liferay Action in the LicensesPortlet:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#99f">@UsedAsLiferayAction</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">changeText</span><span style="color:#555">(</span>ActionRequest request<span style="color:#555">,</span> ActionResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> PortletException<span style="color:#555">,</span> IOException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String licenseId <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> String text <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>License<span style="color:#555">.</span><span style="color:#309">_Fields</span><span style="color:#555">.</span><span style="color:#309">TEXT</span><span style="color:#555">.</span><span style="color:#309">name</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(!</span>Strings<span style="color:#555">.</span><span style="color:#309">isNullOrEmpty</span><span style="color:#555">(</span>licenseId<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> User user <span style="color:#555">=</span> UserCacheHolder<span style="color:#555">.</span><span style="color:#309">getUserFromRequest</span><span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> LicenseService<span style="color:#555">.</span><span style="color:#309">Iface</span> client <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeLicenseClient</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> License license <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">getFromID</span><span style="color:#555">(</span>licenseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> license<span style="color:#555">.</span><span style="color:#309">setText</span><span style="color:#555">(</span>CommonUtils<span style="color:#555">.</span><span style="color:#309">nullToEmptyString</span><span style="color:#555">(</span>text<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> RequestStatus requestStatus <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">updateLicense</span><span style="color:#555">(</span>license<span style="color:#555">,</span> user<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span>requestStatus<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error updating license&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">,</span> licenseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">,</span> PAGENAME_DETAIL<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>SELECTED_TAB<span style="color:#555">,</span> <span style="color:#c30">&#34;LicenseText&#34;</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span></code></pre></div><p>To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span>&lt;<span style="color:#309;font-weight:bold">portlet:actionURL</span> <span style="color:#309">var</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeLicenseTextURL&#34;</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeText&#34;</span>&gt; +</span></span><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">portlet:param</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;%=PortalConstants.LICENSE_ID%&gt;&#34;</span> <span style="color:#309">value</span><span style="color:#555">=</span><span style="color:#c30">&#34;${licenseDetail.id}&#34;</span> /&gt; +</span></span><span style="display:flex;"><span>&lt;/<span style="color:#309;font-weight:bold">portlet:actionURL</span>&gt; +</span></span></code></pre></div><p>A good practice to name fields in jsps is to use the thrift field names:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">textarea</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> <span style="color:#309">rows</span><span style="color:#555">=</span><span style="color:#c30">&#34;5&#34;</span> <span style="color:#309">style</span><span style="color:#555">=</span><span style="color:#c30">&#34;width: 100%&#34;</span> <span style="color:#309">id</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309">placeholder</span><span style="color:#555">=</span><span style="color:#c30">&#34;Enter the License-Text here...&#34;</span> +</span></span><span style="display:flex;"><span> &gt;${licenseDetail.text}&lt;/<span style="color:#309;font-weight:bold">textarea</span>&gt; +</span></span></code></pre></div>Docs: CouchDB External Documentshttps://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ +<h2 id="motivation">Motivation</h2> +<p>In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. Projects, components and releases contain attachments. The metadata of these attachments are stored as inline documents inside its parent document (which is the project, component or release). However these attachments may be used by other documents as well, e.g. license info files which are attached to releases are used by projects to generate the overall license information for that project. -In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.</p> -<h2 id="advantages-of-external-documents">Advantages of external documents</h2> -<ul> -<li>single documents with a clear separation to other documents</li> -<li>easy identification</li> -<li>might be loaded and updated standalone</li> -</ul> -<h2 id="advantages-of-internal-documents">Advantages of internal documents</h2> -<ul> -<li>Very fast loading along with the owner</li> -<li>Easy handling since only the owner must be loaded or updated</li> -</ul> -<p>In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.</p> -<h2 id="possible-implementations-for-linked-documents">Possible implementations for linked documents</h2> -<h3 id="special-responsehandler-with-special-views-from-couchdb">Special ResponseHandler with special views from CouchDB</h3> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:star::star: Middle, special views have to be created, fields of data objects has to be annotated.</td> -<td>:star::star::star: Very good, fetching of multiple documents with a single request.</td> -<td>:star: High, since existing code has to be changed</td> -</tr> -</tbody> -</table> -<h4 id="couch-db-theory">Couch-DB theory</h4> -<p>At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>project <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;project&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;Testproject&#34;</span>, -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">:</span> [ -</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span> }, -</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;z2&#34;</span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span><span style="display:flex;"><span>attachment1 <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, -</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;abc1234&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span><span style="display:flex;"><span>attachment2 <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a2&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, -</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;fed9876&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">===</span> <span style="color:#c30">&#34;attachment&#34;</span>) { -</span></span><span style="display:flex;"><span> emit(doc._id, <span style="color:#069;font-weight:bold">null</span>); -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span>(<span style="color:#069;font-weight:bold">var</span> <span style="color:#069;font-weight:bold">in</span> <span style="color:#069;font-weight:bold">in</span> doc.attachments) { -</span></span><span style="display:flex;"><span> emit(doc._id, { _id<span style="color:#555">:</span> doc.attachments[i]._id }); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;total_rows&#34;</span><span style="color:#555">:</span><span style="color:#f60">5</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;offset&#34;</span><span style="color:#555">:</span><span style="color:#f60">0</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;rows&#34;</span><span style="color:#555">:</span>[{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;attachments&#34;</span><span style="color:#555">:</span>[ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;a1&#34;</span>, <span style="color:#c30">&#34;a2&#34;</span> -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;name&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;Testproject&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, { -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a1&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, { -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;value&#34;</span><span style="color:#555">:</span><span style="color:#069;font-weight:bold">null</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a2&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>Note</strong> is will only work if you query the view with <code>include_docs</code> set to <code>true</code>. -<strong>Note</strong> include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:</p> -<ul> -<li>null: if the value is null, the document which is identified by the key is included</li> -<li>{ _id: &ldquo;&hellip;&rdquo; }: the document identified by the given id is included. +In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.</p> +<h2 id="advantages-of-external-documents">Advantages of external documents</h2> +<ul> +<li>single documents with a clear separation to other documents</li> +<li>easy identification</li> +<li>might be loaded and updated standalone</li> +</ul> +<h2 id="advantages-of-internal-documents">Advantages of internal documents</h2> +<ul> +<li>Very fast loading along with the owner</li> +<li>Easy handling since only the owner must be loaded or updated</li> +</ul> +<p>In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.</p> +<h2 id="possible-implementations-for-linked-documents">Possible implementations for linked documents</h2> +<h3 id="special-responsehandler-with-special-views-from-couchdb">Special ResponseHandler with special views from CouchDB</h3> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:star::star: Middle, special views have to be created, fields of data objects has to be annotated.</td> +<td>:star::star::star: Very good, fetching of multiple documents with a single request.</td> +<td>:star: High, since existing code has to be changed</td> +</tr> +</tbody> +</table> +<h4 id="couch-db-theory">Couch-DB theory</h4> +<p>At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>project <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;project&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;Testproject&#34;</span>, +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">:</span> [ +</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span> }, +</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;z2&#34;</span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span><span style="display:flex;"><span>attachment1 <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, +</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;abc1234&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span><span style="display:flex;"><span>attachment2 <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a2&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, +</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;fed9876&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">===</span> <span style="color:#c30">&#34;attachment&#34;</span>) { +</span></span><span style="display:flex;"><span> emit(doc._id, <span style="color:#069;font-weight:bold">null</span>); +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span>(<span style="color:#069;font-weight:bold">var</span> <span style="color:#069;font-weight:bold">in</span> <span style="color:#069;font-weight:bold">in</span> doc.attachments) { +</span></span><span style="display:flex;"><span> emit(doc._id, { _id<span style="color:#555">:</span> doc.attachments[i]._id }); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;total_rows&#34;</span><span style="color:#555">:</span><span style="color:#f60">5</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;offset&#34;</span><span style="color:#555">:</span><span style="color:#f60">0</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;rows&#34;</span><span style="color:#555">:</span>[{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;attachments&#34;</span><span style="color:#555">:</span>[ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;a1&#34;</span>, <span style="color:#c30">&#34;a2&#34;</span> +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;name&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;Testproject&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, { +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a1&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, { +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;value&#34;</span><span style="color:#555">:</span><span style="color:#069;font-weight:bold">null</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a2&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>Note</strong> is will only work if you query the view with <code>include_docs</code> set to <code>true</code>. +<strong>Note</strong> include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:</p> +<ul> +<li>null: if the value is null, the document which is identified by the key is included</li> +<li>{ _id: &ldquo;&hellip;&rdquo; }: the document identified by the given id is included. To be clear: transitive inclusions will not work! -<strong>Note</strong> See also <a href="https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents">https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents</a>.</li> -</ul> -<h3 id="implementation-with-ektorp">Implementation with Ektorp</h3> -<p><a href="https://github.com/eclipse/sw360/pull/596">https://github.com/eclipse/sw360/pull/596</a> show an implementation to transparently read such results from Couch-DB. It consists of:</p> -<ul> -<li>new methods in the database connector which are aware of loading linked documents</li> -<li>a response handler used for parsing the results when requesting linked documents</li> -<li>two annotation classes to mark fields which contain ids for linked documents -After the branch was merged, the new feature can be used in only three steps. You need:</li> -</ul> -<ol> -<li>A view that loads the &ldquo;main&rdquo; documents along with there linked documents</li> -<li>A special method in your database handler / database repository which calls the new method from the connector</li> -<li>A mixin for your data object which annotates the fields which contain ids to linked documents</li> -</ol> -<h4 id="notes-for-1">Notes for 1.</h4> -<p>Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. -You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.</p> -<h4 id="notes-for-2">Notes for 2.</h4> -<p>You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.</p> -<h4 id="notes-for-3">Notes for 3.</h4> -<p>Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.</p> -<h2 id="usage-with-ektorp">Usage with Ektorp</h2> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:no_entry: does not work</td> -<td>:no_entry:</td> -<td>:no_entry:</td> -</tr> -</tbody> -</table> -<p>Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. -However Ektorp has a linking feature as well: You may annotate fields with the <code>@DocumentReference</code>-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type <code>Set</code> at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the <code>@DocumentReference</code>-annotation to work was not possible with a reasonable effort.</p> -<p>Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.</p> -<h3 id="own-serializerdeserzialer">Own serializer/deserzialer</h3> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:star::star::star: Quite easy, just some Jackson configuration necessary</td> -<td>:star::star: Good, but every type of linked objects needs an additional request</td> -<td>:star::star::star: Low, existing code does not have to be changed</td> -</tr> -</tbody> -</table> -<p>This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. -The following classes are needed:</p> -<ol> -<li>Repository for the new external documents</li> -<li>DatabaseHandler for the new external documents</li> -<li>Mixin-Class to add annotations to the field with external documents</li> -<li>A new mapper factory to properly configure the custom serializer</li> -<li>Custom serializers/deserializer</li> -</ol> -<h4 id="example-for-externalizing-attachments">Example for externalizing attachments</h4> -<h5 id="mixin-class">Mixin-Class</h5> -<p>This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMixin</span> <span style="color:#069;font-weight:bold">extends</span> DatabaseMixIn <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonSerialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetSerializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonDeserialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetDeserializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">setAttachments</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h5 id="mapper-factory">Mapper factory</h5> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMapperFactory</span> <span style="color:#069;font-weight:bold">extends</span> MapperFactory <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentHandlerInstantiator handlerInitiator<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">SplitAttachmentsMapperFactory</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> handlerInitiator <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentHandlerInstantiator<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> ObjectMapper <span style="color:#c0f">createObjectMapper</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ObjectMapper objectMapper <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">createObjectMapper</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">addMixInAnnotations</span><span style="color:#555">(</span>Project<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">,</span> SplitAttachmentsMixin<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">setHandlerInstantiator</span><span style="color:#555">(</span>handlerInitiator<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> objectMapper<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">static</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentHandlerInstantiator</span> <span style="color:#069;font-weight:bold">extends</span> HandlerInstantiator <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetSerializer attachmentSetSerializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetDeserializer attachmentSetDeserializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentHandlerInstantiator</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachmentSetSerializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetSerializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> attachmentSetDeserializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetDeserializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> JsonDeserializer<span style="color:#555">&lt;?&gt;</span> deserializerInstance<span style="color:#555">(</span>DeserializationConfig config<span style="color:#555">,</span> Annotated annotated<span style="color:#555">,</span> Class<span style="color:#555">&lt;?&gt;</span> deserClass<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>deserClass<span style="color:#555">.</span><span style="color:#309">isInstance</span><span style="color:#555">(</span>attachmentSetDeserializer<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachmentSetDeserializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> <span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">...</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h5 id="serializer">Serializer</h5> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetSerializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonSerializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetSerializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serialize</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">,</span> JsonGenerator jsonGenerator<span style="color:#555">,</span> SerializerProvider provider<span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> List<span style="color:#555">&lt;</span>DocumentOperationResult<span style="color:#555">&gt;</span> results <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">bulkCreateOrUpdateAttachments</span><span style="color:#555">(</span>attachments<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>results<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments. Some failed: &#34;</span> <span style="color:#555">+</span> results<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments.&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartArray</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Attachment attachment <span style="color:#555">:</span> attachments<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartObject</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStringField</span><span style="color:#555">(</span><span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">,</span> attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndObject</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndArray</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="deserializer">Deserializer</h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetDeserializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonDeserializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetDeserializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> <span style="color:#c0f">deserialize</span><span style="color:#555">(</span>JsonParser jsonParser<span style="color:#555">,</span> DeserializationContext context<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>jsonParser<span style="color:#555">.</span><span style="color:#309">isExpectedStartArrayToken</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span><span style="color:#c30">&#34;Expected array token but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;</span> attachmentIds <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> JsonToken token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">while</span> <span style="color:#555">(!</span>JsonToken<span style="color:#555">.</span><span style="color:#309">END_ARRAY</span><span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>token<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">switch</span> <span style="color:#555">(</span>token<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">case</span> START_OBJECT<span style="color:#555">:</span> -</span></span><span style="display:flex;"><span> Attachment attachment <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">readValueAs</span><span style="color:#555">(</span>Attachment<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetId</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> <span style="color:#555">!</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetRevision</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachmentIds<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">break</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span><span style="color:#99f"> -</span></span></span><span style="display:flex;"><span><span style="color:#99f"> default:</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span> -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;Unexpected token. Expected object or string but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>attachmentIds<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">addAll</span><span style="color:#555">(</span>handler<span style="color:#555">.</span><span style="color:#309">retrieveAttachments</span><span style="color:#555">(</span>attachmentIds<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot load attachments (&#34;</span> <span style="color:#555">+</span> attachmentIds <span style="color:#555">+</span> <span style="color:#c30">&#34;)&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachments<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div> - - - - - Docs: Database migration using Costco - https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ - - - - <h3 id="praeamble">Praeamble</h3> -<p>Please note that database migrations are done now in python scripts at</p> -<blockquote> -<p><a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> -</blockquote> -<p>keeping the following page because Costco might be useful for development / testing / quick adaptations.</p> -<h3 id="problem">Problem</h3> -<p>The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.</p> -<h3 id="solution">Solution</h3> -<p>Use costco, an open source project that</p> -<ul> -<li>is a couchapp (right, this implies that you install the couchapp environment)</li> -<li>offers a Web interface as sub path of the couchdb database</li> -<li>allows to iterate through the documents of a database and then apply modifications on a particular document</li> -<li>allows to perform modifications on documents using Java script</li> -</ul> -<p>More information</p> -<ul> -<li>Project website: <a href="https://github.com/harthur/costco">https://github.com/harthur/costco</a></li> -<li>Useful examples: <a href="http://harthur.github.io/costco/">http://harthur.github.io/costco/</a></li> -</ul> -<p>Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document &lsquo;schema&rsquo; (not in the classic sense as there is no schema in couchdb).</p> -<h3 id="troubleshooting">Troubleshooting</h3> -<p>If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a &rsquo;not-so-obvious&rsquo; python error during install of couchapp. The following line could be th dependencies that you might need:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>sudo apt-get install python-dev libxml2-dev libxslt-dev -</span></span></code></pre></div><h3 id="cheat-sheet-installing-costco-inside-an-sw360vagrant-deployment">Cheat Sheet: Installing costco inside an sw360vagrant deployment</h3> -<p>OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ sudo apt-get install python-dev libxml2-dev libxslt-dev -</span></span><span style="display:flex;"><span>$ sudo pip install couchapp -</span></span><span style="display:flex;"><span>$ git clone http://github.com/harthur/costco.git -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> costco -</span></span><span style="display:flex;"><span>$ couchapp push . http://localhost:5984/sw360db -</span></span></code></pre></div><h3 id="examples-in-sw360">Examples in sw360</h3> -<p>The following examples show some costco code from the use with sw360.</p> -<h4 id="renaming-a-key">Renaming a key</h4> -<p>In order to rename a field&rsquo;s key, the following code might be helpful. In the following example, the field&rsquo;s key <code>developement</code> into <code>development</code> (correcting a typo in the datamodel).</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;todo&#39;</span>) { -</span></span><span style="display:flex;"><span> doc.development <span style="color:#555">=</span> doc.developement; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.developement; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h4 id="renaming-a-key-in-a-subdocument">Renaming a key in a subdocument</h4> -<p>Similar thing as above, rename a key from <code>comment</code> to <code>createdcomment</code>, but this time inside a nested list of documents.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> f <span style="color:#555">=</span> <span style="color:#f60">0</span>, len <span style="color:#555">=</span> doc.attachments.length; f <span style="color:#555">&lt;</span> len; f <span style="color:#555">+=</span><span style="color:#f60">1</span> ) { -</span></span><span style="display:flex;"><span> doc.attachments[f].createdComment <span style="color:#555">=</span> doc.attachments[f].comment; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.attachments[f].comment; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h3 id="more-javascript-examples-with-couchdb">More JavaScript Examples with CouchDB</h3> -<p>In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.</p> -<p>The following example searched for attachments of type <code>SOURCE</code> at releases, which do not have the <code>createdBy</code> set:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> ((doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) -</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.attachments)) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> attachment <span style="color:#069;font-weight:bold">in</span> doc.attachments) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (<span style="color:#555">!</span>doc.attachments[attachment].createdBy) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.attachments[attachment].attachmentType<span style="color:#555">==</span> <span style="color:#c30">&#39;SOURCE&#39;</span>) { -</span></span><span style="display:flex;"><span> emit(doc._id, doc.attachments[attachment].filename); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>The following example looks into date fields, in this case <code>createdOn</code>, and checks if it uses dots (for changing them into dashes).</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>( -</span></span><span style="display:flex;"><span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) -</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.createdOn.indexOf(<span style="color:#c30">&#39;.&#39;</span>) <span style="color:#555">!==</span> <span style="color:#555">-</span><span style="color:#f60">1</span>) -</span></span><span style="display:flex;"><span> ) -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> emit(doc.name, doc) -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div> - - - - - Docs: Definition of Done - https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ - - - - <h3 id="policy">Policy</h3> -<ul> -<li>Review points should involve one person from another angle (not just the person you were sitting together with anyways)</li> -<li>Limit items in review to 5, try to coordinate</li> -<li>Using Github assignments to issues or pull requests</li> -<li>Open review items require conversation</li> -</ul> -<h1 id="definition-of-done">Definition of Done</h1> -<ul> -<li> -<p>File headers in file OK</p> -<ul> -<li>EPL-2.0 license header</li> -<li>Or, if the file is too small, configuration file: license note (see code style)</li> -<li>Copyright and author</li> -</ul> -</li> -<li> -<p>Create Branches for sw360</p> -<ul> -<li>Please use conventional branch names for sw360 <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-branches/">Dev-Branches</a></li> -</ul> -</li> -<li> -<p>Avoid (serious) compiler warnings</p> -<ul> -<li>Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please</li> -<li>Rebase onto current master so that a fast forward merge is possible</li> -<li>That means that merge to master is prepared</li> -</ul> -</li> -<li> -<p>No breaking test</p> -<ul> -<li>Unit testing as it is already present</li> -<li>You have more - use them!</li> -</ul> -</li> -<li> -<p>New test</p> -<ul> -<li>For new / added functionality</li> -</ul> -</li> -<li> -<p>Documentation</p> -<ul> -<li>in the Githuib Wiki-Section, if you have done something new</li> -<li>At least a technical note for newly added functionality</li> -</ul> -</li> -<li> -<p>Commit style</p> -<ul> -<li>try to squash commits. In the ideal case, a feature is contained in one commit.</li> -<li>try to use conventional changelog for commit messages. <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-semantic-commits/">Dev-Semantic-Commits</a></li> -</ul> -</li> -</ul> -<h1 id="review">Review</h1> -<p>Review basically checks for the D-o-D items, in particular</p> -<ul> -<li>Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful</li> -<li>Design / architecture issues</li> -<li>Community contribution suitability</li> -<li>Issue coverage (does it actually solve the problem?)</li> -<li>Add to commit message of merge commit explicitly:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>review-by:email@domain.com -</span></span></code></pre></div><p>and</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>tested-by:email@domain.com -</span></span></code></pre></div><h1 id="licensing-and-file-header">Licensing and File Header</h1> -<p>All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.</p> -<p>If a file has relevant functionality, note that we should move to Eclipse 2.0</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Java" data-lang="Java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">/* -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright COPYRIGHT HOLDER, 2017. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright NEXT COPYRIGHT HOLDER, 2017. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Part of the SW360 Portal Project. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * SPDX-License-Identifier: EPL-1.0 -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * All rights reserved. This program and the accompanying materials -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * are made available under the terms of the Eclipse Public License v1.0 -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * which accompanies this distribution, and is available at -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * http://www.eclipse.org/legal/epl-v10.html -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> */</span> -</span></span></code></pre></div><p>(please adapt comment characters usage)</p> -<p>For small files such as property files, configuration files or standard XML files:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Copyright &lt;COPYRIGHT_HOLDER&gt;, &lt;YEAR&gt;. Part of the SW360 Portal Project.</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">#</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># All rights reserved. This configuration file is provided to you under the</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># terms and conditions of the Eclipse Distribution License v1.0 which</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># accompanies this distribution, and is available at</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># http://www.eclipse.org/org/documents/edl-v10.php</span> -</span></span></code></pre></div><h1 id="code-style">Code style</h1> -<p>Just use the standard Java formatting rules of your IDE and <strong>do not reformat</strong> code from others, because you like to correct formatting of other&rsquo;s code.</p> - - - - - - Docs: Filtering in Portlets - https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ - - - - <p>For the filters that are shown for components and listings, there are some options:</p> -<ol> -<li> -<p>The <strong>Keyword search</strong> works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.</p> -</li> -<li> -<p>The <strong>filters</strong> actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, <code>ProjectPortlet</code> calls the thrift service <code>refineSearch()</code>, which is handled in <code>ProjectHandler</code>. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in <code>ProjectSearchHandler.java</code>. This is called with the <code>LuceneAwareDatabaseConnector.java</code>. After filtering, the visibility constraints for the requesting user are applied.</p> -</li> -<li> -<p>Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).</p> -</li> -</ol> - - - - - - Docs: Fossology Integration - https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ - - - - <p>Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.</p> -<p>The commands that are executed are the bash scripts found inside <code>src-fossology/src/main/resources/scripts/</code>, they are copied into the home directory of the ssh user (either manually or through the admin portlet). -See <a href="Fossology-Setup">Setup of connection with Fossology</a> for configuration details.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>\- src-fossology/src/main/resources/ -</span></span><span style="display:flex;"><span> \- scripts/ -</span></span><span style="display:flex;"><span> |- duplicateUpload -</span></span><span style="display:flex;"><span> |- folderManager -</span></span><span style="display:flex;"><span> |- getStatusOfUpload -</span></span><span style="display:flex;"><span> |- uploadFromSW360 -</span></span><span style="display:flex;"><span> \- utilsSW360 -</span></span></code></pre></div><p>These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as <code>cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...</code>).</p> -<ul> -<li><code>utilsSW360</code> contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes</li> -<li><code>folderManager</code> (uses FO:<code>fo_folder</code>): get information about the folder structure of FOSSology to allow sharing of uploads between groups</li> -<li><code>getStatusOfUpload</code> (uses FO:<code>fossupload_status</code>): to get the clearing status given an uploadId and a group</li> -<li><code>uploadFromSW360</code> (uses FO:<code>cp2foss fossjobs</code>): to create a new upload from the standard input and schedule scanners</li> -<li><code>duplicateUpload</code> (uses FO:<code>fo_chmod</code> SW:<code>folderManager</code>): to make a previously uploaded file available for another group</li> -</ul> -<h3 id="java-libraries-and-settings">Java libraries and settings</h3> -<p>The java code utilizes the package <code>com.jcraft.jsch</code> to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.</p> -<h3 id="conventions">Conventions</h3> -<p>the sw360 user in FOSSology (the actual name is configured in <code>utilsSW360</code>) <strong>must be a member of every group</strong> to which it should be able to send Releases to be cleared. -File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).</p> -<h3 id="datamodel-and-thrift-service">Datamodel and thrift service</h3> -<ul> -<li> -<p>each Release object in SW360 can have only one attachment of type SOURCE.</p> -</li> -<li> -<p>when a Release is sent <em>for the first time</em> to FOSSology through the Thrift method <code>sendToFossology(1: string releaseId, 2: string clearingTeam )</code> its SOURCE attachement is sent as stdin to the script <code>uploadFromSW360</code>.</p> -<p>The field <code>map&lt;string, FossologyStatus&gt; clearingTeamToFossologyStatus</code> is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).</p> -</li> -<li> -<p>when the same Release is <em>sent again for another team</em> a new <em>link</em> in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:<code>fo_chmod</code>).</p> -<p>At the moment this gives access only to the files, not to the relative clearing decision. -In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]</p> -</li> -<li> -<p>when the current status is requested using the Thrift method <code>Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )</code> the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam</p> -</li> -</ul> -<h3 id="notes">Notes</h3> -<ul> -<li>Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.</li> -<li>Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.</li> -</ul> - - - - - - Docs: Liferay Friendly - https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ - - - - <p>The normal generated portlet URLs containing a set of internal Liferay request parameters. <br> -These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.</p> -<p>General Liferay portlet URL: <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&amp;p_p_lifecycle=1&amp;p_p_state=normal&amp;p_p_mode=view&amp;p_p_col_id=column-1&amp;p_p_col_count=1&amp;_example_WAR_ExamplePortlet_javax.portlet.action=new -</span></span></code></pre></div><p>Explanation of the Liferay request parameters: <br> -<strong>p_p_id:</strong> The portlet ID (example_WAR_ExamplePortlet)<br> -<strong>p_p_state:</strong> Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize) <br> -<strong>p_p_mode</strong>: Mode of the portlet look like - (view) (edit) (help) <br> -<strong>p_p_lifecycle:</strong> This is life cycle of portlet - 0 (render) 1 (action) 2 (server) <br> -<strong>p_p_col_id:</strong> The reference ID of the column in Liferay template <br> -<strong>p_p_col_pos:</strong> Specifiy the column position if the the layout having more than one columns <br> -<strong>p_p_col_count:</strong> Shows the no of columns in the current layout</p> -<h3 id="friendly-url-mapper-configuration">Friendly URL Mapper configuration</h3> -<p>Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature. <br> <br> -How to configure the friendly URL Mapper in Liferay? <br> <br> -<strong>Configuration of URL routes in XML files</strong> <br></p> -<p><em>CREATE example-friendly-url-routes.xml</em> <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#099">&lt;?xml version=&#34;1.0&#34;?&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#099">&lt;!DOCTYPE routes PUBLIC &#34;-//Liferay//DTD Friendly URL Routes 6.2.2//EN&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#099">&#34;http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd&#34;&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;routes&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;route&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;pattern&gt;</span>/action/{actionName}<span style="color:#309;font-weight:bold">&lt;/pattern&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;generated-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;javax.portlet.action&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>{actionName}<span style="color:#309;font-weight:bold">&lt;/generated-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_auth&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_id&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_lifecycle&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>1<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_state&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>normal<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_mode&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/route&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/routes&gt;</span> -</span></span></code></pre></div><p>Explanation of the Liferay Friendly Mapper route parameters: <br> -<strong>routes:</strong> Routes element which contains all route entries <br> -<strong>route:</strong> Single route element entry <br> -<strong>pattern:</strong> Pattern of the mapped friendly URL (visible in address bar) <br> -<strong>generated-parameter:</strong> These parameters will be generated from parameters in the request URL <br> -<strong>ignored-parameter:</strong> These parameters will be igored and not included in generated URLs <br> -<strong>implicit-parameter:</strong> Used for static attributes which can be ignored by recognition <br> -<strong>overridden-parameter:</strong> Parameter that should be set to a certain value when a URL is recognized <br> -<br> -It is necessary to order the parameters as described above. <br> -These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay. <br> -<br> -<strong>Configuration of friendly URL Java class</strong> <br> -<br> -<em>MODIFY liferay-portlet.xml</em> -<br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapper-class&gt;</span>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapper-class&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapping&gt;</span>example<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapping&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-routes&gt;</span>com/.../example-friendly-url-routes.xml<span style="color:#309;font-weight:bold">&lt;/friendly-url-routes&gt;</span> -</span></span></code></pre></div><br> -In the next step we need one java implementation class to generate the Liferay friendly URLs. <br> -<p>Liferay provides the <em>DefaultFriendlyURLMapper</em> class to create the URLs based on our rules. <br></p> -<p>The Liferay Friendly URL Mapper configuration is placed after <code>&lt;icon/&gt;</code> and before <code>&lt;instanceable&gt;</code> -tag.</p> -<h3 id="friendly-url-mapper-outcome">Friendly URL Mapper outcome</h3> -<p><strong>Liferay will generate the following friendly URL</strong> <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples/-/example/action/new -</span></span></code></pre></div><br> -<ol> -<li>The liferay framework will add &ldquo;-&rdquo; (dash)</li> -<li>Friendly URL mapper name which is configured in <code>&lt;friendly-url-mapping&gt;</code> (liferay-portlet.xml) element</li> -<li>Pattern name with generated parameters which is same as in <code>&lt;pattern&gt;</code> (example-friendly-url-routes.xml) defined.</li> -</ol> -<h3 id="additional">Additional</h3> -<p>Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript. <br> -It is helpful to generate <code>&lt;portlet:renderURL&gt;</code> placeholder and replace them by using dummy values.</p> - - - - - - Docs: Moderation Requests - https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ - - - - <p>The concept of moderation is good for two things:</p> -<ul> -<li>to cope with a large number of potential edits on documents.</li> -<li>to allow every user to propose edits.</li> -</ul> -<p>Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.</p> -<h2 id="application-flow">Application Flow</h2> -<p>A user changes a moderated document, which are component, release, project and todo&rsquo;s of licenses (and the white list):</p> -<ul> -<li> -<p>The user switches in edit mode and applies a change.</p> -</li> -<li> -<p>The user submits the change by clicking &ldquo;Update &hellip;&rdquo;</p> -</li> -<li> -<p>The application checks, if the permissions are sufficient</p> -</li> -<li> -<p>For sufficient permissions, see here: <a href="https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model">https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model</a></p> -</li> -<li> -<p>If the permissions do not allow the edit right away, a moderation request is created.</p> -</li> -<li> -<p>Moderators can see the moderation request in the moderation portlet</p> -</li> -<li> -<p>Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators</p> -</li> -</ul> -<h2 id="technical-description">Technical Description</h2> -<h3 id="checking-document-permissions">Checking Document Permissions</h3> -<p>If a moderation requests needs to be created, because the user does not have sufficient permissions:</p> -<ul> -<li>The request goes through the stack, for example: project portlet, project handler, project database handler.</li> -<li>Then the project database handler checks for permissions using <code>makePermission()</code> (<code>DocumentPermission</code> is the base class, then <code>ProjectPermissions</code> is the referring here for projects) and <code>isActionAllowed()</code>.</li> -<li>For moderation requests, we assume that this action is not allowed. Then, the <code>ProjectModerator</code> is called (see package <code>...sw360.datahandler.entitlement</code>).</li> -<li>This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.</li> -</ul> -<p>Every moderation request is created using the thrift-based API.</p> -<h3 id="writing-a-moderation-request-to-the-database">Writing a Moderation Request to the Database</h3> -<p>The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:</p> -<ul> -<li>The requests arrives in the <code>ModerationDatabaseHandler</code>.</li> -<li>This handler writes the request to the database.</li> -</ul> -<h3 id="creation-details-in-the-service">Creation Details in the Service</h3> -<p>The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.</p> -<p>Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the <code>ModerationDatabaseHandler</code> class. At the same location the check for deletion is performed.</p> -<h3 id="what-is-in-the-database">What is in the Database?</h3> -<p>The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.</p> -<p>The following screen shot shows an example for a moderation request for a project.</p> -<p><img src="https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png" alt="Example Moderation Request in Database"></p> -<h3 id="evaluating-the-moderation-request">Evaluating the Moderation Request</h3> -<p>On the moderation portlet all moderations will be shown, for which the user is a moderator. +<strong>Note</strong> See also <a href="https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents">https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents</a>.</li> +</ul> +<h3 id="implementation-with-ektorp">Implementation with Ektorp</h3> +<p><a href="https://github.com/eclipse/sw360/pull/596">https://github.com/eclipse/sw360/pull/596</a> show an implementation to transparently read such results from Couch-DB. It consists of:</p> +<ul> +<li>new methods in the database connector which are aware of loading linked documents</li> +<li>a response handler used for parsing the results when requesting linked documents</li> +<li>two annotation classes to mark fields which contain ids for linked documents +After the branch was merged, the new feature can be used in only three steps. You need:</li> +</ul> +<ol> +<li>A view that loads the &ldquo;main&rdquo; documents along with there linked documents</li> +<li>A special method in your database handler / database repository which calls the new method from the connector</li> +<li>A mixin for your data object which annotates the fields which contain ids to linked documents</li> +</ol> +<h4 id="notes-for-1">Notes for 1.</h4> +<p>Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. +You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.</p> +<h4 id="notes-for-2">Notes for 2.</h4> +<p>You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.</p> +<h4 id="notes-for-3">Notes for 3.</h4> +<p>Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.</p> +<h2 id="usage-with-ektorp">Usage with Ektorp</h2> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:no_entry: does not work</td> +<td>:no_entry:</td> +<td>:no_entry:</td> +</tr> +</tbody> +</table> +<p>Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. +However Ektorp has a linking feature as well: You may annotate fields with the <code>@DocumentReference</code>-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type <code>Set</code> at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the <code>@DocumentReference</code>-annotation to work was not possible with a reasonable effort.</p> +<p>Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.</p> +<h3 id="own-serializerdeserzialer">Own serializer/deserzialer</h3> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:star::star::star: Quite easy, just some Jackson configuration necessary</td> +<td>:star::star: Good, but every type of linked objects needs an additional request</td> +<td>:star::star::star: Low, existing code does not have to be changed</td> +</tr> +</tbody> +</table> +<p>This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. +The following classes are needed:</p> +<ol> +<li>Repository for the new external documents</li> +<li>DatabaseHandler for the new external documents</li> +<li>Mixin-Class to add annotations to the field with external documents</li> +<li>A new mapper factory to properly configure the custom serializer</li> +<li>Custom serializers/deserializer</li> +</ol> +<h4 id="example-for-externalizing-attachments">Example for externalizing attachments</h4> +<h5 id="mixin-class">Mixin-Class</h5> +<p>This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMixin</span> <span style="color:#069;font-weight:bold">extends</span> DatabaseMixIn <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonSerialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetSerializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonDeserialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetDeserializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">setAttachments</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h5 id="mapper-factory">Mapper factory</h5> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMapperFactory</span> <span style="color:#069;font-weight:bold">extends</span> MapperFactory <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentHandlerInstantiator handlerInitiator<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">SplitAttachmentsMapperFactory</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> handlerInitiator <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentHandlerInstantiator<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> ObjectMapper <span style="color:#c0f">createObjectMapper</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ObjectMapper objectMapper <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">createObjectMapper</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">addMixInAnnotations</span><span style="color:#555">(</span>Project<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">,</span> SplitAttachmentsMixin<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">setHandlerInstantiator</span><span style="color:#555">(</span>handlerInitiator<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> objectMapper<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">static</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentHandlerInstantiator</span> <span style="color:#069;font-weight:bold">extends</span> HandlerInstantiator <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetSerializer attachmentSetSerializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetDeserializer attachmentSetDeserializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentHandlerInstantiator</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachmentSetSerializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetSerializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> attachmentSetDeserializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetDeserializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> JsonDeserializer<span style="color:#555">&lt;?&gt;</span> deserializerInstance<span style="color:#555">(</span>DeserializationConfig config<span style="color:#555">,</span> Annotated annotated<span style="color:#555">,</span> Class<span style="color:#555">&lt;?&gt;</span> deserClass<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>deserClass<span style="color:#555">.</span><span style="color:#309">isInstance</span><span style="color:#555">(</span>attachmentSetDeserializer<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachmentSetDeserializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> <span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">...</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h5 id="serializer">Serializer</h5> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetSerializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonSerializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetSerializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serialize</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">,</span> JsonGenerator jsonGenerator<span style="color:#555">,</span> SerializerProvider provider<span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> List<span style="color:#555">&lt;</span>DocumentOperationResult<span style="color:#555">&gt;</span> results <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">bulkCreateOrUpdateAttachments</span><span style="color:#555">(</span>attachments<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>results<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments. Some failed: &#34;</span> <span style="color:#555">+</span> results<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments.&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartArray</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Attachment attachment <span style="color:#555">:</span> attachments<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartObject</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStringField</span><span style="color:#555">(</span><span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">,</span> attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndObject</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndArray</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="deserializer">Deserializer</h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetDeserializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonDeserializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetDeserializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> <span style="color:#c0f">deserialize</span><span style="color:#555">(</span>JsonParser jsonParser<span style="color:#555">,</span> DeserializationContext context<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>jsonParser<span style="color:#555">.</span><span style="color:#309">isExpectedStartArrayToken</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span><span style="color:#c30">&#34;Expected array token but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;</span> attachmentIds <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> JsonToken token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">while</span> <span style="color:#555">(!</span>JsonToken<span style="color:#555">.</span><span style="color:#309">END_ARRAY</span><span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>token<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">switch</span> <span style="color:#555">(</span>token<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">case</span> START_OBJECT<span style="color:#555">:</span> +</span></span><span style="display:flex;"><span> Attachment attachment <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">readValueAs</span><span style="color:#555">(</span>Attachment<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetId</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> <span style="color:#555">!</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetRevision</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachmentIds<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">break</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span><span style="color:#99f"> +</span></span></span><span style="display:flex;"><span><span style="color:#99f"> default:</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span> +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;Unexpected token. Expected object or string but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>attachmentIds<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">addAll</span><span style="color:#555">(</span>handler<span style="color:#555">.</span><span style="color:#309">retrieveAttachments</span><span style="color:#555">(</span>attachmentIds<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot load attachments (&#34;</span> <span style="color:#555">+</span> attachmentIds <span style="color:#555">+</span> <span style="color:#c30">&#34;)&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachments<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div>Docs: Database migration using Costcohttps://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ +<h3 id="praeamble">Praeamble</h3> +<p>Please note that database migrations are done now in python scripts at</p> +<blockquote> +<p><a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> +</blockquote> +<p>keeping the following page because Costco might be useful for development / testing / quick adaptations.</p> +<h3 id="problem">Problem</h3> +<p>The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.</p> +<h3 id="solution">Solution</h3> +<p>Use costco, an open source project that</p> +<ul> +<li>is a couchapp (right, this implies that you install the couchapp environment)</li> +<li>offers a Web interface as sub path of the couchdb database</li> +<li>allows to iterate through the documents of a database and then apply modifications on a particular document</li> +<li>allows to perform modifications on documents using Java script</li> +</ul> +<p>More information</p> +<ul> +<li>Project website: <a href="https://github.com/harthur/costco">https://github.com/harthur/costco</a></li> +<li>Useful examples: <a href="http://harthur.github.io/costco/">http://harthur.github.io/costco/</a></li> +</ul> +<p>Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document &lsquo;schema&rsquo; (not in the classic sense as there is no schema in couchdb).</p> +<h3 id="troubleshooting">Troubleshooting</h3> +<p>If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a &rsquo;not-so-obvious&rsquo; python error during install of couchapp. The following line could be th dependencies that you might need:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>sudo apt-get install python-dev libxml2-dev libxslt-dev +</span></span></code></pre></div><h3 id="cheat-sheet-installing-costco-inside-an-sw360vagrant-deployment">Cheat Sheet: Installing costco inside an sw360vagrant deployment</h3> +<p>OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ sudo apt-get install python-dev libxml2-dev libxslt-dev +</span></span><span style="display:flex;"><span>$ sudo pip install couchapp +</span></span><span style="display:flex;"><span>$ git clone http://github.com/harthur/costco.git +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> costco +</span></span><span style="display:flex;"><span>$ couchapp push . http://localhost:5984/sw360db +</span></span></code></pre></div><h3 id="examples-in-sw360">Examples in sw360</h3> +<p>The following examples show some costco code from the use with sw360.</p> +<h4 id="renaming-a-key">Renaming a key</h4> +<p>In order to rename a field&rsquo;s key, the following code might be helpful. In the following example, the field&rsquo;s key <code>developement</code> into <code>development</code> (correcting a typo in the datamodel).</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;todo&#39;</span>) { +</span></span><span style="display:flex;"><span> doc.development <span style="color:#555">=</span> doc.developement; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.developement; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h4 id="renaming-a-key-in-a-subdocument">Renaming a key in a subdocument</h4> +<p>Similar thing as above, rename a key from <code>comment</code> to <code>createdcomment</code>, but this time inside a nested list of documents.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> f <span style="color:#555">=</span> <span style="color:#f60">0</span>, len <span style="color:#555">=</span> doc.attachments.length; f <span style="color:#555">&lt;</span> len; f <span style="color:#555">+=</span><span style="color:#f60">1</span> ) { +</span></span><span style="display:flex;"><span> doc.attachments[f].createdComment <span style="color:#555">=</span> doc.attachments[f].comment; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.attachments[f].comment; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h3 id="more-javascript-examples-with-couchdb">More JavaScript Examples with CouchDB</h3> +<p>In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.</p> +<p>The following example searched for attachments of type <code>SOURCE</code> at releases, which do not have the <code>createdBy</code> set:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> ((doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) +</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.attachments)) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> attachment <span style="color:#069;font-weight:bold">in</span> doc.attachments) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (<span style="color:#555">!</span>doc.attachments[attachment].createdBy) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.attachments[attachment].attachmentType<span style="color:#555">==</span> <span style="color:#c30">&#39;SOURCE&#39;</span>) { +</span></span><span style="display:flex;"><span> emit(doc._id, doc.attachments[attachment].filename); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>The following example looks into date fields, in this case <code>createdOn</code>, and checks if it uses dots (for changing them into dashes).</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>( +</span></span><span style="display:flex;"><span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) +</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.createdOn.indexOf(<span style="color:#c30">&#39;.&#39;</span>) <span style="color:#555">!==</span> <span style="color:#555">-</span><span style="color:#f60">1</span>) +</span></span><span style="display:flex;"><span> ) +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> emit(doc.name, doc) +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div>Docs: Definition of Donehttps://www.eclipse.org/sw360/docs/development/dev-dod-and-style/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ +<h3 id="policy">Policy</h3> +<ul> +<li>Review points should involve one person from another angle (not just the person you were sitting together with anyways)</li> +<li>Limit items in review to 5, try to coordinate</li> +<li>Using Github assignments to issues or pull requests</li> +<li>Open review items require conversation</li> +</ul> +<h1 id="definition-of-done">Definition of Done</h1> +<ul> +<li> +<p>File headers in file OK</p> +<ul> +<li>EPL-2.0 license header</li> +<li>Or, if the file is too small, configuration file: license note (see code style)</li> +<li>Copyright and author</li> +</ul> +</li> +<li> +<p>Create Branches for sw360</p> +<ul> +<li>Please use conventional branch names for sw360 <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-branches/">Dev-Branches</a></li> +</ul> +</li> +<li> +<p>Avoid (serious) compiler warnings</p> +<ul> +<li>Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please</li> +<li>Rebase onto current master so that a fast forward merge is possible</li> +<li>That means that merge to master is prepared</li> +</ul> +</li> +<li> +<p>No breaking test</p> +<ul> +<li>Unit testing as it is already present</li> +<li>You have more - use them!</li> +</ul> +</li> +<li> +<p>New test</p> +<ul> +<li>For new / added functionality</li> +</ul> +</li> +<li> +<p>Documentation</p> +<ul> +<li>in the Githuib Wiki-Section, if you have done something new</li> +<li>At least a technical note for newly added functionality</li> +</ul> +</li> +<li> +<p>Commit style</p> +<ul> +<li>try to squash commits. In the ideal case, a feature is contained in one commit.</li> +<li>try to use conventional changelog for commit messages. <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-semantic-commits/">Dev-Semantic-Commits</a></li> +</ul> +</li> +</ul> +<h1 id="review">Review</h1> +<p>Review basically checks for the D-o-D items, in particular</p> +<ul> +<li>Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful</li> +<li>Design / architecture issues</li> +<li>Community contribution suitability</li> +<li>Issue coverage (does it actually solve the problem?)</li> +<li>Add to commit message of merge commit explicitly:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>review-by:email@domain.com +</span></span></code></pre></div><p>and</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>tested-by:email@domain.com +</span></span></code></pre></div><h1 id="licensing-and-file-header">Licensing and File Header</h1> +<p>All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.</p> +<p>If a file has relevant functionality, note that we should move to Eclipse 2.0</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Java" data-lang="Java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">/* +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright COPYRIGHT HOLDER, 2017. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright NEXT COPYRIGHT HOLDER, 2017. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Part of the SW360 Portal Project. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * SPDX-License-Identifier: EPL-1.0 +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * All rights reserved. This program and the accompanying materials +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * are made available under the terms of the Eclipse Public License v1.0 +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * which accompanies this distribution, and is available at +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * http://www.eclipse.org/legal/epl-v10.html +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> */</span> +</span></span></code></pre></div><p>(please adapt comment characters usage)</p> +<p>For small files such as property files, configuration files or standard XML files:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Copyright &lt;COPYRIGHT_HOLDER&gt;, &lt;YEAR&gt;. Part of the SW360 Portal Project.</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">#</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># All rights reserved. This configuration file is provided to you under the</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># terms and conditions of the Eclipse Distribution License v1.0 which</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># accompanies this distribution, and is available at</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># http://www.eclipse.org/org/documents/edl-v10.php</span> +</span></span></code></pre></div><h1 id="code-style">Code style</h1> +<p>Just use the standard Java formatting rules of your IDE and <strong>do not reformat</strong> code from others, because you like to correct formatting of other&rsquo;s code.</p>Docs: Filtering in Portletshttps://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ +<p>For the filters that are shown for components and listings, there are some options:</p> +<ol> +<li> +<p>The <strong>Keyword search</strong> works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.</p> +</li> +<li> +<p>The <strong>filters</strong> actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, <code>ProjectPortlet</code> calls the thrift service <code>refineSearch()</code>, which is handled in <code>ProjectHandler</code>. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in <code>ProjectSearchHandler.java</code>. This is called with the <code>LuceneAwareDatabaseConnector.java</code>. After filtering, the visibility constraints for the requesting user are applied.</p> +</li> +<li> +<p>Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).</p> +</li> +</ol>Docs: Fossology Integrationhttps://www.eclipse.org/sw360/docs/development/dev-fossology-integration/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ +<p>Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.</p> +<p>The commands that are executed are the bash scripts found inside <code>src-fossology/src/main/resources/scripts/</code>, they are copied into the home directory of the ssh user (either manually or through the admin portlet). +See <a href="Fossology-Setup">Setup of connection with Fossology</a> for configuration details.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>\- src-fossology/src/main/resources/ +</span></span><span style="display:flex;"><span> \- scripts/ +</span></span><span style="display:flex;"><span> |- duplicateUpload +</span></span><span style="display:flex;"><span> |- folderManager +</span></span><span style="display:flex;"><span> |- getStatusOfUpload +</span></span><span style="display:flex;"><span> |- uploadFromSW360 +</span></span><span style="display:flex;"><span> \- utilsSW360 +</span></span></code></pre></div><p>These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as <code>cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...</code>).</p> +<ul> +<li><code>utilsSW360</code> contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes</li> +<li><code>folderManager</code> (uses FO:<code>fo_folder</code>): get information about the folder structure of FOSSology to allow sharing of uploads between groups</li> +<li><code>getStatusOfUpload</code> (uses FO:<code>fossupload_status</code>): to get the clearing status given an uploadId and a group</li> +<li><code>uploadFromSW360</code> (uses FO:<code>cp2foss fossjobs</code>): to create a new upload from the standard input and schedule scanners</li> +<li><code>duplicateUpload</code> (uses FO:<code>fo_chmod</code> SW:<code>folderManager</code>): to make a previously uploaded file available for another group</li> +</ul> +<h3 id="java-libraries-and-settings">Java libraries and settings</h3> +<p>The java code utilizes the package <code>com.jcraft.jsch</code> to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.</p> +<h3 id="conventions">Conventions</h3> +<p>the sw360 user in FOSSology (the actual name is configured in <code>utilsSW360</code>) <strong>must be a member of every group</strong> to which it should be able to send Releases to be cleared. +File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).</p> +<h3 id="datamodel-and-thrift-service">Datamodel and thrift service</h3> +<ul> +<li> +<p>each Release object in SW360 can have only one attachment of type SOURCE.</p> +</li> +<li> +<p>when a Release is sent <em>for the first time</em> to FOSSology through the Thrift method <code>sendToFossology(1: string releaseId, 2: string clearingTeam )</code> its SOURCE attachement is sent as stdin to the script <code>uploadFromSW360</code>.</p> +<p>The field <code>map&lt;string, FossologyStatus&gt; clearingTeamToFossologyStatus</code> is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).</p> +</li> +<li> +<p>when the same Release is <em>sent again for another team</em> a new <em>link</em> in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:<code>fo_chmod</code>).</p> +<p>At the moment this gives access only to the files, not to the relative clearing decision. +In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]</p> +</li> +<li> +<p>when the current status is requested using the Thrift method <code>Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )</code> the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam</p> +</li> +</ul> +<h3 id="notes">Notes</h3> +<ul> +<li>Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.</li> +<li>Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.</li> +</ul>Docs: Liferay Friendlyhttps://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ +<p>The normal generated portlet URLs containing a set of internal Liferay request parameters. <br> +These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.</p> +<p>General Liferay portlet URL: <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&amp;p_p_lifecycle=1&amp;p_p_state=normal&amp;p_p_mode=view&amp;p_p_col_id=column-1&amp;p_p_col_count=1&amp;_example_WAR_ExamplePortlet_javax.portlet.action=new +</span></span></code></pre></div><p>Explanation of the Liferay request parameters: <br> +<strong>p_p_id:</strong> The portlet ID (example_WAR_ExamplePortlet)<br> +<strong>p_p_state:</strong> Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize) <br> +<strong>p_p_mode</strong>: Mode of the portlet look like - (view) (edit) (help) <br> +<strong>p_p_lifecycle:</strong> This is life cycle of portlet - 0 (render) 1 (action) 2 (server) <br> +<strong>p_p_col_id:</strong> The reference ID of the column in Liferay template <br> +<strong>p_p_col_pos:</strong> Specifiy the column position if the the layout having more than one columns <br> +<strong>p_p_col_count:</strong> Shows the no of columns in the current layout</p> +<h3 id="friendly-url-mapper-configuration">Friendly URL Mapper configuration</h3> +<p>Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature. <br> <br> +How to configure the friendly URL Mapper in Liferay? <br> <br> +<strong>Configuration of URL routes in XML files</strong> <br></p> +<p><em>CREATE example-friendly-url-routes.xml</em> <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#099">&lt;?xml version=&#34;1.0&#34;?&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#099">&lt;!DOCTYPE routes PUBLIC &#34;-//Liferay//DTD Friendly URL Routes 6.2.2//EN&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#099">&#34;http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd&#34;&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;routes&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;route&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;pattern&gt;</span>/action/{actionName}<span style="color:#309;font-weight:bold">&lt;/pattern&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;generated-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;javax.portlet.action&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>{actionName}<span style="color:#309;font-weight:bold">&lt;/generated-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_auth&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_id&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_lifecycle&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>1<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_state&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>normal<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_mode&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/route&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/routes&gt;</span> +</span></span></code></pre></div><p>Explanation of the Liferay Friendly Mapper route parameters: <br> +<strong>routes:</strong> Routes element which contains all route entries <br> +<strong>route:</strong> Single route element entry <br> +<strong>pattern:</strong> Pattern of the mapped friendly URL (visible in address bar) <br> +<strong>generated-parameter:</strong> These parameters will be generated from parameters in the request URL <br> +<strong>ignored-parameter:</strong> These parameters will be igored and not included in generated URLs <br> +<strong>implicit-parameter:</strong> Used for static attributes which can be ignored by recognition <br> +<strong>overridden-parameter:</strong> Parameter that should be set to a certain value when a URL is recognized <br> +<br> +It is necessary to order the parameters as described above. <br> +These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay. <br> +<br> +<strong>Configuration of friendly URL Java class</strong> <br> +<br> +<em>MODIFY liferay-portlet.xml</em> +<br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapper-class&gt;</span>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapper-class&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapping&gt;</span>example<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapping&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-routes&gt;</span>com/.../example-friendly-url-routes.xml<span style="color:#309;font-weight:bold">&lt;/friendly-url-routes&gt;</span> +</span></span></code></pre></div><br> +In the next step we need one java implementation class to generate the Liferay friendly URLs. <br> +<p>Liferay provides the <em>DefaultFriendlyURLMapper</em> class to create the URLs based on our rules. <br></p> +<p>The Liferay Friendly URL Mapper configuration is placed after <code>&lt;icon/&gt;</code> and before <code>&lt;instanceable&gt;</code> +tag.</p> +<h3 id="friendly-url-mapper-outcome">Friendly URL Mapper outcome</h3> +<p><strong>Liferay will generate the following friendly URL</strong> <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples/-/example/action/new +</span></span></code></pre></div><br> +<ol> +<li>The liferay framework will add &ldquo;-&rdquo; (dash)</li> +<li>Friendly URL mapper name which is configured in <code>&lt;friendly-url-mapping&gt;</code> (liferay-portlet.xml) element</li> +<li>Pattern name with generated parameters which is same as in <code>&lt;pattern&gt;</code> (example-friendly-url-routes.xml) defined.</li> +</ol> +<h3 id="additional">Additional</h3> +<p>Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript. <br> +It is helpful to generate <code>&lt;portlet:renderURL&gt;</code> placeholder and replace them by using dummy values.</p>Docs: Moderation Requestshttps://www.eclipse.org/sw360/docs/development/dev-moderation-requests/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ +<p>The concept of moderation is good for two things:</p> +<ul> +<li>to cope with a large number of potential edits on documents.</li> +<li>to allow every user to propose edits.</li> +</ul> +<p>Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.</p> +<h2 id="application-flow">Application Flow</h2> +<p>A user changes a moderated document, which are component, release, project and todo&rsquo;s of licenses (and the white list):</p> +<ul> +<li> +<p>The user switches in edit mode and applies a change.</p> +</li> +<li> +<p>The user submits the change by clicking &ldquo;Update &hellip;&rdquo;</p> +</li> +<li> +<p>The application checks, if the permissions are sufficient</p> +</li> +<li> +<p>For sufficient permissions, see here: <a href="https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model">https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model</a></p> +</li> +<li> +<p>If the permissions do not allow the edit right away, a moderation request is created.</p> +</li> +<li> +<p>Moderators can see the moderation request in the moderation portlet</p> +</li> +<li> +<p>Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators</p> +</li> +</ul> +<h2 id="technical-description">Technical Description</h2> +<h3 id="checking-document-permissions">Checking Document Permissions</h3> +<p>If a moderation requests needs to be created, because the user does not have sufficient permissions:</p> +<ul> +<li>The request goes through the stack, for example: project portlet, project handler, project database handler.</li> +<li>Then the project database handler checks for permissions using <code>makePermission()</code> (<code>DocumentPermission</code> is the base class, then <code>ProjectPermissions</code> is the referring here for projects) and <code>isActionAllowed()</code>.</li> +<li>For moderation requests, we assume that this action is not allowed. Then, the <code>ProjectModerator</code> is called (see package <code>...sw360.datahandler.entitlement</code>).</li> +<li>This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.</li> +</ul> +<p>Every moderation request is created using the thrift-based API.</p> +<h3 id="writing-a-moderation-request-to-the-database">Writing a Moderation Request to the Database</h3> +<p>The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:</p> +<ul> +<li>The requests arrives in the <code>ModerationDatabaseHandler</code>.</li> +<li>This handler writes the request to the database.</li> +</ul> +<h3 id="creation-details-in-the-service">Creation Details in the Service</h3> +<p>The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.</p> +<p>Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the <code>ModerationDatabaseHandler</code> class. At the same location the check for deletion is performed.</p> +<h3 id="what-is-in-the-database">What is in the Database?</h3> +<p>The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.</p> +<p>The following screen shot shows an example for a moderation request for a project.</p> +<p><img src="https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png" alt="Example Moderation Request in Database"></p> +<h3 id="evaluating-the-moderation-request">Evaluating the Moderation Request</h3> +<p>On the moderation portlet all moderations will be shown, for which the user is a moderator. Only open moderation requests can be selected. Approved and declined moderation requests will only be shown. -On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the <code>merge.jsp</code> and all differences will be shown to the moderator. This is done via tags such as the <code>sw360:CompareProject</code>-tag. Opening the detailed view of the moderation request changes the state to <code>in progress</code> to show other moderators that the moderation request is in work.</p> -<p>The following actions are possible:</p> -<ul> -<li><code>Accept request</code>: the document within the moderation request will be accepted and written to the DB via e.g. the <code>ProjectService</code>. The state is set to <code>ACCEPTED</code>.</li> -<li><code>Remove Me from Moderators</code>: the state of the moderation requests is set to <code>PENDING</code> again and the logged in moderator will be removed from the moderation list.</li> -<li><code>Decline request</code>: the moderation requests will be set to <code>REJECTED</code> and still shown in the list</li> -<li><code>Postpone request</code>: the state will be <code>IN PROGRESS</code>.</li> -<li><code>Cancel</code>: the moderation state is set to <code>PENDING</code> and the moderation request will still be shown in the moderation request list</li> -</ul> - - - - - - Docs: Release and Versioning - https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ - - - - <p>We have the following main principles for versioning and releases. We consider <a href="http://semver.org/">semantic versioning</a>:</p> -<blockquote> -<p>Given a version number MAJOR.MINOR.PATCH, increment the:</p> -<ul> -<li>MAJOR version when you make incompatible API changes,</li> -<li>MINOR version when you add functionality in a backwards-compatible manner, and</li> -<li>PATCH version when you make backwards-compatible bug fixes.</li> -</ul> -<p>Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.</p> -</blockquote> -<p>with the following implementation in our project:</p> -<h3 id="major-version">Major Version</h3> -<ul> -<li>API breaking changes are considered for the upcoming REST API.</li> -<li>Breaking change is <em>also</em> if a migration script is required for the data base.</li> -<li>Thrift API is not considered a public API anymore.</li> -<li>Therefore milestones cannot correspond to our versions like <code>1.4</code>, <code>1.5</code>, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.</li> -</ul> -<h3 id="minor-version">Minor Version</h3> -<ul> -<li>Changes to the thrift API will cause minor version increment.</li> -<li>Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.</li> -<li>Minor versions requires also tagging in the repo.</li> -</ul> -<h3 id="patch-level">Patch Level</h3> -<ul> -<li>Every push (merged pull request) to master shall generate <em>at least</em> (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.</li> -<li>Could e also minor improvements like adding a button with some functionality</li> -<li>Patch level is not tagged.</li> -</ul> -<h2 id="naming-and-meaning-of-milestones">Naming and Meaning of Milestones</h2> -<ul> -<li>Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.</li> -<li>We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.</li> -<li>However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.</li> -</ul> -<h2 id="technical-implementation">Technical Implementation</h2> -<ul> -<li>Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.</li> -<li>Currently, the versioning is &ldquo;manual maven based&rdquo;, we look for a cleaner more automated approach.</li> -</ul> -<h1 id="technical-maven-universe-how-to-maketag-a-release">Technical: Maven Universe How to make/tag a release⁽¹⁾:</h1> -<p>The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.</p> -<p>Let us assume, that we want to tag the version <strong>1.2.0</strong> and that the current version in the pom&rsquo;s is <strong>1.2.0-SNAPSHOT</strong>.</p> -<h3 id="0-work-in-a-clean-environment">0. Work in a clean environment</h3> -<p>Especially should all poms be without uncommitted changes. The safe way is to start with:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /tmp/ -</span></span><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360portal -</span></span></code></pre></div><h3 id="1-write-the-version-of-the-release-into-the-poms">1. Write the version of the release into the poms</h3> -<pre> -$ mvn versions:set -DnewVersion=<b>1.2.0</b> +On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the <code>merge.jsp</code> and all differences will be shown to the moderator. This is done via tags such as the <code>sw360:CompareProject</code>-tag. Opening the detailed view of the moderation request changes the state to <code>in progress</code> to show other moderators that the moderation request is in work.</p> +<p>The following actions are possible:</p> +<ul> +<li><code>Accept request</code>: the document within the moderation request will be accepted and written to the DB via e.g. the <code>ProjectService</code>. The state is set to <code>ACCEPTED</code>.</li> +<li><code>Remove Me from Moderators</code>: the state of the moderation requests is set to <code>PENDING</code> again and the logged in moderator will be removed from the moderation list.</li> +<li><code>Decline request</code>: the moderation requests will be set to <code>REJECTED</code> and still shown in the list</li> +<li><code>Postpone request</code>: the state will be <code>IN PROGRESS</code>.</li> +<li><code>Cancel</code>: the moderation state is set to <code>PENDING</code> and the moderation request will still be shown in the moderation request list</li> +</ul>Docs: Release and Versioninghttps://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ +<p>We have the following main principles for versioning and releases. We consider <a href="http://semver.org/">semantic versioning</a>:</p> +<blockquote> +<p>Given a version number MAJOR.MINOR.PATCH, increment the:</p> +<ul> +<li>MAJOR version when you make incompatible API changes,</li> +<li>MINOR version when you add functionality in a backwards-compatible manner, and</li> +<li>PATCH version when you make backwards-compatible bug fixes.</li> +</ul> +<p>Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.</p> +</blockquote> +<p>with the following implementation in our project:</p> +<h3 id="major-version">Major Version</h3> +<ul> +<li>API breaking changes are considered for the upcoming REST API.</li> +<li>Breaking change is <em>also</em> if a migration script is required for the data base.</li> +<li>Thrift API is not considered a public API anymore.</li> +<li>Therefore milestones cannot correspond to our versions like <code>1.4</code>, <code>1.5</code>, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.</li> +</ul> +<h3 id="minor-version">Minor Version</h3> +<ul> +<li>Changes to the thrift API will cause minor version increment.</li> +<li>Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.</li> +<li>Minor versions requires also tagging in the repo.</li> +</ul> +<h3 id="patch-level">Patch Level</h3> +<ul> +<li>Every push (merged pull request) to master shall generate <em>at least</em> (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.</li> +<li>Could e also minor improvements like adding a button with some functionality</li> +<li>Patch level is not tagged.</li> +</ul> +<h2 id="naming-and-meaning-of-milestones">Naming and Meaning of Milestones</h2> +<ul> +<li>Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.</li> +<li>We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.</li> +<li>However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.</li> +</ul> +<h2 id="technical-implementation">Technical Implementation</h2> +<ul> +<li>Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.</li> +<li>Currently, the versioning is &ldquo;manual maven based&rdquo;, we look for a cleaner more automated approach.</li> +</ul> +<h1 id="technical-maven-universe-how-to-maketag-a-release">Technical: Maven Universe How to make/tag a release⁽¹⁾:</h1> +<p>The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.</p> +<p>Let us assume, that we want to tag the version <strong>1.2.0</strong> and that the current version in the pom&rsquo;s is <strong>1.2.0-SNAPSHOT</strong>.</p> +<h3 id="0-work-in-a-clean-environment">0. Work in a clean environment</h3> +<p>Especially should all poms be without uncommitted changes. The safe way is to start with:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /tmp/ +</span></span><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360portal +</span></span></code></pre></div><h3 id="1-write-the-version-of-the-release-into-the-poms">1. Write the version of the release into the poms</h3> +<pre> +$ mvn versions:set -DnewVersion=<b>1.2.0</b> $ git add pom.xml \*\*/pom.xml -$ git commit -m "set version to <b>1.2.0</b>" -</pre> -<p>This will actually edit all pom.xml files and change the versions to <strong>1.2.0</strong>, i.e. remove the SNAPSHOT.</p> -<h3 id="2-test-the-project">2. Test the project</h3> -<pre> +$ git commit -m "set version to <b>1.2.0</b>" +</pre> +<p>This will actually edit all pom.xml files and change the versions to <strong>1.2.0</strong>, i.e. remove the SNAPSHOT.</p> +<h3 id="2-test-the-project">2. Test the project</h3> +<pre> $ mvn install -</pre> -<p>or even better: use vagrant.</p> -<h3 id="3-create-and-push-the-tag">3. Create and push the tag</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn scm:tag -</span></span></code></pre></div><p>This creates the tag and <strong>pushes it to github</strong>.</p> -<h3 id="4-write-the-new-incremented-snapshot-version-into-the-poms">4. Write the new incremented SNAPSHOT-version into the poms</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn versions:set -DnewVersion<span style="color:#555">=</span>&lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt; -</span></span><span style="display:flex;"><span>$ git add pom.xml <span style="color:#c30;font-weight:bold">\*\*</span>/pom.xml -</span></span><span style="display:flex;"><span>$ git commit -m <span style="color:#c30">&#34;set version to &lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt;&#34;</span> -</span></span><span style="display:flex;"><span>$ git push origin master -</span></span></code></pre></div><p>&ndash; -⁽¹⁾ based on: <a href="https://axelfontaine.com/blog/final-nail.html">https://axelfontaine.com/blog/final-nail.html</a></p> - - - - - - Docs: Roles and Authorization - https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ - - - - <p>Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.</p> -<p>For setting roles of a user, the Liferay control panel is being used (Admin menu -&gt; Control Panel -&gt; Users and Organisations -&gt; Users -&gt; select one user and Edit -&gt; Roles). Setting access at individual records happens in the edit view of that record.</p> -<h2 id="roles-overview">Roles Overview</h2> -<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> -<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> -<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> -<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> -<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. This role can change data from other groups, limited by visibility setting of a project.</p> -<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> -<p>The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.</p> -<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> -<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> -<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> -<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> -<h4 id="user">User</h4> -<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> -<h3 id="moderation-requests">Moderation Requests</h3> -<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> -<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> -<ol> -<li><strong>creator</strong> - a creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item</li> -<li><strong>moderator</strong> - a creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> -<li><strong>contributor</strong> (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). -In contrast, the contributor cannot delete data items.</li> -<li><strong>project responsible</strong> (Project) - is a contributor, just named differently to identify the responsible person.</li> -<li><strong>lead architect</strong> (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> -<li><strong>contact</strong> (Release) - deprecated, should be renamed to contributor see #100.</li> -</ol> -<p><code>group (department)</code>, <code>contributor</code>, <code>moderator</code> and <code>owner</code> roles are entity specific, <code>user</code>, <code>clearing admin</code> and <code>admin</code> are roles assigned to a user.</p> -<h3 id="additional-project-visibility">Additional Project Visibility</h3> -<p>In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:</p> -<ol> -<li>Private - no one but the creator can read.</li> -<li>Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)</li> -<li>Department / business unit (should be renamed) - refer to the group the users are in.</li> -<li>Public - all registered users of the liferay / sw360 application (login required).</li> -</ol> -<p>The access rules are implemented in<code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> this is implemented in <code>ProjectPermissions</code>. See methods <code>isVisible</code> and <code>userIsEquivalentToModeratorinProject()</code> for the actual rules.</p> -<h3 id="overall-access-matrix">Overall Access Matrix</h3> -<p>The following table presents the SW360 Role-Authorisation-Model.</p> -<p>The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.</p> -<table> -<thead> -<tr> -<th></th> -<th>creator</th> -<th>moderator</th> -<th>contributor</th> -<th>user</th> -<th>clearing admin</th> -<th>(sw360)admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>create</td> -<td>-</td> -<td>-</td> -<td>-</td> -<td>PCRV</td> -<td>PCRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>read</td> -<td>P</td> -<td>P</td> -<td>P</td> -<td>(P²)CRVL</td> -<td>(P²)CRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>edit</td> -<td>PCR</td> -<td>PCR</td> -<td>PCR</td> -<td>(all created ones)</td> -<td>PCRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>delete</td> -<td>PCR</td> -<td>PCR</td> -<td>-</td> -<td>(all created ones)</td> -<td>L</td> -<td>PCRVL</td> -</tr> -</tbody> -</table> -<p>P² : only if the user is member of the group of the project (or has created the project)</p> -<p>Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.</p> -<h4 id="legend">Legend</h4> -<table> -<thead> -<tr> -<th>acronym</th> -<th>description</th> -</tr> -</thead> -<tbody> -<tr> -<td>P</td> -<td>project</td> -</tr> -<tr> -<td>C</td> -<td>component</td> -</tr> -<tr> -<td>R</td> -<td>release</td> -</tr> -<tr> -<td>V</td> -<td>vendor</td> -</tr> -<tr> -<td>L</td> -<td>license</td> -</tr> -</tbody> -</table> -<h2 id="technical-info">Technical Info</h2> -<p>The role access rules are put into <code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> there are implementing classes of a template class <code>DocumentPermissions</code>. As an example, <code>ProjectPermissions</code> extends abstract class <code>DocumentPermissions</code>.</p> -<p>At run time, a permissions object consisting of a document and a user is created: In <code>PermissionUtils</code> (same package) there is a static method <code>makePermissions&lt;T&gt;()</code> that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.</p> -<p>Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of <code>PermissionUtils</code> for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the <code>lib-datahandler</code> library.</p> -<h2 id="further-plans">Further plans</h2> -<ol> -<li> -<p>Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: <a href="https://github.com/siemens/sw360portal/issues/106">Issue #106</a></p> -</li> -<li> -<p><a href="https://github.com/siemens/sw360portal/issues/101">Issue #101</a> for</p> -</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>download OSS sources</td> -<td>-</td> -<td>-</td> -<td>-</td> -<td>R</td> -<td>R</td> -<td>R</td> -</tr> -<tr> -<td>download internal sources</td> -<td>R</td> -<td>R</td> -<td>R</td> -<td>-</td> -<td>-</td> -<td>R</td> -</tr> -</tbody> -</table> -<ol start="3"> -<li><a href="https://github.com/siemens/sw360portal/issues/102">Issue #102</a> for</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>send to clearing</td> -<td>-</td> -<td>P</td> -<td>P</td> -<td>-</td> -<td>-</td> -<td>PCRL</td> -</tr> -</tbody> -</table> -<ol start="4"> -<li><a href="https://github.com/siemens/sw360portal/issues/103">Issue #103</a> for</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>edit clearing report</td> -<td>-</td> -<td>R</td> -<td>R</td> -<td>-</td> -<td>R?</td> -<td>PCRL</td> -</tr> -</tbody> -</table> - - - - - - Docs: Semantic Commits - https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ - - - - <h2 id="the-reason-and-benefit-of-semantic-commit-messages">The reason and benefit of semantic commit messages</h2> -<ul> -<li>automatic generating of the changelog</li> -<li>simple navigation through git history (e.g. ignoring style changes)</li> -</ul> -<h2 id="semantic-commit-message-structure">Semantic commit message structure</h2> -<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> -<h2 id="the-following-types-are-supported">The following <types> are supported</h2> -<ul> -<li>feat (new feature for the user, not a new feature for build script)</li> -<li>fix (bug fix for the user, not a fix to a build script)</li> -<li>docs (changes to the documentation)</li> -<li>style (formatting, missing semi colons, etc; no production code change)</li> -<li>refactor (refactoring production code, eg. renaming a variable)</li> -<li>test (adding missing tests, refactoring tests; no production code change)</li> -<li>chore (updating grunt tasks etc; no production code change)</li> -</ul> -<p>Example <scope> values:</p> -<ul> -<li>ui (user interface)</li> -<li>rest (REST API)</li> -<li>thrift (apache thrift services)</li> -<li>project (project portlet)</li> -<li>component (component portlet)</li> -<li>user (user portlet)</li> -<li>etc.</li> -</ul> -<h2 id="example-of-semantic-commit-message">Example of semantic commit message</h2> -<p><code>fix(rest): change maven plugin order to generate the documentation correctly</code></p> -<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> -<h2 id="referencing-issues">Referencing issues</h2> -<p>Please reference in the pull request to the open issue</p> -<p><code>closes eclipse/sw360#&lt;issue-number&gt;</code></p> -<p><code>closes eclipse/sw360#758</code></p> - - - - - - Docs: Testing Frameworks - https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ - - - - <p>The implementation of complicated rules is not always easy to read. +</pre> +<p>or even better: use vagrant.</p> +<h3 id="3-create-and-push-the-tag">3. Create and push the tag</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn scm:tag +</span></span></code></pre></div><p>This creates the tag and <strong>pushes it to github</strong>.</p> +<h3 id="4-write-the-new-incremented-snapshot-version-into-the-poms">4. Write the new incremented SNAPSHOT-version into the poms</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn versions:set -DnewVersion<span style="color:#555">=</span>&lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt; +</span></span><span style="display:flex;"><span>$ git add pom.xml <span style="color:#c30;font-weight:bold">\*\*</span>/pom.xml +</span></span><span style="display:flex;"><span>$ git commit -m <span style="color:#c30">&#34;set version to &lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt;&#34;</span> +</span></span><span style="display:flex;"><span>$ git push origin master +</span></span></code></pre></div><p>&ndash; +⁽¹⁾ based on: <a href="https://axelfontaine.com/blog/final-nail.html">https://axelfontaine.com/blog/final-nail.html</a></p>Docs: Roles and Authorizationhttps://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ +<p>Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.</p> +<p>For setting roles of a user, the Liferay control panel is being used (Admin menu -&gt; Control Panel -&gt; Users and Organisations -&gt; Users -&gt; select one user and Edit -&gt; Roles). Setting access at individual records happens in the edit view of that record.</p> +<h2 id="roles-overview">Roles Overview</h2> +<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> +<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> +<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> +<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> +<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. This role can change data from other groups, limited by visibility setting of a project.</p> +<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> +<p>The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.</p> +<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> +<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> +<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> +<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> +<h4 id="user">User</h4> +<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> +<h3 id="moderation-requests">Moderation Requests</h3> +<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> +<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> +<ol> +<li><strong>creator</strong> - a creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item</li> +<li><strong>moderator</strong> - a creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> +<li><strong>contributor</strong> (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). +In contrast, the contributor cannot delete data items.</li> +<li><strong>project responsible</strong> (Project) - is a contributor, just named differently to identify the responsible person.</li> +<li><strong>lead architect</strong> (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> +<li><strong>contact</strong> (Release) - deprecated, should be renamed to contributor see #100.</li> +</ol> +<p><code>group (department)</code>, <code>contributor</code>, <code>moderator</code> and <code>owner</code> roles are entity specific, <code>user</code>, <code>clearing admin</code> and <code>admin</code> are roles assigned to a user.</p> +<h3 id="additional-project-visibility">Additional Project Visibility</h3> +<p>In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:</p> +<ol> +<li>Private - no one but the creator can read.</li> +<li>Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)</li> +<li>Department / business unit (should be renamed) - refer to the group the users are in.</li> +<li>Public - all registered users of the liferay / sw360 application (login required).</li> +</ol> +<p>The access rules are implemented in<code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> this is implemented in <code>ProjectPermissions</code>. See methods <code>isVisible</code> and <code>userIsEquivalentToModeratorinProject()</code> for the actual rules.</p> +<h3 id="overall-access-matrix">Overall Access Matrix</h3> +<p>The following table presents the SW360 Role-Authorisation-Model.</p> +<p>The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.</p> +<table> +<thead> +<tr> +<th></th> +<th>creator</th> +<th>moderator</th> +<th>contributor</th> +<th>user</th> +<th>clearing admin</th> +<th>(sw360)admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>create</td> +<td>-</td> +<td>-</td> +<td>-</td> +<td>PCRV</td> +<td>PCRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>read</td> +<td>P</td> +<td>P</td> +<td>P</td> +<td>(P²)CRVL</td> +<td>(P²)CRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>edit</td> +<td>PCR</td> +<td>PCR</td> +<td>PCR</td> +<td>(all created ones)</td> +<td>PCRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>delete</td> +<td>PCR</td> +<td>PCR</td> +<td>-</td> +<td>(all created ones)</td> +<td>L</td> +<td>PCRVL</td> +</tr> +</tbody> +</table> +<p>P² : only if the user is member of the group of the project (or has created the project)</p> +<p>Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.</p> +<h4 id="legend">Legend</h4> +<table> +<thead> +<tr> +<th>acronym</th> +<th>description</th> +</tr> +</thead> +<tbody> +<tr> +<td>P</td> +<td>project</td> +</tr> +<tr> +<td>C</td> +<td>component</td> +</tr> +<tr> +<td>R</td> +<td>release</td> +</tr> +<tr> +<td>V</td> +<td>vendor</td> +</tr> +<tr> +<td>L</td> +<td>license</td> +</tr> +</tbody> +</table> +<h2 id="technical-info">Technical Info</h2> +<p>The role access rules are put into <code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> there are implementing classes of a template class <code>DocumentPermissions</code>. As an example, <code>ProjectPermissions</code> extends abstract class <code>DocumentPermissions</code>.</p> +<p>At run time, a permissions object consisting of a document and a user is created: In <code>PermissionUtils</code> (same package) there is a static method <code>makePermissions&lt;T&gt;()</code> that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.</p> +<p>Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of <code>PermissionUtils</code> for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the <code>lib-datahandler</code> library.</p> +<h2 id="further-plans">Further plans</h2> +<ol> +<li> +<p>Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: <a href="https://github.com/siemens/sw360portal/issues/106">Issue #106</a></p> +</li> +<li> +<p><a href="https://github.com/siemens/sw360portal/issues/101">Issue #101</a> for</p> +</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>download OSS sources</td> +<td>-</td> +<td>-</td> +<td>-</td> +<td>R</td> +<td>R</td> +<td>R</td> +</tr> +<tr> +<td>download internal sources</td> +<td>R</td> +<td>R</td> +<td>R</td> +<td>-</td> +<td>-</td> +<td>R</td> +</tr> +</tbody> +</table> +<ol start="3"> +<li><a href="https://github.com/siemens/sw360portal/issues/102">Issue #102</a> for</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>send to clearing</td> +<td>-</td> +<td>P</td> +<td>P</td> +<td>-</td> +<td>-</td> +<td>PCRL</td> +</tr> +</tbody> +</table> +<ol start="4"> +<li><a href="https://github.com/siemens/sw360portal/issues/103">Issue #103</a> for</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>edit clearing report</td> +<td>-</td> +<td>R</td> +<td>R</td> +<td>-</td> +<td>R?</td> +<td>PCRL</td> +</tr> +</tbody> +</table>Docs: Semantic Commitshttps://www.eclipse.org/sw360/docs/development/dev-semantic-commits/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ +<h2 id="the-reason-and-benefit-of-semantic-commit-messages">The reason and benefit of semantic commit messages</h2> +<ul> +<li>automatic generating of the changelog</li> +<li>simple navigation through git history (e.g. ignoring style changes)</li> +</ul> +<h2 id="semantic-commit-message-structure">Semantic commit message structure</h2> +<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> +<h2 id="the-following-types-are-supported">The following <types> are supported</h2> +<ul> +<li>feat (new feature for the user, not a new feature for build script)</li> +<li>fix (bug fix for the user, not a fix to a build script)</li> +<li>docs (changes to the documentation)</li> +<li>style (formatting, missing semi colons, etc; no production code change)</li> +<li>refactor (refactoring production code, eg. renaming a variable)</li> +<li>test (adding missing tests, refactoring tests; no production code change)</li> +<li>chore (updating grunt tasks etc; no production code change)</li> +</ul> +<p>Example <scope> values:</p> +<ul> +<li>ui (user interface)</li> +<li>rest (REST API)</li> +<li>thrift (apache thrift services)</li> +<li>project (project portlet)</li> +<li>component (component portlet)</li> +<li>user (user portlet)</li> +<li>etc.</li> +</ul> +<h2 id="example-of-semantic-commit-message">Example of semantic commit message</h2> +<p><code>fix(rest): change maven plugin order to generate the documentation correctly</code></p> +<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> +<h2 id="referencing-issues">Referencing issues</h2> +<p>Please reference in the pull request to the open issue</p> +<p><code>closes eclipse/sw360#&lt;issue-number&gt;</code></p> +<p><code>closes eclipse/sw360#758</code></p>Docs: Testing Frameworkshttps://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ +<p>The implementation of complicated rules is not always easy to read. A good way to document and explain the behaviour of rule engines are natural language tests. -A frame work we use for that is <a href="http://jgiven.org/">jgiven</a>. -We write the tests using the [dataprovider] (<a href="https://github.com/TNG/junit-dataprovider">https://github.com/TNG/junit-dataprovider</a>) runner. -This is basically a runner that allows to use parametrized tests.</p> -<p>The basic testing frame work is still <a href="http://junit.org/">JUnit4</a>, assertions are made using <a href="https://code.google.com/p/hamcrest/wiki/Tutorial">hamcrest</a> and we mock complicated input classes with <a href="http://mockito.org/">mockito</a>.</p> - - - - - - Docs: Troubleshooting - https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ - - - - <h3 id="development-problems-building-sw360portal-with-maven">Development: problems building sw360portal with maven?</h3> -<p>Before building the sw360portal with maven, ensure that the following components are installed in the development environment:</p> -<ul> -<li>A git client</li> -<li>Apache Maven 3.0.X</li> -<li>Apache Thrift 0.9.3</li> -<li>Java 1.8.X</li> -<li>CouchDB, at least 1.5 (only if the tests will be executed locally)</li> -</ul> -<h3 id="development-problems-using-eclipse">Development: problems using Eclipse?</h3> -<p>Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. -Recommended is IntelliJ IDEA or NetBeans.</p> -<h3 id="liferay-problems-with-displaying-changes-to-page">Liferay: problems with displaying changes to page?</h3> -<p>When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>js_fast_load=0&amp;css_fast_load=0&amp;strip=0 -</span></span></code></pre></div><h3 id="liferay-where-are-the-initial-admin-user-settings">Liferay: where are the initial admin user settings?</h3> -<p>It is the file <code>portal-ext.properties</code> in sw360/opt.</p> -<h3 id="maven-build-generally-fails">Maven: build generally fails</h3> -<p>You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either &ldquo;mvn install&rdquo; on top level or inside build configuration.</p> -<h4 id="backend-problems-with-company-proxy">Backend: problems with company proxy?</h4> -<p>maybe try instead:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>/opt/apache-tomcat-/bin/startup.sh -</span></span></code></pre></div><p>just this:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;-Dhttps.proxy...&#34; /opt/apache-tomcat-/bin/startup.sh -</span></span></code></pre></div><p>for lucene it might be necessary to add:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>[httpd_global_handlers] -</span></span><span style="display:flex;"><span>_fti = {couch_httpd_proxy, handle_proxy_req, &lt;&lt;&#34;http://127.0.0.1:8085/couchdblucene&#34;&gt;&gt;} -</span></span></code></pre></div><p>in lucene.ini of local.d of your CouchDB installation</p> -<h4 id="backend-are-thrift-services-up">Backend: are thrift services up?</h4> -<ol> -<li>Check tomcat manager (if the services are there)</li> -<li>Check if the service is accessible: -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components -</span></span></code></pre></div>Should return &ldquo;Welcome to &hellip;&rdquo;.</li> -<li>Check if the service thrift page is there: -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components/thrift -</span></span></code></pre></div>Should return HTTP status code 500, because in the browser, no valid thrift message was formed.</li> -</ol> -<h4 id="backend-orgektorpdbaccessexception">Backend: org.ektorp.DbAccessException</h4> -<p>What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field &ldquo;_id&rdquo;</p> -<p>You add the class you have been trying to serialize to +A frame work we use for that is <a href="http://jgiven.org/">jgiven</a>. +We write the tests using the [dataprovider] (<a href="https://github.com/TNG/junit-dataprovider">https://github.com/TNG/junit-dataprovider</a>) runner. +This is basically a runner that allows to use parametrized tests.</p> +<p>The basic testing frame work is still <a href="http://junit.org/">JUnit4</a>, assertions are made using <a href="https://code.google.com/p/hamcrest/wiki/Tutorial">hamcrest</a> and we mock complicated input classes with <a href="http://mockito.org/">mockito</a>.</p>Docs: Troubleshootinghttps://www.eclipse.org/sw360/docs/development/dev-troubleshooting/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ +<h3 id="development-problems-building-sw360portal-with-maven">Development: problems building sw360portal with maven?</h3> +<p>Before building the sw360portal with maven, ensure that the following components are installed in the development environment:</p> +<ul> +<li>A git client</li> +<li>Apache Maven 3.0.X</li> +<li>Apache Thrift 0.9.3</li> +<li>Java 1.8.X</li> +<li>CouchDB, at least 1.5 (only if the tests will be executed locally)</li> +</ul> +<h3 id="development-problems-using-eclipse">Development: problems using Eclipse?</h3> +<p>Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. +Recommended is IntelliJ IDEA or NetBeans.</p> +<h3 id="liferay-problems-with-displaying-changes-to-page">Liferay: problems with displaying changes to page?</h3> +<p>When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>js_fast_load=0&amp;css_fast_load=0&amp;strip=0 +</span></span></code></pre></div><h3 id="liferay-where-are-the-initial-admin-user-settings">Liferay: where are the initial admin user settings?</h3> +<p>It is the file <code>portal-ext.properties</code> in sw360/opt.</p> +<h3 id="maven-build-generally-fails">Maven: build generally fails</h3> +<p>You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either &ldquo;mvn install&rdquo; on top level or inside build configuration.</p> +<h4 id="backend-problems-with-company-proxy">Backend: problems with company proxy?</h4> +<p>maybe try instead:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>/opt/apache-tomcat-/bin/startup.sh +</span></span></code></pre></div><p>just this:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;-Dhttps.proxy...&#34; /opt/apache-tomcat-/bin/startup.sh +</span></span></code></pre></div><p>for lucene it might be necessary to add:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>[httpd_global_handlers] +</span></span><span style="display:flex;"><span>_fti = {couch_httpd_proxy, handle_proxy_req, &lt;&lt;&#34;http://127.0.0.1:8085/couchdblucene&#34;&gt;&gt;} +</span></span></code></pre></div><p>in lucene.ini of local.d of your CouchDB installation</p> +<h4 id="backend-are-thrift-services-up">Backend: are thrift services up?</h4> +<ol> +<li>Check tomcat manager (if the services are there)</li> +<li>Check if the service is accessible: +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components +</span></span></code></pre></div>Should return &ldquo;Welcome to &hellip;&rdquo;.</li> +<li>Check if the service thrift page is there: +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components/thrift +</span></span></code></pre></div>Should return HTTP status code 500, because in the browser, no valid thrift message was formed.</li> +</ol> +<h4 id="backend-orgektorpdbaccessexception">Backend: org.ektorp.DbAccessException</h4> +<p>What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field &ldquo;_id&rdquo;</p> +<p>You add the class you have been trying to serialize to THRIFT_CLASSES in -sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java</p> -<h4 id="backend-maven-failed-tomcat7-deploy">Backend: maven failed tomcat7 deploy</h4> -<p>If the deployment via maven of the backend does fail with an error like this</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2302/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2102/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2064/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2064/17930 KB -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Reactor Summary: -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend ........................................... SUCCESS <span style="color:#555">[</span>2.579s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-src ....................................... SUCCESS <span style="color:#555">[</span>0.058s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-licenses ...................................... SUCCESS <span style="color:#555">[</span>10.544s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-users ......................................... SUCCESS <span style="color:#555">[</span>1.485s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-vendors ....................................... SUCCESS <span style="color:#555">[</span>6.929s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-search ........................................ SUCCESS <span style="color:#555">[</span>5.837s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-components .................................... SUCCESS <span style="color:#555">[</span>19.439s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-projects ...................................... SUCCESS <span style="color:#555">[</span>14.280s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-attachments ................................... SUCCESS <span style="color:#555">[</span>6.188s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-moderation .................................... SUCCESS <span style="color:#555">[</span>1.169s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-fossology ..................................... SUCCESS <span style="color:#555">[</span>6.259s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-svc ....................................... SUCCESS <span style="color:#555">[</span>0.038s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-licenses ...................................... FAILURE <span style="color:#555">[</span>3.630s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-users ......................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-vendors ....................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-search ........................................ SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-components .................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-projects ...................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-attachments ................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-moderation .................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-fossology ..................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-utils ..................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> BUILD FAILURE -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Total time: 1:19.836s -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Finished at: Mon May <span style="color:#f60">04</span> 15:57:46 CEST <span style="color:#f60">2015</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Final Memory: 24M/311M -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy <span style="color:#555">(</span>default-cli<span style="color:#555">)</span> on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -&gt; <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> To see the full stack trace of the errors, re-run Maven with the -e switch. -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Re-run Maven using the -X switch to <span style="color:#366">enable</span> full debug logging. -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> For more information about the errors and possible solutions, please <span style="color:#366">read</span> the following articles: -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> After correcting the problems, you can resume the build with the <span style="color:#366">command</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> mvn &lt;goals&gt; -rf :svc-licenses -</span></span><span style="display:flex;"><span>voyager:backend sam$ -</span></span></code></pre></div><p>One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a <code>mvn tomcat7:redeploy</code> command.</p> -<h4 id="deployment-liferay-not-accessible">Deployment: liferay not accessible</h4> -<p>If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>/opt/apache-tomcat-.../bin/.startup.sh -</span></span><span style="display:flex;"><span>/opt/liferay-.../tomcat-.../bin/.startup.sh -</span></span></code></pre></div> - - - - - Docs: Using RequireJS fro Javascript Modules - https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ - - - - <p>Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.</p> -<h1 id="goal">Goal</h1> -<p>We want to use RequireJS (<a href="http://requirejs.org/">http://requirejs.org/</a>) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:</p> -<ul> -<li>libraries like jquery or datatables can be imported by name but without a specified version</li> -<li>if necessary, specific versions can be imported for parts of the page</li> -<li>it is very easy to only load needed dependencies</li> -<li>good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.</li> -</ul> -<h1 id="how-to-use---example">How to use - example</h1> -<p>There is a new jspf-file to be included in jsps to enable RequireJS support:</p> -<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; -</code></pre> -<p>When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:</p> -<pre><code>require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { - // code goes here, libraries can be used through the variables $, quickfilter and confirm - // Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object +sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java</p> +<h4 id="backend-maven-failed-tomcat7-deploy">Backend: maven failed tomcat7 deploy</h4> +<p>If the deployment via maven of the backend does fail with an error like this</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2302/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2102/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2064/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2064/17930 KB +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Reactor Summary: +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend ........................................... SUCCESS <span style="color:#555">[</span>2.579s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-src ....................................... SUCCESS <span style="color:#555">[</span>0.058s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-licenses ...................................... SUCCESS <span style="color:#555">[</span>10.544s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-users ......................................... SUCCESS <span style="color:#555">[</span>1.485s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-vendors ....................................... SUCCESS <span style="color:#555">[</span>6.929s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-search ........................................ SUCCESS <span style="color:#555">[</span>5.837s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-components .................................... SUCCESS <span style="color:#555">[</span>19.439s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-projects ...................................... SUCCESS <span style="color:#555">[</span>14.280s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-attachments ................................... SUCCESS <span style="color:#555">[</span>6.188s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-moderation .................................... SUCCESS <span style="color:#555">[</span>1.169s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-fossology ..................................... SUCCESS <span style="color:#555">[</span>6.259s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-svc ....................................... SUCCESS <span style="color:#555">[</span>0.038s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-licenses ...................................... FAILURE <span style="color:#555">[</span>3.630s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-users ......................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-vendors ....................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-search ........................................ SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-components .................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-projects ...................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-attachments ................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-moderation .................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-fossology ..................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-utils ..................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> BUILD FAILURE +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Total time: 1:19.836s +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Finished at: Mon May <span style="color:#f60">04</span> 15:57:46 CEST <span style="color:#f60">2015</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Final Memory: 24M/311M +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy <span style="color:#555">(</span>default-cli<span style="color:#555">)</span> on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -&gt; <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> To see the full stack trace of the errors, re-run Maven with the -e switch. +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Re-run Maven using the -X switch to <span style="color:#366">enable</span> full debug logging. +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> For more information about the errors and possible solutions, please <span style="color:#366">read</span> the following articles: +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> After correcting the problems, you can resume the build with the <span style="color:#366">command</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> mvn &lt;goals&gt; -rf :svc-licenses +</span></span><span style="display:flex;"><span>voyager:backend sam$ +</span></span></code></pre></div><p>One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a <code>mvn tomcat7:redeploy</code> command.</p> +<h4 id="deployment-liferay-not-accessible">Deployment: liferay not accessible</h4> +<p>If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>/opt/apache-tomcat-.../bin/.startup.sh +</span></span><span style="display:flex;"><span>/opt/liferay-.../tomcat-.../bin/.startup.sh +</span></span></code></pre></div>Docs: Using RequireJS fro Javascript Moduleshttps://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ +<p>Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.</p> +<h1 id="goal">Goal</h1> +<p>We want to use RequireJS (<a href="http://requirejs.org/">http://requirejs.org/</a>) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:</p> +<ul> +<li>libraries like jquery or datatables can be imported by name but without a specified version</li> +<li>if necessary, specific versions can be imported for parts of the page</li> +<li>it is very easy to only load needed dependencies</li> +<li>good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.</li> +</ul> +<h1 id="how-to-use---example">How to use - example</h1> +<p>There is a new jspf-file to be included in jsps to enable RequireJS support:</p> +<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; +</code></pre> +<p>When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:</p> +<pre><code>require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { +// code goes here, libraries can be used through the variables $, quickfilter and confirm +// Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object }); -</code></pre> -<p><strong>NOTE/WARNING</strong>: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:</p> -<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; +</code></pre> +<p><strong>NOTE/WARNING</strong>: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:</p> +<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; &lt;script&gt; - require(['jquery'], function($) { - // js stuff - }); +require(['jquery'], function($) { +// js stuff +}); &lt;/script&gt; -</code></pre> -<p><strong>Explanation</strong>: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.</p> -<h1 id="migration">Migration</h1> -<h2 id="migrate-a-jsp">Migrate a JSP</h2> -<p>To migrate a JSP to use RequireJS the following steps have to be done:</p> -<ol> -<li>Enable RequireJS support by including <code>requirejs.jspf</code>. Do it JUST before the script tag with the main code (see NOTE above).</li> -<li>Enclose the existing code in a <code>require</code>-function (<strong>Attention:</strong> Also read &ldquo;Co-existence with AUI().use()&rdquo; below)</li> -<li>Remove existing <code>script</code>-tags that loads the javascript files &ldquo;manually&rdquo;</li> -<li>Rewrite code that access functions inside the new <code>require</code>-function from outside (e.g. click handlers, see below)</li> -</ol> -<h2 id="co-existence-with-auiuse">Co-existence with AUI().use()</h2> -<p>If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call <code>require</code> inside. Otherwise the code may not be executed correclty if the &lsquo;Drag&amp;Drop&rsquo; error occurs to early during page loading:</p> -<pre><code>AUI().use('liferay-portlet-url', function () { - require(['jquery', 'module/quickfilter') { - // AUI and require modules loaded and available - }); +</code></pre> +<p><strong>Explanation</strong>: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.</p> +<h1 id="migration">Migration</h1> +<h2 id="migrate-a-jsp">Migrate a JSP</h2> +<p>To migrate a JSP to use RequireJS the following steps have to be done:</p> +<ol> +<li>Enable RequireJS support by including <code>requirejs.jspf</code>. Do it JUST before the script tag with the main code (see NOTE above).</li> +<li>Enclose the existing code in a <code>require</code>-function (<strong>Attention:</strong> Also read &ldquo;Co-existence with AUI().use()&rdquo; below)</li> +<li>Remove existing <code>script</code>-tags that loads the javascript files &ldquo;manually&rdquo;</li> +<li>Rewrite code that access functions inside the new <code>require</code>-function from outside (e.g. click handlers, see below)</li> +</ol> +<h2 id="co-existence-with-auiuse">Co-existence with AUI().use()</h2> +<p>If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call <code>require</code> inside. Otherwise the code may not be executed correclty if the &lsquo;Drag&amp;Drop&rsquo; error occurs to early during page loading:</p> +<pre><code>AUI().use('liferay-portlet-url', function () { +require(['jquery', 'module/quickfilter') { +// AUI and require modules loaded and available +}); +}); +</code></pre> +<h2 id="migrate-click-handlers">Migrate click-handlers</h2> +<p>Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:</p> +<pre><code>$('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) +</code></pre> +<p>This click handler is added inside the RequireJS-scope where the function <code>exportSpreadsheet</code> is defined. +You may also attach handler for distinct elements in each row of a table:</p> +<pre><code>$('#componentsTable').on('click.components', 'img.delete', function(event) { +// do stuff +}); +</code></pre> +<h2 id="make-a-module-out-of-a-jspf-include">Make a module out of a jspf-include</h2> +<p>There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:</p> +<ol> +<li> +<p>Move the javascript code to an own file. Place it below the &lsquo;html/js&rsquo;-folder, following the same structure as the jspf-file. If the jspf-file is <code>html/components/includes/vendors/addVendor.jspf</code> place the javascript code in the file <code>js/components/includes/vendors/addVendor.js</code>.</p> +</li> +<li> +<p>Enclose the code in a define statement to define a new module:</p> +<pre><code> define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { +// define module code +}); +</code></pre> +</li> +</ol> +<p>In order to use the new module include the jspf-file and load the js-code via RequireJS:</p> +<pre><code>&lt;%@ include &quot;html/components/includes/vendors/addVendor.jspf&quot; %&gt; +require(['components/includes/vendors/addVendor'], function(addVendor) { +// use addVendor }); -</code></pre> -<h2 id="migrate-click-handlers">Migrate click-handlers</h2> -<p>Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:</p> -<pre><code>$('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) -</code></pre> -<p>This click handler is added inside the RequireJS-scope where the function <code>exportSpreadsheet</code> is defined. -You may also attach handler for distinct elements in each row of a table:</p> -<pre><code>$('#componentsTable').on('click.components', 'img.delete', function(event) { - // do stuff +</code></pre> +<h2 id="make-a-module-out-of-a-javascript-file-or-function">Make a module out of a javascript file or function</h2> +<p>There are several javascript files and functions below `/html/js&rsquo;. They can be make compatible to RequireJS as follows:</p> +<ol> +<li> +<p>Create a new file inside <code>/html/js/component</code> with a proper name that describes the functionality for the new component</p> +</li> +<li> +<p>Define the module and point to the legacy function, e.g.</p> +<pre><code> define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { +return { +confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ +}; }); -</code></pre> -<h2 id="make-a-module-out-of-a-jspf-include">Make a module out of a jspf-include</h2> -<p>There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:</p> -<ol> -<li> -<p>Move the javascript code to an own file. Place it below the &lsquo;html/js&rsquo;-folder, following the same structure as the jspf-file. If the jspf-file is <code>html/components/includes/vendors/addVendor.jspf</code> place the javascript code in the file <code>js/components/includes/vendors/addVendor.js</code>.</p> -</li> -<li> -<p>Enclose the code in a define statement to define a new module:</p> -<pre><code> define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { - // define module code - }); -</code></pre> -</li> -</ol> -<p>In order to use the new module include the jspf-file and load the js-code via RequireJS:</p> -<pre><code>&lt;%@ include &quot;html/components/includes/vendors/addVendor.jspf&quot; %&gt; - -require(['components/includes/vendors/addVendor'], function(addVendor) { - // use addVendor +</code></pre> +</li> +<li> +<p>Afterwards the module can be loaded using the name <code>component/confirm</code>, e.g.</p> +<pre><code> require(['module/confirm'], function(confirm) { +confirm.confirmDeletion(/*...*/); }); -</code></pre> -<h2 id="make-a-module-out-of-a-javascript-file-or-function">Make a module out of a javascript file or function</h2> -<p>There are several javascript files and functions below `/html/js&rsquo;. They can be make compatible to RequireJS as follows:</p> -<ol> -<li> -<p>Create a new file inside <code>/html/js/component</code> with a proper name that describes the functionality for the new component</p> -</li> -<li> -<p>Define the module and point to the legacy function, e.g.</p> -<pre><code> define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { - return { - confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ - }; - }); -</code></pre> -</li> -<li> -<p>Afterwards the module can be loaded using the name <code>component/confirm</code>, e.g.</p> -<pre><code> require(['module/confirm'], function(confirm) { - confirm.confirmDeletion(/*...*/); - }); -</code></pre> -</li> -</ol> -<p><strong>Note</strong> The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. -<strong>Note</strong> You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.</p> - - - - - - +</code></pre> +</li> +</ol> +<p><strong>Note</strong> The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. +<strong>Note</strong> You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.</p> \ No newline at end of file diff --git a/docs/development/restapi/access/index.html b/docs/development/restapi/access/index.html index 9eba36c..5b7fef1 100644 --- a/docs/development/restapi/access/index.html +++ b/docs/development/restapi/access/index.html @@ -1,634 +1,109 @@ - - - - - - - - - - - - - - - - - - - - -API Access | Eclipse SW360 -API Access | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    API Access

    - -
    - - - - - - - - - - - - - -
    -

    How to get Access

    -

    There are the following steps

    -
      -
    1. -

      Open a browser with developer tools

      -
      2. -
    2. -

      Go to -https://<my_sw360_server>/authorization/client-management

      -
      3. -
    3. -

      To add a new client, enter the following javascript in the dev tools -console

      -
       xmlHttpRequest = new XMLHttpRequest();
+xmlHttpRequest = new XMLHttpRequest(); xmlHttpRequest.open('POST', '/authorization/client-management', false); xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); xmlHttpRequest.setRequestHeader('Accept', 'application/json'); xmlHttpRequest.send(JSON.stringify( { "description" : "my first test client", "authorities" : [ "BASIC" ], "scope" : [ "READ" ], "access_token_validity" : 3600, "refresh_token_validity" : 3600 } )); console.log(xmlHttpRequest.responseText); To manipulate an existing client, do the same but add the clientid to the data object">
+
      API Access
      How to get Access
      There are the following steps
      1. Open a browser with developer tools
      2. Go to
+https://<my_sw360_server>/authorization/client-management
      3. To add a new client, enter the following javascript in the dev tools
+console
         xmlHttpRequest = new XMLHttpRequest();
  xmlHttpRequest.open('POST', '/authorization/client-management', false);
  xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
  xmlHttpRequest.setRequestHeader('Accept', 'application/json');
@@ -642,25 +117,15 @@ console
        
    }
  ));
  console.log(xmlHttpRequest.responseText);
-
        
-
        4. 
-
      4. 
-
        To manipulate an existing client, do the same but add the clientid to
-the data object
        
-
        "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"
        
-to remove an existing client, enter the following javascript in the
-dev tools console
        
-
         xmlHttpRequest = new XMLHttpRequest();
+
      5. To manipulate an existing client, do the same but add the clientid to
+the data object
        "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"
        to remove an existing client, enter the following javascript in the
+dev tools console
         xmlHttpRequest = new XMLHttpRequest();
  xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false);
  xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
  xmlHttpRequest.setRequestHeader('Accept', 'application/json');
  xmlHttpRequest.send();
  console.log(xmlHttpRequest.responseText);
-
        
-
        6. 
-
      6. 
-
        You receive the token from such request, which looks like
        
-
         {
+
      7. You receive the token from such request, which looks like
         {
    "access_token" : "eyJhbGciOiJSUzI...",
    "token_type" : "bearer",
    "refresh_token" : "eyJhbGciOiJSUzI1...",
@@ -668,265 +133,34 @@ dev tools console
        
    "scope" : "READ WRITE",
    "jti" : "42539b0d-..."
  }
-
        
-
        8. 
-
      8. 
-
        You can try a request which uses for example the tool curl:
-curl -X GET -H "Authorization: Bearer [token]" -H "Content-Type: application/json"
        
-
        9. 
-
      9. 
-
        You can get a new token (you must get a new token) after expiration using client id and secret:
-https://<my_sw360_server>/authorization/oauth/token?grant_type=refresh_token&refresh_token=[refresh_token]
        
-
        10. 
-
      
-
      Deprecated Method: Access Tokens from the SW360 UI
      
-
      Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.
      
-
      Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:
      
-
        
-
      • No interaction with authorization service is necessary.
        • 
-
      • The token needs to be provided as with the JWT.
        • 
-
      
-
      Please find attached, where to obtain the token:
      
-
-
      
-     
-
      
-
-
      And then find the interface for issuing the tokens:
      
-
-
      
-     
-
      
-
-
      Token into which Header?
      
-
      If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):
      
-
      Authorization: Token <Token-Value>
      
-
      Previously, when you got the authentication info via the authorization service, it was:
      
-
      Authorization: Bearer <JWT-Value>
      
-
      Example: PowerShell Script
      
-
      This is an example Thomas Graf has sent around one - might be good to see how this works in general:
      
-
      $baseUri = "https://<my_sw360_server>/resource/"
-$uri = $baseUri + "api/projects" $data = @"
-{   "name" : "My 5th Dummy Project",
-    "description" : "Read/write test",
-    "version": "1.0",
-    "tag": "my tag",
-    "ownerGroup": "GROUP",
-    "projectType": "PRODUCT",
-    "linkedProjects": {},
-    "linkedReleases": {}
-} "@
-$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
-$headers.Add('Content-Type', 'application/hal+json')
-$headers.Add('Authorization', 'Token ' + $env:SW360StageToken)
-$headers.Add('Accept', 'application/hal+json')
-Invoke-WebRequest $uri -Method POST -Body $data -Headers $headers
-
      Deprecated Method: Authentication with Username and Password
      
-
      If I am not using token, but SW360 elsewhere: how do I obtain tokens?
      
-
      There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:
      
-
      curl -X POST --user 'trusted-sw360-client:sw360-secret' \
--d grant_type=password&username=user@sw360.org&password=12345 \
-https://<my_sw360_server>/authorization/oauth/token -k
-
      Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.
      
-
      Second you need to parameterize your request with this token. Pls. see the link at the very top ‘Technical Information’: Rest API for more information.
      
-
      FAQ
      
-
        
-
      • 
-
        When I use the JWT approach I used curl to retrieve the token and get
        
-
        {“error”:“unauthorized”,“error_description”:“No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken”}
        
-
        • 
-
      • 
-
        Your password seems to be wrong.
        
-
        Note, that with curl - you have to escape special characters in your password. E.g. password
+

    4. You can try a request which uses for example the tool curl: +curl -X GET -H "Authorization: Bearer [token]" -H "Content-Type: application/json"

    5. You can get a new token (you must get a new token) after expiration using client id and secret: +https://<my_sw360_server>/authorization/oauth/token?grant_type=refresh_token&refresh_token=[refresh_token]

    Deprecated Method: Access Tokens from the SW360 UI

    Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.

    Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:

    • No interaction with authorization service is necessary.
    • The token needs to be provided as with the JWT.

    Please find attached, where to obtain the token:

    And then find the interface for issuing the tokens:

    Token into which Header?

    If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):

    Authorization: Token <Token-Value>

    Previously, when you got the authentication info via the authorization service, it was:

    Authorization: Bearer <JWT-Value>

    Example: PowerShell Script

    This is an example Thomas Graf has sent around one - might be good to see how this works in general:

    $baseUri = "https://<my_sw360_server>/resource/"
+$uri = $baseUri + "api/projects" $data = @"
+{   "name" : "My 5th Dummy Project",
+    "description" : "Read/write test",
+    "version": "1.0",
+    "tag": "my tag",
+    "ownerGroup": "GROUP",
+    "projectType": "PRODUCT",
+    "linkedProjects": {},
+    "linkedReleases": {}
+} "@
+$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+$headers.Add('Content-Type', 'application/hal+json')
+$headers.Add('Authorization', 'Token ' + $env:SW360StageToken)
+$headers.Add('Accept', 'application/hal+json')
+Invoke-WebRequest $uri -Method POST -Body $data -Headers $headers
+

    Deprecated Method: Authentication with Username and Password

    If I am not using token, but SW360 elsewhere: how do I obtain tokens?

    There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:

    curl -X POST --user 'trusted-sw360-client:sw360-secret' \
+-d grant_type=password&username=user@sw360.org&password=12345 \
+https://<my_sw360_server>/authorization/oauth/token -k
+

    Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.

    Second you need to parameterize your request with this token. Pls. see the link at the very top ‘Technical Information’: Rest API for more information.

    FAQ

    • When I use the JWT approach I used curl to retrieve the token and get

      {“error”:“unauthorized”,“error_description”:“No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken”}

    • Your password seems to be wrong.

      Note, that with curl - you have to escape special characters in your password. E.g. password 123$abc -results in the following request

      -
      • -
    -
    curl -X POST --user 'trusted-sw360-client:sw360-secret' \
--d grant_type=password&username=user@sw360.org&password=123\$abc \
-https://<my_sw360_server>/authorization/oauth/token -k
-
    - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +results in the following request

    curl -X POST --user 'trusted-sw360-client:sw360-secret' \
+-d grant_type=password&username=user@sw360.org&password=123\$abc \
+https://<my_sw360_server>/authorization/oauth/token -k
+
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e)
    + + + \ No newline at end of file diff --git a/docs/development/restapi/dev-rest-api/index.html b/docs/development/restapi/dev-rest-api/index.html index c0737f6..9d5c57c 100644 --- a/docs/development/restapi/dev-rest-api/index.html +++ b/docs/development/restapi/dev-rest-api/index.html @@ -1,1229 +1,229 @@ - - - - - - - - - - - - - - - - - - - - -SW360 Rest API | Eclipse SW360 - - -SW360 Rest API | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 Rest API

    - -
    - - - - - - - - - - - - - -
    -

    The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module rest in the sw360 distribution.

    -

    Module Structure

    -

    The rest module provides a REST API infrastructure for sw360 including:

    -
      -
    • Module authorization-server - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.
      • -
    • Module resource-server - REST API Gateway, providing access to the data for authenticated and authorized users / clients.
      • -
    • Module rest-common - only library code that is shared between the other rest modules.
      • -
    -

    The REST API implementation uses:

    -
      -
    • Module authorization-server uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.
      • -
    • Module resource-server uses thrift backend services for accessing sw360 data to deliver it to the external clients.
      • -
    -

    API Principles

    -

    Security Principles

    -

    The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user’s name. +Module authorization-server - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow. Module resource-server - REST API Gateway, providing access to the data for authenticated and authorized users / clients."> +

    SW360 Rest API

    The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module rest in the sw360 distribution.

    Module Structure

    The rest module provides a REST API infrastructure for sw360 including:

    • Module authorization-server - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.
    • Module resource-server - REST API Gateway, providing access to the data for authenticated and authorized users / clients.
    • Module rest-common - only library code that is shared between the other rest modules.

    The REST API implementation uses:

    • Module authorization-server uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.
    • Module resource-server uses thrift backend services for accessing sw360 data to deliver it to the external clients.

    API Principles

    Security Principles

    The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user’s name. With this OAuth2 access token the client can query the resource server which will restrict access to the given authorities. -Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.

    -

    There are currently three different possibilities for an OAuth2 authorization server implemented:

    -
      -
    • Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.
      • -
    • Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.
      • -
    • Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.
      • -
    -

    Data Principles

    -

    The REST API provides Hypermedia using HAL (Hypertext Application Language). -The following example shows some ideas of the REST API. It can be obtained by

    -
    https://[hostname]:[port]/resource/api/browser/index.html#/resource/api
-

    Note that the response below is maybe not the exact same response of your current version:

    -
    {
-  "_links": {
-    "sw360:attachments": {
-      "href": "https://dev.sw360.siemens.com/resource/api/attachments{?sha1}",
-      "templated": true
-    },
-    "sw360:components": {
-      "href": "https://dev.sw360.siemens.com/resource/api/components"
-    },
-    "sw360:licenses": {
-      "href": "https://dev.sw360.siemens.com/resource/api/licenses"
-    },
-    "sw360:licenseinfo": {
-      "href": "https://dev.sw360.siemens.com/resource/api/licenseinfo"
-    },
-    "sw360:projects": {
-      "href": "https://dev.sw360.siemens.com/resource/api/projects"
-    },
-    "sw360:releases": {
-      "href": "https://dev.sw360.siemens.com/resource/api/releases"
-    },
-    "sw360:users": {
-      "href": "https://dev.sw360.siemens.com/resource/api/users"
-    },
-    "sw360:vendors": {
-      "href": "https://dev.sw360.siemens.com/resource/api/vendors"
-    },
-    "sw360:vulnerabilities": {
-      "href": "https://dev.sw360.siemens.com/resource/api/vulnerabilities"
-    },
-    "profile": {
-      "href": "https://dev.sw360.siemens.com/resource/api/profile"
-    },
-    "curies": [
-      {
-        "href": "https://dev.sw360.siemens.com/resource/docs/{rel}.html",
-        "name": "sw360",
-        "templated": true
-      }
-    ]
-  }
-}
-

    API Installation

    -

    Both, the authorization-server and the resource-server can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.

    -

    API Configuration

    -

    Since the authorization-server and the resource-server are Spring Boot servers, they are configured as usual via /src/main/resources/application.yml. In addition some configuration comes historically from sw360.properties. Please note that all configurations could be provided centrally in the /etc/sw360/ directory. As such, the sw360.properties sits directly in /etc/sw360/. For rest-specific configurations the application considers the location /etc/sw360/rest.

    -

    Authorization Server Configuration

    -

    Special Liferay Credentials Configuration

    -

    In addition to the general properties in here the following needs to be configured in the application.yml when the authentication via Liferay username/password credentials should be possible:

    - - - - - - - - - - - - - - - - - - - - -
    KeyValuesDefault
    sw360:sw360-portal-server-urlthe url of the Liferay instancen/a (but could be given if environment variable is used like ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080})
    sw360:sw360-liferay-company-idthe id of the company in Liferay that sw360 is run for(but could be given if environment variable is used like ${SW360_LIFERAY_COMPANY_ID:20155})
    -

    Special SSO Configuration

    -

    In addition to the general properties in here the following needs to be configured in the application.yml when the authentication via SSO should be possible:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    KeyValuesDefault
    security:customheader:enabledFlag if the components needed for SSO should be activefalse
    security:customheader:headername:intermediateauthstorethe name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal onlycustom-header-auth-marker
    security:customheader:headername:emailthe name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)authenticated-email
    security:customheader:headername:extidthe name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)authenticated-extid
    -

    :heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!

    -

    Removing Headers in Apache

    -

    In Apache you may use the mod_headers module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the authorization-server:

    -
    RequestHeader unset custom-header-auth-marker
-RequestHeader unset authenticated-email
-RequestHeader unset authenticated-extid
-

    General Configuration

    -

    Possible properties in sw360.properties file are:

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    KeyValuesDefault
    backend.urlthe url where the thrift services can be foundhttp://127.0.0.1:8080
    rest.write.access.usergroupthe user group level (`USERCLEARING_ADMIN
    rest.admin.access.usergroupthe user group level (`USERCLEARING_ADMIN
    -

    The values in sw360.properties should be migrated to the application.yml in the future.

    -

    Further important properties in application.yml file are:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    KeyValuesDefault
    couchdb:urlthe url of the CouchDB to use as client storen/a
    couchdb:databasethe database name of the CouchDB database to use as client storen/a
    couchdb:usernameif the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty valuenull
    couchdb:passwordif the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty valuenull
    sw360:cors:allowed-originvalue for cross origin resource sharingn/a
    security:oauth2:resource:idshould just be the same then in the resource servern/a
    -

    After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the ADMIN authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.

    -

    Client Management

    -

    In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-ADMIN privileges are needed for client management, an authentication is needed to work with this API.

    -

    For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):

    -
      -
    1. -

      Open a browser with developer tools capabilities

      -
      2. -
    2. -

      Open

      -
      https://[hostname]:[port]/authorization/client-management
-

      This page always shows the currently configured clients and can be refreshed after every manipulation of a client.

      -
      3. -
    3. -

      To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs

      -
      xmlHttpRequest = new XMLHttpRequest();
-xmlHttpRequest.open('POST', '/authorization/client-management', false);
-xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
-xmlHttpRequest.setRequestHeader('Accept', 'application/json');
-xmlHttpRequest.send(JSON.stringify(
-  {
-    "description" : "my first test client",
-    "authorities" : [ "BASIC" ],
-    "scope" : [ "READ" ],
-    "access_token_validity" : 3600,
-    "refresh_token_validity" : 3600
-  }
-));
-console.log(xmlHttpRequest.responseText);
-
      4. -
    4. -

      to manipulate an existing client, do the same but add the clientid to the data object

      -
          "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"
-
      5. -
    5. -

      to remove an existing client, enter the following javascript in the dev tools console

      -
      xmlHttpRequest = new XMLHttpRequest();
-xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false);
-xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
-xmlHttpRequest.setRequestHeader('Accept', 'application/json');
-xmlHttpRequest.send();
-console.log(xmlHttpRequest.responseText);
-
      6. -
    -

    This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.

    -

    Client Management via Curl

    -

    The above described call to create a rest client can also be done directly via one curl call:

    -
    SW360_USER=[admin sw360 user]
-SW360_PW=[corresponding sw360 admin user password]
-curl -s -S \
-     --user "${SW360_USER}:${SW360_PW}" \
-     --header "Content-Type: application/json" \
-     --header "Accept: application/json" \
-     -X POST https://[hostname]:[port]/authorization/client-management \
-     -d @- <<EOF
-{
-    "description" : "my first test client",
-    "authorities" : [ "BASIC" ],
-    "scope" : [ "READ" ],
-    "access_token_validity" : 3600,
-    "refresh_token_validity" : 3600
-}
-EOF
-

    This only works with the liferay basic-auth mechanism, SSO is not supported via curl.

    -

    OAuth2 Access Token

    -

    Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.

    -

    SSO Backed Access Token

    -

    Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL

    -
    https://[hostname]:[port]/authorization/oauth/token?grant_type=password&client_id=[clientid]&client_secret=[clientsecret]
-

    Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to

    -
    {
-  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w",
-  "token_type" : "bearer",
-  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA",
-  "expires_in" : 3599,
-  "scope" : "READ",
-  "jti" : "d68ef5aa-e493-4cf1-b64d-5a917dcc6e60"
-}
-

    From this response the value of the access_token and probably refresh_token field is the one to copy-paste for later usage.

    -

    Liferay Backed Access Token

    -

    With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example curl:

    -
    curl -X POST --user '[clientid]:[clientsecret]' -d 'grant_type=password&username=[username]&password=[password]' https://[hostname]:[port]/authorization/oauth/token -k
-

    Example response:

    -
    {
-  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w",
-  "token_type" : "bearer",
-  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA",
-  "expires_in" : 3599,
-  "scope" : "READ",
-  "jti" : "d68ef5aa-e493-4cf1-b64d-5a917dcc6e60"
-}
-

    Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field access_token and probably refresh_token.

    -

    More Links:

    - -

    OAuth2 Refresh Token

    -

    The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the refresh_token without further re-authorization of the user. The following url must be used:

    -
      http://localhost/authorization/oauth/token?grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>
+Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.
    There are currently three different possibilities for an OAuth2 authorization server implemented:
    • Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.
    • Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.
    • Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.
    Data Principles
    The REST API provides Hypermedia using HAL (Hypertext Application Language).
+The following example shows some ideas of the REST API. It can be obtained by
    https://[hostname]:[port]/resource/api/browser/index.html#/resource/api
+
    Note that the response below is maybe not the exact same response of your current version:
    {
+  "_links": {
+    "sw360:attachments": {
+      "href": "https://dev.sw360.siemens.com/resource/api/attachments{?sha1}",
+      "templated": true
+    },
+    "sw360:components": {
+      "href": "https://dev.sw360.siemens.com/resource/api/components"
+    },
+    "sw360:licenses": {
+      "href": "https://dev.sw360.siemens.com/resource/api/licenses"
+    },
+    "sw360:licenseinfo": {
+      "href": "https://dev.sw360.siemens.com/resource/api/licenseinfo"
+    },
+    "sw360:projects": {
+      "href": "https://dev.sw360.siemens.com/resource/api/projects"
+    },
+    "sw360:releases": {
+      "href": "https://dev.sw360.siemens.com/resource/api/releases"
+    },
+    "sw360:users": {
+      "href": "https://dev.sw360.siemens.com/resource/api/users"
+    },
+    "sw360:vendors": {
+      "href": "https://dev.sw360.siemens.com/resource/api/vendors"
+    },
+    "sw360:vulnerabilities": {
+      "href": "https://dev.sw360.siemens.com/resource/api/vulnerabilities"
+    },
+    "profile": {
+      "href": "https://dev.sw360.siemens.com/resource/api/profile"
+    },
+    "curies": [
+      {
+        "href": "https://dev.sw360.siemens.com/resource/docs/{rel}.html",
+        "name": "sw360",
+        "templated": true
+      }
+    ]
+  }
+}
+
    API Installation
    Both, the authorization-server and the resource-server can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.
    API Configuration
    Since the authorization-server and the resource-server are Spring Boot servers, they are configured as usual via /src/main/resources/application.yml. In addition some configuration comes historically from sw360.properties. Please note that all configurations could be provided centrally in the /etc/sw360/ directory. As such, the sw360.properties sits directly in /etc/sw360/. For rest-specific configurations the application considers the location /etc/sw360/rest.
    Authorization Server Configuration
    Special Liferay Credentials Configuration
    In addition to the general properties in here the following needs to be configured in the application.yml when the authentication via Liferay username/password credentials should be possible:
    KeyValuesDefault
    sw360:sw360-portal-server-urlthe url of the Liferay instancen/a (but could be given if environment variable is used like ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080})
    sw360:sw360-liferay-company-idthe id of the company in Liferay that sw360 is run for(but could be given if environment variable is used like ${SW360_LIFERAY_COMPANY_ID:20155})
    Special SSO Configuration
    In addition to the general properties in here the following needs to be configured in the application.yml when the authentication via SSO should be possible:
    KeyValuesDefault
    security:customheader:enabledFlag if the components needed for SSO should be activefalse
    security:customheader:headername:intermediateauthstorethe name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal onlycustom-header-auth-marker
    security:customheader:headername:emailthe name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)authenticated-email
    security:customheader:headername:extidthe name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)authenticated-extid
    :heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!
    Removing Headers in Apache
    In Apache you may use the mod_headers module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the authorization-server:
    RequestHeader unset custom-header-auth-marker
+RequestHeader unset authenticated-email
+RequestHeader unset authenticated-extid
+
    General Configuration
    Possible properties in sw360.properties file are:
    KeyValuesDefault
    backend.urlthe url where the thrift services can be foundhttp://127.0.0.1:8080
    rest.write.access.usergroupthe user group level (`USERCLEARING_ADMIN
    rest.admin.access.usergroupthe user group level (`USERCLEARING_ADMIN
    The values in sw360.properties should be migrated to the application.yml in the future.
    Further important properties in application.yml file are:
    KeyValuesDefault
    couchdb:urlthe url of the CouchDB to use as client storen/a
    couchdb:databasethe database name of the CouchDB database to use as client storen/a
    couchdb:usernameif the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty valuenull
    couchdb:passwordif the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty valuenull
    sw360:cors:allowed-originvalue for cross origin resource sharingn/a
    security:oauth2:resource:idshould just be the same then in the resource servern/a
    After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the ADMIN authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.
    Client Management
    In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-ADMIN privileges are needed for client management, an authentication is needed to work with this API.
    For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):
    1. Open a browser with developer tools capabilities
    2. Open
      https://[hostname]:[port]/authorization/client-management
+
      This page always shows the currently configured clients and can be refreshed after every manipulation of a client.
    3. To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs
      xmlHttpRequest = new XMLHttpRequest();
+xmlHttpRequest.open('POST', '/authorization/client-management', false);
+xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
+xmlHttpRequest.setRequestHeader('Accept', 'application/json');
+xmlHttpRequest.send(JSON.stringify(
+  {
+    "description" : "my first test client",
+    "authorities" : [ "BASIC" ],
+    "scope" : [ "READ" ],
+    "access_token_validity" : 3600,
+    "refresh_token_validity" : 3600
+  }
+));
+console.log(xmlHttpRequest.responseText);
+
    4. to manipulate an existing client, do the same but add the clientid to the data object
          "client_id" : "9e358ca832ce4ce99a770c7bd0f8e066"
+
    5. to remove an existing client, enter the following javascript in the dev tools console
      xmlHttpRequest = new XMLHttpRequest();
+xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false);
+xmlHttpRequest.setRequestHeader('Content-Type', 'application/json');
+xmlHttpRequest.setRequestHeader('Accept', 'application/json');
+xmlHttpRequest.send();
+console.log(xmlHttpRequest.responseText);
+
    This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.
    Client Management via Curl
    The above described call to create a rest client can also be done directly via one curl call:
    SW360_USER=[admin sw360 user]
+SW360_PW=[corresponding sw360 admin user password]
+curl -s -S \
+     --user "${SW360_USER}:${SW360_PW}" \
+     --header "Content-Type: application/json" \
+     --header "Accept: application/json" \
+     -X POST https://[hostname]:[port]/authorization/client-management \
+     -d @- <<EOF
+{
+    "description" : "my first test client",
+    "authorities" : [ "BASIC" ],
+    "scope" : [ "READ" ],
+    "access_token_validity" : 3600,
+    "refresh_token_validity" : 3600
+}
+EOF
+
    This only works with the liferay basic-auth mechanism, SSO is not supported via curl.
    OAuth2 Access Token
    Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.
    SSO Backed Access Token
    Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL
    https://[hostname]:[port]/authorization/oauth/token?grant_type=password&client_id=[clientid]&client_secret=[clientsecret]
+
    Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to
    {
+  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w",
+  "token_type" : "bearer",
+  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA",
+  "expires_in" : 3599,
+  "scope" : "READ",
+  "jti" : "d68ef5aa-e493-4cf1-b64d-5a917dcc6e60"
+}
+
    From this response the value of the access_token and probably refresh_token field is the one to copy-paste for later usage.
    Liferay Backed Access Token
    With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example curl:
    curl -X POST --user '[clientid]:[clientsecret]' -d 'grant_type=password&username=[username]&password=[password]' https://[hostname]:[port]/authorization/oauth/token -k
+
    Example response:
    {
+  "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w",
+  "token_type" : "bearer",
+  "refresh_token" : "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA",
+  "expires_in" : 3599,
+  "scope" : "READ",
+  "jti" : "d68ef5aa-e493-4cf1-b64d-5a917dcc6e60"
+}
+
    Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field access_token and probably refresh_token.
    More Links:
    OAuth2 Refresh Token
    The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the refresh_token without further re-authorization of the user. The following url must be used:
      http://localhost/authorization/oauth/token?grant_type=refresh_token&refresh_token=<REFRESH_TOKEN>
 
    The client must pass its credentials via basic authentication. Though a user authentication is not necessary.
-If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the ‘grant_type=refresh_token’ query parameter may be used.
    
-
    Example Apache configuration
    
-
    The following example shows the relevant part for an Apache proxy to configure
-authentication of the authorization-server properly:
    
-
    <Location /authorization/oauth/token>
-    Order allow,deny
-    Allow from all
-
-    <If "%{QUERY_STRING} =~ /^grant_type=refresh_token\&/">
-        # No authentication needed
-    </If>
-    <Else>
-        # Configure your authentication here
-    </Else>
-
-    ProxyPass https://localhost:8443/authorization/oauth/token
-    ProxyPassReverse https://localhost:8443/authorization/oauth/token
-</Location>
-
    Resource Server Configuration
    
-
    Now that access tokens can be generated, the resource server has to be configured. The same general ideas of general config apply. The properties of the application.yml are
    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
    KeyValuesDefault
    sw360:thrift-server-urlthe url where the thrift services can be found, e.g. http://localhost:8080
    sw360:test-user-idonly for developing, simple test user short cut, must be pulled off for productive
    sw360:test-user-passworssee above
    sw360:couchdb-urlthe url of the CouhDB server for attachment handling, e.g. https://localhost:5984
    sw360:cors:allowed-originvalue for cross origin resource sharingn/a
    
-
    The REST API is now completely usable via an own client or testwise with integrated tools.
    
-
    Tools
    
-
    To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:
    
-
    https://[hostname]:[port]/resource/api/browser/index.html#/resource/api
-
    An example for a screenshot is as follows:
    
-
    rest-hal-explorer
    
-
    When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:
    
-
      
-
    • Key: Authorization
      • 
-
    • As value you need to enter: Bearer [ACCESS_TOKEN] where [ACCESS_TOKEN] actually contains the token
      • 
-
    
-
    Example – Get a list of projects
    
-
    Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:
    
-
    https://sw360.org/resource/api/projects (or /resource/api/projects)
-
    will return the following response:
    
-
    rest-explorer2
    
-
    API Documentation
    
-
    sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance
    
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
    URLDescription
    https://[hostname]:[port]/resource/docs/index.htmlSmall overview page
    https://[hostname]:[port]/resource/docs/api-guide.htmlThe API description for the currently running server
    https://[hostname]:[port]/resource/api/browser/index.html#/resource/apiIntegrated HAL browser to directly use the API
    
-
    Known Problems
    
-
    If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:
    
-
    "_links": {
-  "self": {
-    "href": "https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d"
-  }
-}
-
    The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the http protocol and port - which is a problem if the server should be contacted over httpsonly. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to https.
    
-
    Solution is to set for example in Nginx HTTP ‘X-Forward-*’ headers on a reverse proxy, for example:
    
-
     location / {
-   ...
-   proxy_set_header        X-Forwarded-Port   443;
-   proxy_set_header        X-Forwarded-Proto  https;
- }
-
    For other Web severs, there might a similar solution.
    
-
-	
-	
-	
    
-  Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
-
    
-
-
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the ‘grant_type=refresh_token’ query parameter may be used.

    Example Apache configuration

    The following example shows the relevant part for an Apache proxy to configure +authentication of the authorization-server properly:

    <Location /authorization/oauth/token>
+    Order allow,deny
+    Allow from all
+
+    <If "%{QUERY_STRING} =~ /^grant_type=refresh_token\&/">
+        # No authentication needed
+    </If>
+    <Else>
+        # Configure your authentication here
+    </Else>
+
+    ProxyPass https://localhost:8443/authorization/oauth/token
+    ProxyPassReverse https://localhost:8443/authorization/oauth/token
+</Location>
+

    Resource Server Configuration

    Now that access tokens can be generated, the resource server has to be configured. The same general ideas of general config apply. The properties of the application.yml are

    KeyValuesDefault
    sw360:thrift-server-urlthe url where the thrift services can be found, e.g. http://localhost:8080
    sw360:test-user-idonly for developing, simple test user short cut, must be pulled off for productive
    sw360:test-user-passworssee above
    sw360:couchdb-urlthe url of the CouhDB server for attachment handling, e.g. https://localhost:5984
    sw360:cors:allowed-originvalue for cross origin resource sharingn/a

    The REST API is now completely usable via an own client or testwise with integrated tools.

    Tools

    To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:

    https://[hostname]:[port]/resource/api/browser/index.html#/resource/api
+

    An example for a screenshot is as follows:

    rest-hal-explorer

    When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:

    • Key: Authorization
    • As value you need to enter: Bearer [ACCESS_TOKEN] where [ACCESS_TOKEN] actually contains the token

    Example – Get a list of projects

    Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:

    https://sw360.org/resource/api/projects (or /resource/api/projects)
+

    will return the following response:

    rest-explorer2

    API Documentation

    sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance

    URLDescription
    https://[hostname]:[port]/resource/docs/index.htmlSmall overview page
    https://[hostname]:[port]/resource/docs/api-guide.htmlThe API description for the currently running server
    https://[hostname]:[port]/resource/api/browser/index.html#/resource/apiIntegrated HAL browser to directly use the API

    Known Problems

    If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:

    "_links": {
+  "self": {
+    "href": "https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d"
+  }
+}
+

    The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the http protocol and port - which is a problem if the server should be contacted over httpsonly. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to https.

    Solution is to set for example in Nginx HTTP ‘X-Forward-*’ headers on a reverse proxy, for example:

     location / {
+   ...
+   proxy_set_header        X-Forwarded-Port   443;
+   proxy_set_header        X-Forwarded-Proto  https;
+ }
+

    For other Web severs, there might a similar solution.

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/restapi/index.html b/docs/development/restapi/index.html index c36fe40..5f388c7 100644 --- a/docs/development/restapi/index.html +++ b/docs/development/restapi/index.html @@ -1,826 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -SW360 RESTful API | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 RESTful API

    - -
    - - - - - - - - - - - - - -
    -

    Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution.

    -

    Methods of Authentication

    -
      -
    1. OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early)
      2. -
    2. Access key obtained in the SW360 UI
      3. -
    3. OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens.
      4. -
    -

    API Documentation is available on the instances deployed:

    -
      -
    • https://<my_sw360_server>/resource/docs/api-guide.html
      • -
    -

    Brief Specs

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    Implementation TechnologyJava-based Spring-framework based
    REST FlavorHypermedia-driven
    AuthenticationNow: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible
    More Technical InformationRest API
    - -
    - - - - - - - - -
    - - -
    -
    - API Access -
    -

    -
    - - -
    -
    - SW360 Rest API -
    -

    -
    - - -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +SW360 RESTful API | Eclipse SW360 +

    SW360 RESTful API

    Using the Web interface makes sense for some use cases, for some other cases the tool integration is more useful. The SW360 software offers a RESTful API. It has been initially developed by a colleague of the BT division - an excellent example of how Inner Source works for projects. Now it has been integrated to the official main project as component that can be deployed along with a SW360 solution.

    Methods of Authentication

    1. OAuth workflow involving consumer / client secret and user token using user name and password from LDAP / Exchange accounts (very early)
    2. Access key obtained in the SW360 UI
    3. OAuth workflow involving consumer token / client secret and signed Java Web Tokens involving user authentication from OpenID Connect service for the first token and then using the OAuth refresh tokens.

    API Documentation is available on the instances deployed:

    • https://<my_sw360_server>/resource/docs/api-guide.html

    Brief Specs

    Implementation TechnologyJava-based Spring-framework based
    REST FlavorHypermedia-driven
    AuthenticationNow: Token by user token store. Previously: Spring Security using JWT and SW360 user management. Note that technically, both ways are possible
    More Technical InformationRest API
    API Access

    SW360 Rest API

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/restapi/index.xml b/docs/development/restapi/index.xml index ac9d31f..851b1eb 100644 --- a/docs/development/restapi/index.xml +++ b/docs/development/restapi/index.xml @@ -1,594 +1,549 @@ - - - Eclipse SW360 – SW360 RESTful API - https://www.eclipse.org/sw360/docs/development/restapi/ - Recent content in SW360 RESTful API on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: API Access - https://www.eclipse.org/sw360/docs/development/restapi/access/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/restapi/access/ - - - - <h2 id="how-to-get-access">How to get Access</h2> -<p>There are the following steps</p> -<ol> -<li> -<p>Open a browser with developer tools</p> -</li> -<li> -<p>Go to -<code>https://&lt;my_sw360_server&gt;/authorization/client-management</code></p> -</li> -<li> -<p>To add a new client, enter the following javascript in the dev tools -console</p> -<pre><code> xmlHttpRequest = new XMLHttpRequest(); - xmlHttpRequest.open('POST', '/authorization/client-management', false); - xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); - xmlHttpRequest.setRequestHeader('Accept', 'application/json'); - xmlHttpRequest.send(JSON.stringify( - { - &quot;description&quot; : &quot;my first test client&quot;, - &quot;authorities&quot; : [ &quot;BASIC&quot; ], - &quot;scope&quot; : [ &quot;READ&quot; ], - &quot;access_token_validity&quot; : 3600, - &quot;refresh_token_validity&quot; : 3600 - } - )); - console.log(xmlHttpRequest.responseText); -</code></pre> -</li> -<li> -<p>To manipulate an existing client, do the same but add the clientid to -the data object</p> -<p><code>&quot;client_id&quot; : &quot;9e358ca832ce4ce99a770c7bd0f8e066&quot;</code><br> +Eclipse SW360 – SW360 RESTful APIhttps://www.eclipse.org/sw360/docs/development/restapi/Recent content in SW360 RESTful API on Eclipse SW360Hugo -- gohugo.ioDocs: API Accesshttps://www.eclipse.org/sw360/docs/development/restapi/access/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/restapi/access/ +<h2 id="how-to-get-access">How to get Access</h2> +<p>There are the following steps</p> +<ol> +<li> +<p>Open a browser with developer tools</p> +</li> +<li> +<p>Go to +<code>https://&lt;my_sw360_server&gt;/authorization/client-management</code></p> +</li> +<li> +<p>To add a new client, enter the following javascript in the dev tools +console</p> +<pre><code> xmlHttpRequest = new XMLHttpRequest(); +xmlHttpRequest.open('POST', '/authorization/client-management', false); +xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); +xmlHttpRequest.setRequestHeader('Accept', 'application/json'); +xmlHttpRequest.send(JSON.stringify( +{ +&quot;description&quot; : &quot;my first test client&quot;, +&quot;authorities&quot; : [ &quot;BASIC&quot; ], +&quot;scope&quot; : [ &quot;READ&quot; ], +&quot;access_token_validity&quot; : 3600, +&quot;refresh_token_validity&quot; : 3600 +} +)); +console.log(xmlHttpRequest.responseText); +</code></pre> +</li> +<li> +<p>To manipulate an existing client, do the same but add the clientid to +the data object</p> +<p><code>&quot;client_id&quot; : &quot;9e358ca832ce4ce99a770c7bd0f8e066&quot;</code><br> to remove an existing client, enter the following javascript in the -dev tools console</p> -<pre><code> xmlHttpRequest = new XMLHttpRequest(); - xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); - xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); - xmlHttpRequest.setRequestHeader('Accept', 'application/json'); - xmlHttpRequest.send(); - console.log(xmlHttpRequest.responseText); -</code></pre> -</li> -<li> -<p>You receive the token from such request, which looks like</p> -<pre><code> { - &quot;access_token&quot; : &quot;eyJhbGciOiJSUzI...&quot;, - &quot;token_type&quot; : &quot;bearer&quot;, - &quot;refresh_token&quot; : &quot;eyJhbGciOiJSUzI1...&quot;, - &quot;expires_in&quot; : 599, - &quot;scope&quot; : &quot;READ WRITE&quot;, - &quot;jti&quot; : &quot;42539b0d-...&quot; - } -</code></pre> -</li> -<li> -<p>You can try a request which uses for example the tool curl: -<code>curl -X GET -H &quot;Authorization: Bearer [token]&quot; -H &quot;Content-Type: application/json&quot;</code></p> -</li> -<li> -<p>You can get a new token (you must get a new token) after expiration using client id and secret: -<code>https://&lt;my_sw360_server&gt;/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=[refresh_token]</code></p> -</li> -</ol> -<h2 id="deprecated-method-access-tokens-from-the-sw360-ui">Deprecated Method: Access Tokens from the SW360 UI</h2> -<p>Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.</p> -<p>Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:</p> -<ul> -<li>No interaction with authorization service is necessary.</li> -<li>The token needs to be provided as with the JWT.</li> -</ul> -<p>Please find attached, where to obtain the token:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png"/> -</figure> - -<p>And then find the interface for issuing the tokens:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png"/> -</figure> - -<h3 id="token-into-which-header">Token into which Header?</h3> -<p>If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):</p> -<p><code>Authorization: Token &lt;Token-Value&gt;</code></p> -<p>Previously, when you got the authentication info via the authorization service, it was:</p> -<p><code>Authorization: Bearer &lt;JWT-Value&gt;</code></p> -<h3 id="example-powershell-script">Example: PowerShell Script</h3> -<p>This is an example Thomas Graf has sent around one - might be good to see how this works in general:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#033">$baseUri</span> = <span style="color:#c30">&#34;https://&lt;my_sw360_server&gt;/resource/&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">$uri</span> = <span style="color:#033">$baseUri</span> + <span style="color:#c30">&#34;api/projects&#34;</span> <span style="color:#033">$data</span> = <span style="color:#c30">@&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ &#34;name&#34; : &#34;My 5th Dummy Project&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;Read/write test&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;version&#34;: &#34;1.0&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;tag&#34;: &#34;my tag&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;ownerGroup&#34;: &#34;GROUP&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;projectType&#34;: &#34;PRODUCT&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedProjects&#34;: {}, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedReleases&#34;: {} -</span></span></span><span style="display:flex;"><span><span style="color:#c30">} &#34;@ -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30"> = New-Object &#34;System.Collections.Generic.Dictionary[[String],[String]]&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Content-Type&#39;, &#39;application/hal+json&#39;) -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Authorization&#39;, &#39;Token &#39; + </span><span style="color:#033">$env:SW360StageToken</span><span style="color:#c30">) -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Accept&#39;, &#39;application/hal+json&#39;) -</span></span></span><span style="display:flex;"><span><span style="color:#c30">Invoke-WebRequest </span><span style="color:#033">$uri</span><span style="color:#c30"> -Method POST -Body </span><span style="color:#033">$data</span><span style="color:#c30"> -Headers </span><span style="color:#033">$headers</span><span style="color:#c30"> -</span></span></span></code></pre></div><h2 id="deprecated-method-authentication-with-username-and-password">Deprecated Method: Authentication with Username and Password</h2> -<h3 id="if-i-am-not-using-token-but-sw360-elsewhere-how-do-i-obtain-tokens">If I am not using token, but SW360 elsewhere: how do I obtain tokens?</h3> -<p>There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span><span style="color:#f60">12345</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k -</span></span></code></pre></div><p>Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.</p> -<p>Second you need to parameterize your request with this token. Pls. see the link at the very top &lsquo;Technical Information&rsquo;: <a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a> for more information.</p> -<h3 id="faq">FAQ</h3> -<ul> -<li> -<p>When I use the JWT approach I used curl to retrieve the token and get</p> -<p>{&ldquo;error&rdquo;:&ldquo;unauthorized&rdquo;,&ldquo;error_description&rdquo;:&ldquo;No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken&rdquo;}</p> -</li> -<li> -<p>Your password seems to be wrong.</p> -<p>Note, that with curl - you have to escape special characters in your password. E.g. password +dev tools console</p> +<pre><code> xmlHttpRequest = new XMLHttpRequest(); +xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); +xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); +xmlHttpRequest.setRequestHeader('Accept', 'application/json'); +xmlHttpRequest.send(); +console.log(xmlHttpRequest.responseText); +</code></pre> +</li> +<li> +<p>You receive the token from such request, which looks like</p> +<pre><code> { +&quot;access_token&quot; : &quot;eyJhbGciOiJSUzI...&quot;, +&quot;token_type&quot; : &quot;bearer&quot;, +&quot;refresh_token&quot; : &quot;eyJhbGciOiJSUzI1...&quot;, +&quot;expires_in&quot; : 599, +&quot;scope&quot; : &quot;READ WRITE&quot;, +&quot;jti&quot; : &quot;42539b0d-...&quot; +} +</code></pre> +</li> +<li> +<p>You can try a request which uses for example the tool curl: +<code>curl -X GET -H &quot;Authorization: Bearer [token]&quot; -H &quot;Content-Type: application/json&quot;</code></p> +</li> +<li> +<p>You can get a new token (you must get a new token) after expiration using client id and secret: +<code>https://&lt;my_sw360_server&gt;/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=[refresh_token]</code></p> +</li> +</ol> +<h2 id="deprecated-method-access-tokens-from-the-sw360-ui">Deprecated Method: Access Tokens from the SW360 UI</h2> +<p>Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.</p> +<p>Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:</p> +<ul> +<li>No interaction with authorization service is necessary.</li> +<li>The token needs to be provided as with the JWT.</li> +</ul> +<p>Please find attached, where to obtain the token:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png"/> +</figure> +<p>And then find the interface for issuing the tokens:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png"/> +</figure> +<h3 id="token-into-which-header">Token into which Header?</h3> +<p>If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):</p> +<p><code>Authorization: Token &lt;Token-Value&gt;</code></p> +<p>Previously, when you got the authentication info via the authorization service, it was:</p> +<p><code>Authorization: Bearer &lt;JWT-Value&gt;</code></p> +<h3 id="example-powershell-script">Example: PowerShell Script</h3> +<p>This is an example Thomas Graf has sent around one - might be good to see how this works in general:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#033">$baseUri</span> = <span style="color:#c30">&#34;https://&lt;my_sw360_server&gt;/resource/&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">$uri</span> = <span style="color:#033">$baseUri</span> + <span style="color:#c30">&#34;api/projects&#34;</span> <span style="color:#033">$data</span> = <span style="color:#c30">@&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ &#34;name&#34; : &#34;My 5th Dummy Project&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;Read/write test&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;version&#34;: &#34;1.0&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;tag&#34;: &#34;my tag&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;ownerGroup&#34;: &#34;GROUP&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;projectType&#34;: &#34;PRODUCT&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedProjects&#34;: {}, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedReleases&#34;: {} +</span></span></span><span style="display:flex;"><span><span style="color:#c30">} &#34;@ +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30"> = New-Object &#34;System.Collections.Generic.Dictionary[[String],[String]]&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Content-Type&#39;, &#39;application/hal+json&#39;) +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Authorization&#39;, &#39;Token &#39; + </span><span style="color:#033">$env:SW360StageToken</span><span style="color:#c30">) +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Accept&#39;, &#39;application/hal+json&#39;) +</span></span></span><span style="display:flex;"><span><span style="color:#c30">Invoke-WebRequest </span><span style="color:#033">$uri</span><span style="color:#c30"> -Method POST -Body </span><span style="color:#033">$data</span><span style="color:#c30"> -Headers </span><span style="color:#033">$headers</span><span style="color:#c30"> +</span></span></span></code></pre></div><h2 id="deprecated-method-authentication-with-username-and-password">Deprecated Method: Authentication with Username and Password</h2> +<h3 id="if-i-am-not-using-token-but-sw360-elsewhere-how-do-i-obtain-tokens">If I am not using token, but SW360 elsewhere: how do I obtain tokens?</h3> +<p>There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span><span style="color:#f60">12345</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k +</span></span></code></pre></div><p>Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.</p> +<p>Second you need to parameterize your request with this token. Pls. see the link at the very top &lsquo;Technical Information&rsquo;: <a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a> for more information.</p> +<h3 id="faq">FAQ</h3> +<ul> +<li> +<p>When I use the JWT approach I used curl to retrieve the token and get</p> +<p>{&ldquo;error&rdquo;:&ldquo;unauthorized&rdquo;,&ldquo;error_description&rdquo;:&ldquo;No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken&rdquo;}</p> +</li> +<li> +<p>Your password seems to be wrong.</p> +<p>Note, that with curl - you have to escape special characters in your password. E.g. password 123$abc -results in the following request</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span>123<span style="color:#c30;font-weight:bold">\$</span>abc <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k -</span></span></code></pre></div> - - - - - Docs: SW360 Rest API - https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ - - - - <p>The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module <code>rest</code> in the sw360 distribution.</p> -<h1 id="module-structure">Module Structure</h1> -<p>The <code>rest</code> module provides a REST API infrastructure for sw360 including:</p> -<ul> -<li>Module <code>authorization-server</code> - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.</li> -<li>Module <code>resource-server</code> - REST API Gateway, providing access to the data for authenticated and authorized users / clients.</li> -<li>Module <code>rest-common</code> - only library code that is shared between the other rest modules.</li> -</ul> -<p>The REST API implementation uses:</p> -<ul> -<li>Module <code>authorization-server</code> uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.</li> -<li>Module <code>resource-server</code> uses thrift backend services for accessing sw360 data to deliver it to the external clients.</li> -</ul> -<h1 id="api-principles">API Principles</h1> -<h2 id="security-principles">Security Principles</h2> -<p>The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user&rsquo;s name. +results in the following request</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span>123<span style="color:#c30;font-weight:bold">\$</span>abc <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k +</span></span></code></pre></div>Docs: SW360 Rest APIhttps://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ +<p>The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module <code>rest</code> in the sw360 distribution.</p> +<h1 id="module-structure">Module Structure</h1> +<p>The <code>rest</code> module provides a REST API infrastructure for sw360 including:</p> +<ul> +<li>Module <code>authorization-server</code> - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.</li> +<li>Module <code>resource-server</code> - REST API Gateway, providing access to the data for authenticated and authorized users / clients.</li> +<li>Module <code>rest-common</code> - only library code that is shared between the other rest modules.</li> +</ul> +<p>The REST API implementation uses:</p> +<ul> +<li>Module <code>authorization-server</code> uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.</li> +<li>Module <code>resource-server</code> uses thrift backend services for accessing sw360 data to deliver it to the external clients.</li> +</ul> +<h1 id="api-principles">API Principles</h1> +<h2 id="security-principles">Security Principles</h2> +<p>The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user&rsquo;s name. With this OAuth2 access token the client can query the resource server which will restrict access to the given authorities. -Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.</p> -<p>There are currently three different possibilities for an OAuth2 authorization server implemented:</p> -<ul> -<li>Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.</li> -<li>Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.</li> -<li>Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.</li> -</ul> -<h2 id="data-principles">Data Principles</h2> -<p>The REST API provides Hypermedia using <a href="http://stateless.co/hal_specification.html">HAL</a> (Hypertext Application Language). -The following example shows some ideas of the REST API. It can be obtained by</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api -</span></span></code></pre></div><p>Note that the response below is maybe not the exact same response of your current version:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;_links&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:attachments&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/attachments{?sha1}&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:components&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/components&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenses&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenses&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenseinfo&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenseinfo&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:projects&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/projects&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:releases&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/releases&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:users&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/users&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vendors&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vendors&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vulnerabilities&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vulnerabilities&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;profile&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/profile&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;curies&#34;</span>: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/docs/{rel}.html&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;name&#34;</span>: <span style="color:#c30">&#34;sw360&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h1 id="api-installation">API Installation</h1> -<p>Both, the <code>authorization-server</code> and the <code>resource-server</code> can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.</p> -<h1 id="api-configuration">API Configuration</h1> -<p>Since the <code>authorization-server</code> and the <code>resource-server</code> are Spring Boot servers, they are configured as usual via <code>/src/main/resources/application.yml</code>. In addition some configuration comes historically from <code>sw360.properties</code>. Please note that all configurations could be provided centrally in the <code>/etc/sw360/</code> directory. As such, the <code>sw360.properties</code> sits directly in <code>/etc/sw360/</code>. For rest-specific configurations the application considers the location <code>/etc/sw360/rest</code>.</p> -<h2 id="authorization-server-configuration">Authorization Server Configuration</h2> -<h3 id="special-liferay-credentials-configuration">Special Liferay Credentials Configuration</h3> -<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via Liferay username/password credentials should be possible:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>sw360:sw360-portal-server-url</td> -<td>the url of the Liferay instance</td> -<td>n/a (but could be given if environment variable is used like <code>${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}</code>)</td> -</tr> -<tr> -<td>sw360:sw360-liferay-company-id</td> -<td>the id of the company in Liferay that sw360 is run for</td> -<td>(but could be given if environment variable is used like <code>${SW360_LIFERAY_COMPANY_ID:20155}</code>)</td> -</tr> -</tbody> -</table> -<h3 id="special-sso-configuration">Special SSO Configuration</h3> -<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via SSO should be possible:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>security:customheader:enabled</td> -<td>Flag if the components needed for SSO should be active</td> -<td>false</td> -</tr> -<tr> -<td>security:customheader:headername:intermediateauthstore</td> -<td>the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only</td> -<td>custom-header-auth-marker</td> -</tr> -<tr> -<td>security:customheader:headername:email</td> -<td>the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)</td> -<td>authenticated-email</td> -</tr> -<tr> -<td>security:customheader:headername:extid</td> -<td>the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)</td> -<td>authenticated-extid</td> -</tr> -</tbody> -</table> -<p>:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!</p> -<h4 id="removing-headers-in-apache">Removing Headers in Apache</h4> -<p>In Apache you may use the <a href="https://httpd.apache.org/docs/current/mod/mod_headers.html"><code>mod_headers</code></a> module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the <code>authorization-server</code>:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>RequestHeader unset custom-header-auth-marker -</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-email -</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-extid -</span></span></code></pre></div><h3 id="a-namegeneral-configageneral-configuration"><a name="general-config"></a>General Configuration</h3> -<p>Possible properties in <code>sw360.properties</code> file are:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>backend.url</td> -<td>the url where the thrift services can be found</td> -<td>http://127.0.0.1:8080</td> -</tr> -<tr> -<td>rest.write.access.usergroup</td> -<td>the user group level (`USER</td> -<td>CLEARING_ADMIN</td> -</tr> -<tr> -<td>rest.admin.access.usergroup</td> -<td>the user group level (`USER</td> -<td>CLEARING_ADMIN</td> -</tr> -</tbody> -</table> -<p>The values in <code>sw360.properties</code> should be migrated to the <code>application.yml</code> in the future.</p> -<p>Further important properties in <code>application.yml</code> file are:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>couchdb:url</td> -<td>the url of the CouchDB to use as client store</td> -<td>n/a</td> -</tr> -<tr> -<td>couchdb:database</td> -<td>the database name of the CouchDB database to use as client store</td> -<td>n/a</td> -</tr> -<tr> -<td>couchdb:username</td> -<td>if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value</td> -<td>null</td> -</tr> -<tr> -<td>couchdb:password</td> -<td>if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value</td> -<td>null</td> -</tr> -<tr> -<td>sw360:cors:allowed-origin</td> -<td>value for cross origin resource sharing</td> -<td>n/a</td> -</tr> -<tr> -<td>security:oauth2:resource:id</td> -<td>should just be the same then in the resource server</td> -<td>n/a</td> -</tr> -</tbody> -</table> -<p>After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the <code>ADMIN</code> authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.</p> -<h1 id="client-management">Client Management</h1> -<p>In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-<code>ADMIN</code> privileges are needed for client management, an authentication is needed to work with this API.</p> -<p>For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):</p> -<ol> -<li> -<p>Open a browser with developer tools capabilities</p> -</li> -<li> -<p>Open</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/client-management -</span></span></code></pre></div><p>This page always shows the currently configured clients and can be refreshed after every manipulation of a client.</p> -</li> -<li> -<p>To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); -</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;POST&#39;, &#39;/authorization/client-management&#39;, false); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.send(JSON.stringify( -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;description&#34; : &#34;my first test client&#34;, -</span></span><span style="display:flex;"><span> &#34;authorities&#34; : [ &#34;BASIC&#34; ], -</span></span><span style="display:flex;"><span> &#34;scope&#34; : [ &#34;READ&#34; ], -</span></span><span style="display:flex;"><span> &#34;access_token_validity&#34; : 3600, -</span></span><span style="display:flex;"><span> &#34;refresh_token_validity&#34; : 3600 -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>)); -</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); -</span></span></code></pre></div></li> -<li> -<p>to manipulate an existing client, do the same but add the clientid to the data object</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> &#34;client_id&#34; : &#34;9e358ca832ce4ce99a770c7bd0f8e066&#34; -</span></span></code></pre></div></li> -<li> -<p>to remove an existing client, enter the following javascript in the dev tools console</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); -</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;DELETE&#39;, &#39;/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066&#39;, false); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.send(); -</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); -</span></span></code></pre></div></li> -</ol> -<p>This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.</p> -<h3 id="client-management-via-curl">Client Management via Curl</h3> -<p>The above described call to create a rest client can also be done directly via one curl call:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#033">SW360_USER</span><span style="color:#555">=[</span>admin sw360 user<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#033">SW360_PW</span><span style="color:#555">=[</span>corresponding sw360 admin user password<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span>curl -s -S <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --user <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">SW360_USER</span><span style="color:#a00">}</span><span style="color:#c30">:</span><span style="color:#a00">${</span><span style="color:#033">SW360_PW</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Content-Type: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Accept: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -X POST https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/client-management <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -d @- <span style="color:#c30">&lt;&lt;EOF -</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;my first test client&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;authorities&#34; : [ &#34;BASIC&#34; ], -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;scope&#34; : [ &#34;READ&#34; ], -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;access_token_validity&#34; : 3600, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;refresh_token_validity&#34; : 3600 -</span></span></span><span style="display:flex;"><span><span style="color:#c30">} -</span></span></span><span style="display:flex;"><span><span style="color:#c30">EOF</span> -</span></span></code></pre></div><p>This only works with the liferay basic-auth mechanism, SSO is not supported via curl.</p> -<h2 id="oauth2-access-token">OAuth2 Access Token</h2> -<p>Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.</p> -<h3 id="sso-backed-access-token">SSO Backed Access Token</h3> -<p>Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/oauth/token?grant_type=password&amp;client_id=[clientid]&amp;client_secret=[clientsecret] -</span></span></code></pre></div><p>Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>From this response the value of the <code>access_token</code> and probably <code>refresh_token</code> field is the one to copy-paste for later usage.</p> -<h3 id="liferay-backed-access-token">Liferay Backed Access Token</h3> -<p>With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example <code>curl</code>:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;[clientid]:[clientsecret]&#39;</span> -d <span style="color:#c30">&#39;grant_type=password&amp;username=[username]&amp;password=[password]&#39;</span> https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/oauth/token -k -</span></span></code></pre></div><p>Example response:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field <code>access_token</code> and probably <code>refresh_token</code>.</p> -<p>More Links:</p> -<ul> -<li>OAuth2 more information: <a href="https://oauth.net/2/">https://oauth.net/2/</a></li> -<li>Decode Bearer tokens at: <a href="https://jwt.io/">https://jwt.io/</a></li> -</ul> -<h2 id="oauth2-refresh-token">OAuth2 Refresh Token</h2> -<p>The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the <code>refresh_token</code> without further re-authorization of the user. The following url must be used:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> http://localhost/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=&lt;REFRESH_TOKEN&gt; -</span></span></code></pre></div><p>The client must pass its credentials via basic authentication. Though a user authentication is not necessary. -If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the &lsquo;grant_type=refresh_token&rsquo; query parameter may be used.</p> -<h2 id="example-apache-configuration">Example Apache configuration</h2> -<p>The following example shows the relevant part for an Apache proxy to configure -authentication of the <code>authorization-server</code> properly:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-apache" data-lang="apache"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;Location</span> <span style="color:#c30">/authorization/oauth/token</span><span style="color:#309;font-weight:bold">&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#366">Order</span> allow,deny -</span></span><span style="display:flex;"><span> <span style="color:#366">Allow</span> from <span style="color:#069;font-weight:bold">all</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;If</span> <span style="color:#c30">&#34;%{QUERY_STRING} =~ /^grant_type=refresh_token\&amp;/&#34;</span><span style="color:#309;font-weight:bold">&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># No authentication needed</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/If&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;Else&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Configure your authentication here</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/Else&gt;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPass</span> https://localhost:8443/authorization/oauth/token -</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPassReverse</span> https://localhost:8443/authorization/oauth/token -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/Location&gt;</span> -</span></span></code></pre></div><h1 id="resource-server-configuration">Resource Server Configuration</h1> -<p>Now that access tokens can be generated, the resource server has to be configured. The same general ideas of <a href="#general-config">general config</a> apply. The properties of the <code>application.yml</code> are</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>sw360:thrift-server-url</td> -<td>the url where the thrift services can be found, e.g. http://localhost:8080</td> -<td></td> -</tr> -<tr> -<td>sw360:test-user-id</td> -<td>only for developing, simple test user short cut, must be pulled off for productive</td> -<td></td> -</tr> -<tr> -<td>sw360:test-user-passwors</td> -<td>see above</td> -<td></td> -</tr> -<tr> -<td>sw360:couchdb-url</td> -<td>the url of the CouhDB server for attachment handling, e.g. https://localhost:5984</td> -<td></td> -</tr> -<tr> -<td>sw360:cors:allowed-origin</td> -<td>value for cross origin resource sharing</td> -<td>n/a</td> -</tr> -</tbody> -</table> -<p>The REST API is now completely usable via an own client or testwise with integrated tools.</p> -<h1 id="tools">Tools</h1> -<p>To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api -</span></span></code></pre></div><p>An example for a screenshot is as follows:</p> -<p><img src="https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png" alt="rest-hal-explorer"></p> -<p>When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:</p> -<ul> -<li>Key: Authorization</li> -<li>As value you need to enter: <code>Bearer [ACCESS_TOKEN]</code> where <code>[ACCESS_TOKEN]</code> actually contains the token</li> -</ul> -<h2 id="example--get-a-list-of-projects">Example – Get a list of projects</h2> -<p>Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://sw360.org/resource/api/projects (or /resource/api/projects) -</span></span></code></pre></div><p>will return the following response:</p> -<p><img src="https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png" alt="rest-explorer2"></p> -<h1 id="api-documentation">API Documentation</h1> -<p>sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance</p> -<table> -<thead> -<tr> -<th>URL</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>https://[hostname]:[port]/resource/docs/index.html</td> -<td>Small overview page</td> -</tr> -<tr> -<td>https://[hostname]:[port]/resource/docs/api-guide.html</td> -<td>The API description for the currently running server</td> -</tr> -<tr> -<td>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api</td> -<td>Integrated HAL browser to directly use the API</td> -</tr> -</tbody> -</table> -<h1 id="known-problems">Known Problems</h1> -<p>If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#c30">&#34;_links&#34;</span><span style="color:#a00;background-color:#faa">:</span> { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;self&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d&#34;</span> -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the <code>http</code> protocol and port - which is a problem if the server should be contacted over <code>https</code>only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to <code>https</code>.</p> -<p>Solution is to set for example in Nginx HTTP &lsquo;X-Forward-*&rsquo; headers on a reverse proxy, for example:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">location</span> <span style="color:#c30">/</span> { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">...</span> -</span></span><span style="display:flex;"><span> <span style="color:#c30">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Port</span> <span style="color:#f60">443</span>; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Proto</span> <span style="color:#c30">https</span>; -</span></span><span style="display:flex;"><span> } -</span></span></code></pre></div><p>For other Web severs, there might a similar solution.</p> - - - - - - +Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.</p> +<p>There are currently three different possibilities for an OAuth2 authorization server implemented:</p> +<ul> +<li>Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.</li> +<li>Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.</li> +<li>Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.</li> +</ul> +<h2 id="data-principles">Data Principles</h2> +<p>The REST API provides Hypermedia using <a href="http://stateless.co/hal_specification.html">HAL</a> (Hypertext Application Language). +The following example shows some ideas of the REST API. It can be obtained by</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +</span></span></code></pre></div><p>Note that the response below is maybe not the exact same response of your current version:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;_links&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:attachments&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/attachments{?sha1}&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:components&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/components&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenses&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenses&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenseinfo&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenseinfo&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:projects&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/projects&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:releases&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/releases&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:users&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/users&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vendors&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vendors&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vulnerabilities&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vulnerabilities&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;profile&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/profile&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;curies&#34;</span>: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/docs/{rel}.html&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;name&#34;</span>: <span style="color:#c30">&#34;sw360&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h1 id="api-installation">API Installation</h1> +<p>Both, the <code>authorization-server</code> and the <code>resource-server</code> can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.</p> +<h1 id="api-configuration">API Configuration</h1> +<p>Since the <code>authorization-server</code> and the <code>resource-server</code> are Spring Boot servers, they are configured as usual via <code>/src/main/resources/application.yml</code>. In addition some configuration comes historically from <code>sw360.properties</code>. Please note that all configurations could be provided centrally in the <code>/etc/sw360/</code> directory. As such, the <code>sw360.properties</code> sits directly in <code>/etc/sw360/</code>. For rest-specific configurations the application considers the location <code>/etc/sw360/rest</code>.</p> +<h2 id="authorization-server-configuration">Authorization Server Configuration</h2> +<h3 id="special-liferay-credentials-configuration">Special Liferay Credentials Configuration</h3> +<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via Liferay username/password credentials should be possible:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>sw360:sw360-portal-server-url</td> +<td>the url of the Liferay instance</td> +<td>n/a (but could be given if environment variable is used like <code>${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}</code>)</td> +</tr> +<tr> +<td>sw360:sw360-liferay-company-id</td> +<td>the id of the company in Liferay that sw360 is run for</td> +<td>(but could be given if environment variable is used like <code>${SW360_LIFERAY_COMPANY_ID:20155}</code>)</td> +</tr> +</tbody> +</table> +<h3 id="special-sso-configuration">Special SSO Configuration</h3> +<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via SSO should be possible:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>security:customheader:enabled</td> +<td>Flag if the components needed for SSO should be active</td> +<td>false</td> +</tr> +<tr> +<td>security:customheader:headername:intermediateauthstore</td> +<td>the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only</td> +<td>custom-header-auth-marker</td> +</tr> +<tr> +<td>security:customheader:headername:email</td> +<td>the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)</td> +<td>authenticated-email</td> +</tr> +<tr> +<td>security:customheader:headername:extid</td> +<td>the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)</td> +<td>authenticated-extid</td> +</tr> +</tbody> +</table> +<p>:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!</p> +<h4 id="removing-headers-in-apache">Removing Headers in Apache</h4> +<p>In Apache you may use the <a href="https://httpd.apache.org/docs/current/mod/mod_headers.html"><code>mod_headers</code></a> module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the <code>authorization-server</code>:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>RequestHeader unset custom-header-auth-marker +</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-email +</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-extid +</span></span></code></pre></div><h3 id="a-namegeneral-configageneral-configuration"><a name="general-config"></a>General Configuration</h3> +<p>Possible properties in <code>sw360.properties</code> file are:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>backend.url</td> +<td>the url where the thrift services can be found</td> +<td>http://127.0.0.1:8080</td> +</tr> +<tr> +<td>rest.write.access.usergroup</td> +<td>the user group level (`USER</td> +<td>CLEARING_ADMIN</td> +</tr> +<tr> +<td>rest.admin.access.usergroup</td> +<td>the user group level (`USER</td> +<td>CLEARING_ADMIN</td> +</tr> +</tbody> +</table> +<p>The values in <code>sw360.properties</code> should be migrated to the <code>application.yml</code> in the future.</p> +<p>Further important properties in <code>application.yml</code> file are:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>couchdb:url</td> +<td>the url of the CouchDB to use as client store</td> +<td>n/a</td> +</tr> +<tr> +<td>couchdb:database</td> +<td>the database name of the CouchDB database to use as client store</td> +<td>n/a</td> +</tr> +<tr> +<td>couchdb:username</td> +<td>if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value</td> +<td>null</td> +</tr> +<tr> +<td>couchdb:password</td> +<td>if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value</td> +<td>null</td> +</tr> +<tr> +<td>sw360:cors:allowed-origin</td> +<td>value for cross origin resource sharing</td> +<td>n/a</td> +</tr> +<tr> +<td>security:oauth2:resource:id</td> +<td>should just be the same then in the resource server</td> +<td>n/a</td> +</tr> +</tbody> +</table> +<p>After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the <code>ADMIN</code> authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.</p> +<h1 id="client-management">Client Management</h1> +<p>In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-<code>ADMIN</code> privileges are needed for client management, an authentication is needed to work with this API.</p> +<p>For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):</p> +<ol> +<li> +<p>Open a browser with developer tools capabilities</p> +</li> +<li> +<p>Open</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/client-management +</span></span></code></pre></div><p>This page always shows the currently configured clients and can be refreshed after every manipulation of a client.</p> +</li> +<li> +<p>To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); +</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;POST&#39;, &#39;/authorization/client-management&#39;, false); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.send(JSON.stringify( +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;description&#34; : &#34;my first test client&#34;, +</span></span><span style="display:flex;"><span> &#34;authorities&#34; : [ &#34;BASIC&#34; ], +</span></span><span style="display:flex;"><span> &#34;scope&#34; : [ &#34;READ&#34; ], +</span></span><span style="display:flex;"><span> &#34;access_token_validity&#34; : 3600, +</span></span><span style="display:flex;"><span> &#34;refresh_token_validity&#34; : 3600 +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>)); +</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); +</span></span></code></pre></div></li> +<li> +<p>to manipulate an existing client, do the same but add the clientid to the data object</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> &#34;client_id&#34; : &#34;9e358ca832ce4ce99a770c7bd0f8e066&#34; +</span></span></code></pre></div></li> +<li> +<p>to remove an existing client, enter the following javascript in the dev tools console</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); +</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;DELETE&#39;, &#39;/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066&#39;, false); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.send(); +</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); +</span></span></code></pre></div></li> +</ol> +<p>This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.</p> +<h3 id="client-management-via-curl">Client Management via Curl</h3> +<p>The above described call to create a rest client can also be done directly via one curl call:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#033">SW360_USER</span><span style="color:#555">=[</span>admin sw360 user<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#033">SW360_PW</span><span style="color:#555">=[</span>corresponding sw360 admin user password<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span>curl -s -S <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --user <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">SW360_USER</span><span style="color:#a00">}</span><span style="color:#c30">:</span><span style="color:#a00">${</span><span style="color:#033">SW360_PW</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Content-Type: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Accept: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -X POST https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/client-management <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -d @- <span style="color:#c30">&lt;&lt;EOF +</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;my first test client&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;authorities&#34; : [ &#34;BASIC&#34; ], +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;scope&#34; : [ &#34;READ&#34; ], +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;access_token_validity&#34; : 3600, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;refresh_token_validity&#34; : 3600 +</span></span></span><span style="display:flex;"><span><span style="color:#c30">} +</span></span></span><span style="display:flex;"><span><span style="color:#c30">EOF</span> +</span></span></code></pre></div><p>This only works with the liferay basic-auth mechanism, SSO is not supported via curl.</p> +<h2 id="oauth2-access-token">OAuth2 Access Token</h2> +<p>Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.</p> +<h3 id="sso-backed-access-token">SSO Backed Access Token</h3> +<p>Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/oauth/token?grant_type=password&amp;client_id=[clientid]&amp;client_secret=[clientsecret] +</span></span></code></pre></div><p>Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>From this response the value of the <code>access_token</code> and probably <code>refresh_token</code> field is the one to copy-paste for later usage.</p> +<h3 id="liferay-backed-access-token">Liferay Backed Access Token</h3> +<p>With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example <code>curl</code>:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;[clientid]:[clientsecret]&#39;</span> -d <span style="color:#c30">&#39;grant_type=password&amp;username=[username]&amp;password=[password]&#39;</span> https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/oauth/token -k +</span></span></code></pre></div><p>Example response:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field <code>access_token</code> and probably <code>refresh_token</code>.</p> +<p>More Links:</p> +<ul> +<li>OAuth2 more information: <a href="https://oauth.net/2/">https://oauth.net/2/</a></li> +<li>Decode Bearer tokens at: <a href="https://jwt.io/">https://jwt.io/</a></li> +</ul> +<h2 id="oauth2-refresh-token">OAuth2 Refresh Token</h2> +<p>The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the <code>refresh_token</code> without further re-authorization of the user. The following url must be used:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> http://localhost/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=&lt;REFRESH_TOKEN&gt; +</span></span></code></pre></div><p>The client must pass its credentials via basic authentication. Though a user authentication is not necessary. +If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the &lsquo;grant_type=refresh_token&rsquo; query parameter may be used.</p> +<h2 id="example-apache-configuration">Example Apache configuration</h2> +<p>The following example shows the relevant part for an Apache proxy to configure +authentication of the <code>authorization-server</code> properly:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-apache" data-lang="apache"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;Location</span> <span style="color:#c30">/authorization/oauth/token</span><span style="color:#309;font-weight:bold">&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#366">Order</span> allow,deny +</span></span><span style="display:flex;"><span> <span style="color:#366">Allow</span> from <span style="color:#069;font-weight:bold">all</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;If</span> <span style="color:#c30">&#34;%{QUERY_STRING} =~ /^grant_type=refresh_token\&amp;/&#34;</span><span style="color:#309;font-weight:bold">&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># No authentication needed</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/If&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;Else&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Configure your authentication here</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/Else&gt;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPass</span> https://localhost:8443/authorization/oauth/token +</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPassReverse</span> https://localhost:8443/authorization/oauth/token +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/Location&gt;</span> +</span></span></code></pre></div><h1 id="resource-server-configuration">Resource Server Configuration</h1> +<p>Now that access tokens can be generated, the resource server has to be configured. The same general ideas of <a href="#general-config">general config</a> apply. The properties of the <code>application.yml</code> are</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>sw360:thrift-server-url</td> +<td>the url where the thrift services can be found, e.g. http://localhost:8080</td> +<td></td> +</tr> +<tr> +<td>sw360:test-user-id</td> +<td>only for developing, simple test user short cut, must be pulled off for productive</td> +<td></td> +</tr> +<tr> +<td>sw360:test-user-passwors</td> +<td>see above</td> +<td></td> +</tr> +<tr> +<td>sw360:couchdb-url</td> +<td>the url of the CouhDB server for attachment handling, e.g. https://localhost:5984</td> +<td></td> +</tr> +<tr> +<td>sw360:cors:allowed-origin</td> +<td>value for cross origin resource sharing</td> +<td>n/a</td> +</tr> +</tbody> +</table> +<p>The REST API is now completely usable via an own client or testwise with integrated tools.</p> +<h1 id="tools">Tools</h1> +<p>To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +</span></span></code></pre></div><p>An example for a screenshot is as follows:</p> +<p><img src="https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png" alt="rest-hal-explorer"></p> +<p>When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:</p> +<ul> +<li>Key: Authorization</li> +<li>As value you need to enter: <code>Bearer [ACCESS_TOKEN]</code> where <code>[ACCESS_TOKEN]</code> actually contains the token</li> +</ul> +<h2 id="example--get-a-list-of-projects">Example – Get a list of projects</h2> +<p>Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://sw360.org/resource/api/projects (or /resource/api/projects) +</span></span></code></pre></div><p>will return the following response:</p> +<p><img src="https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png" alt="rest-explorer2"></p> +<h1 id="api-documentation">API Documentation</h1> +<p>sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance</p> +<table> +<thead> +<tr> +<th>URL</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>https://[hostname]:[port]/resource/docs/index.html</td> +<td>Small overview page</td> +</tr> +<tr> +<td>https://[hostname]:[port]/resource/docs/api-guide.html</td> +<td>The API description for the currently running server</td> +</tr> +<tr> +<td>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api</td> +<td>Integrated HAL browser to directly use the API</td> +</tr> +</tbody> +</table> +<h1 id="known-problems">Known Problems</h1> +<p>If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#c30">&#34;_links&#34;</span><span style="color:#a00;background-color:#faa">:</span> { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;self&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d&#34;</span> +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the <code>http</code> protocol and port - which is a problem if the server should be contacted over <code>https</code>only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to <code>https</code>.</p> +<p>Solution is to set for example in Nginx HTTP &lsquo;X-Forward-*&rsquo; headers on a reverse proxy, for example:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">location</span> <span style="color:#c30">/</span> { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">...</span> +</span></span><span style="display:flex;"><span> <span style="color:#c30">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Port</span> <span style="color:#f60">443</span>; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Proto</span> <span style="color:#c30">https</span>; +</span></span><span style="display:flex;"><span> } +</span></span></code></pre></div><p>For other Web severs, there might a similar solution.</p> \ No newline at end of file diff --git a/docs/development/testcases/index.html b/docs/development/testcases/index.html index 1ec42df..f2e1a05 100644 --- a/docs/development/testcases/index.html +++ b/docs/development/testcases/index.html @@ -1,804 +1,89 @@ - - - - - - - - - - - - - - - - - - - - - -Test Cases | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Test Cases

    -
    SW360 Assorted Test Cases
    -
    - - - - - - - - - - - - - -
    - -
    - - - - - - - - -
    - - -
    -
    - Component / Release -
    -

    -
    - - -
    -
    - Licenses -
    -

    -
    - - -
    -
    - Moderation -
    -

    -
    - - -
    -
    - Projects -
    -

    -
    - - -
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Test Cases | Eclipse SW360 +

    Test Cases

    SW360 Assorted Test Cases
    Component / Release

    Licenses

    Moderation

    Projects

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/testcases/index.xml b/docs/development/testcases/index.xml index b31609f..b8f6c74 100644 --- a/docs/development/testcases/index.xml +++ b/docs/development/testcases/index.xml @@ -1,1565 +1,1497 @@ - - - Eclipse SW360 – Test Cases - https://www.eclipse.org/sw360/docs/development/testcases/ - Recent content in Test Cases on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Component / Release - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ - - - - <h2 id="tc01-add-a-component-and-release-with-vendor-present">TC01: Add a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Component</em> button</td> -<td style="text-align:left">- <em>New Component</em> page is displayed with mandatory fields marked with red star: Name, Categories, Component Type. <br>- A message <em>Success:New Component</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a component <em>Name</em>, <em>Categories</em> and <em>Component Type</em> fields. <br><em>Eg:</em><br>- Name: Component 1@1<br>- Categories: Categories_1@1<br>- Component Type: OSS</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Create Component</em> button</td> -<td style="text-align:left">- Create component successfully. <br>- Redirect to the edit component page.<br>-Show message: <em>Success:You are editing the original document.</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Release</em> button</td> -<td style="text-align:left">Redirect to Add Release page</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> -<td style="text-align:left">Values are entered in the fields:<br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Create Release</em> button</td> -<td style="text-align:left">- Create a release successfully.<br>- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click <em>Add Vendor</em> button</td> -<td style="text-align:left"><em>Create new Vendor</em> dialog display</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Input data in fields<br>- Full Name: add vendor 01<br>-Short Name: add vendor01<br>-URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> -<td style="text-align:left">Values are entered in the fields.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Add Vendor</em> button</td> -<td style="text-align:left">The vendor is added in Vendor field of the release with full name is <em>add vendor 01</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left"><em>Attachments</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click <em>Add Attachment</em> button</td> -<td style="text-align:left"><em>Upload Attachment</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Click <em>Browse</em> and select the attachment.<br>Eg: attachment1.xlsx</td> -<td style="text-align:left">File name is displayed in the dialog</td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the <em>Attachment</em> page</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Change the attachment <em>Type</em> to real type.<br>Eg: Component license information (Combined)</td> -<td style="text-align:left">Type changed successfully</td> -</tr> -<tr> -<td style="text-align:right">18</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Message: <em>Success:Release {name} ({version}) updated successfully!</em> is displayed</td> -</tr> -</tbody> -</table> -<h2 id="tc02-verify-data-after-add-a-component-and-release-with-vendor-present">TC02: Verify data after add a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for the component is created in TC01:<br>- Click <em>Components</em> portlet<br>- At Advanced Search area, input <em>Component 1@1</em> in the <em>Component Name</em> textbox.<br>- Click <em>Search</em> button</td> -<td style="text-align:left">The new component display in the table with:<br>- Vendor: add vendor01<br>- Component Name: <em>Component 1@1</em> is displayed with hyper link.<br>- Main licenses: blank<br>- Component Type: OSS</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click hyper link of name <em>Component 1@1</em></td> -<td style="text-align:left">Redirect to view component <em>Component 1@1</em> page</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">The release display with:<br>- Name: Component 1@1<br>- Version displays with hyper link: version1.0.0.x<br>- Clearing State: New<br>- Clearing Report: no report<br>- Release Mainline State: Open</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click hyper link <em>version1.0.0.x</em></td> -<td style="text-align:left">Redirect to view screen of release <em>Component 1@1 version1.0.0.x</em><br>Data of the release:<br>- Summary tab:<br>+ display text with: COMPONENT 1@1 VERSION1.0.0.X<br>+ CPE ID: UUID_1002<br>+ Created on: date of created.<br>+ Created by: user created.<br>+ Modified On: date of modified.<br>+ Modified By: user modified.<br>+ Clearing State: New<br>+ Release Mainline State: Open<br>+ Release Vendor with:<br>   Full Name: add vendor 01<br>   Short Name: add vendor01<br>   URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left">Display file name <em>attachment1.xlsx</em> in the table.</td> -</tr> -</tbody> -</table> -<h2 id="tc03-modify-a-component-and-release-with-vendor-present">TC03: Modify a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component (e.g. created in TC01: <em>Component 1@1</em>) and click <em>Edit</em> icon</td> -<td style="text-align:left"><em>Success:You are editing the original document</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Releases</em> tab</td> -<td style="text-align:left">Release list is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Release</em> button</td> -<td style="text-align:left">Redirect to Add Release page</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> -<td style="text-align:left">Values are entered in the fields:<br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Create Release</em> button</td> -<td style="text-align:left">- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search</em> button.<br>Select a vendor (eg: select vendor with full name <em>VendorUp</em>) <br>Click <em>Select Vendor</em> button.</td> -<td style="text-align:left">Dialog is closed and selected Vendor is added under <em>Vendor</em> field: VendorUp</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. Eg: attachment2.img<br>Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Message <em>Success:Release Component 1@1 (v1.0.0.1) updated successfully!</em> is displayed</td> -</tr> -</tbody> -</table> -<h2 id="tc04-verify-data-after--modify-a-component-and-release-with-vendor-present">TC04: Verify data after modify a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Continue TC03</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Summary</em> tab</td> -<td style="text-align:left">Data in the tab:<br>- Modified On: date of modified.<br>- Modified By: user modified.<br>Data of other fields in the tab is same data before updated.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">New release with version <em>v1.0.0.1</em> is added in the release table.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>v1.0.0.1</em> hyper link</td> -<td style="text-align:left">Text display with: <em>COMPONENT 1@1 V1.0.0.1</em> at the right corner.<br>- At Summary tab: <br> + CPE ID: cpe:id:123456<br> + Release Vendor: display with Full Name, Short Name and URL correctly with vendor <em>VendorUp</em> <br>- At Attachments tab: attachment <em>attachment2.img</em> display in the attachment table with correct information.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Component 1@1</em> hyper link</td> -<td style="text-align:left">Redirect to view screen of <em>Component 1@1</em> component.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left">Data in the tab is same data before updated.</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Vulnerabilities</em> tab</td> -<td style="text-align:left">Data in the tab is same data before updated.</td> -</tr> -</tbody> -</table> -<h2 id="tc05-add-and-modify-a-component-and-release-with-all-fields-filled-in">TC05: Add and modify a component and release with all fields filled in</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab<br>Click <em>Add Component</em> button<br>Fill in all editable fields<br>Click <em>Create Component</em> button</td> -<td style="text-align:left">- Redirect to edit component screen with the message <em>Success:You are editing the original document.</em> is displayed in the left corner.<br>- Create component successfully. Data match with input data.</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Releases</em> tab.<br>Click <em>Add Releases</em> button.<br>At <em>Summary</em> tab, fill in all editable fields under <em>Release Summary</em> and <em>Release Repository</em>.<br>Click <em>Create Release</em> button.<br></td> -<td style="text-align:left">Redirect to edit release screen.<br>Created release successfully. Data match with input data.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Linked Releases</em> tab<br>Click <em>Click to add Releases</em> button</td> -<td style="text-align:left">The dialog <em>Link Releases</em> is displayed.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Input search name into textbox<br>Click <em>Search</em> button<br>Select 3 releases.<br>Click <em>Link Releases</em> button</td> -<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Linked Packages</em> tab<br>Click <em>Add Packages</em> button</td> -<td style="text-align:left">The dialog <em>Link Packages</em> is displayed.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Input an exist orphan package name into textbox.<br>Click <em>Search</em> button.<br>Select a package.<br>Click <em>Link Packages</em> button.</td> -<td style="text-align:left">Dialog is closed and selected package is displayed under <em>Linked Packages</em> table</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Clearing Details</em> tab<br>Fill in all editable fields</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>ECC Details</em> tab<br>Fill in all editable fields</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. <em>Eg</em>: attachment3.xlsx<br>Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">- <em>Success:Release {componentName} ({version}) updated successfully!</em> message is displayed.<br>- Redirect to the view release screen.</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Check all fields of the release by click tabs: <em>Summary, Linked Releases, Linked Packages, Clearing Details and Attachments</em>.</td> -<td style="text-align:left">Values are filled in correctly, match with input data.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Edit Release</em> button, modify some fields.<br>Eg: <br>- <em>Version</em> field ( in <em>Summary</em> tab): rename version name_updated<br> - <em>ECC Status</em> field (in <em>ECC Details</em> tab): Approved.<br>Click <em>Update Release</em> button.</td> -<td style="text-align:left">Values are updated successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc06-delete-a-component-that-is-first-linked-to-a-project-and-then-not-and-a-project">TC06: Delete a component that is first linked to a project and then not, and a project</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Create a new component<br><em>Eg:</em> component with name <em>Component @1234</em></td> -<td style="text-align:left">Component is created successfully</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Add a new release to this component<br><em>Eg:</em> release <em>Rel1</em></td> -<td style="text-align:left">Release is added successfully</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Create a new project <em>P1</em></td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Add the linked release <em>Rel1</em> to project <em>P1</em>.</td> -<td style="text-align:left">Release linked successfully</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Components</em> portlet.<br>Search component <em>Component @1234</em> by name at advanced search.</td> -<td style="text-align:left">Component <em>Component @1234</em> display on the result table.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click delete icon of component <em>Component @1234</em></td> -<td style="text-align:left">A warning <em>The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.</em></td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>OK</em> button in the warning dialog.</td> -<td style="text-align:left">The dialog is closed, component is not deleted</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Components</em> portlet.<br>Search for the component <em>Component @1234</em> and click hyper link of component <em>Component @1234</em>.</td> -<td style="text-align:left">View screen of <em>Component @1234</em> component is display</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Release</em> Overview.<br>Click Delete icon button of release <em>Rel1</em>.<br>Click <em>Delete Release</em> button in the dialog.</td> -<td style="text-align:left">- Dialog <em>Delete Releases</em> is displayed.<br>- Delete the release is failure.<br>- The message: <em>I could not delete the release, since it is used by another component (release) or project</em> display.</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Go to project <em>P1</em>, delete project <em>P1</em>.</td> -<td style="text-align:left">The project is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Go to component <em>Component @1234</em>, at <em>Release Overview</em> tab, click Delete icon button of release <em>Rel1</em>.</td> -<td style="text-align:left">Show message: <em>Do you really want to delete the release {componentName} ({version}) ?</em></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Delete Release</em> button</td> -<td style="text-align:left">Release is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click <em>Edit Component</em> button.<br>Click <em>Delete Component</em> button.</td> -<td style="text-align:left">The dialog is displayed with message: <em>Do you really want to delete the component {componentName} ?</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click <em>Delete Component</em> button</td> -<td style="text-align:left">Component is deleted successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc07-add-new-attachments-to-an-existing-release-and-delete-attachments">TC07: Add new attachments to an existing release and delete attachments</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component (e.g. created in TC01) and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click edit icon in the Action column of release version that needs a new attachment. <em>Eg:</em> release <em>Rel1</em>.</td> -<td style="text-align:left">Edit release <em>Rel1</em> page is displayed.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select several attachments.<br><em>Eg:</em> 5 attachment files (att1, att2, att3, att4, att5)</td> -<td style="text-align:left">File names are displayed in the dialog</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Delete</em> button near some files not to be added.<br><em>Eg:</em> delete 2 attachment files (att1, att3)</td> -<td style="text-align:left">File names are removed from the list</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Upload</em> button for the remaining files.</td> -<td style="text-align:left">The attached file are listed in the <em>Attachment</em> page: att2, att4, att5</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Change some <em>Attachment type</em> to real type, e.g. <em>source file, clearing report, CLI,&hellip;</em></td> -<td style="text-align:left">Type changed successfully</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Release <em>Ree1</em> is updated correctly.</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Edit Release</em> button</td> -<td style="text-align:left"><em>Success:You are editing the original document.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left"><em>Attachments</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click delete icon to delete an attachment</td> -<td style="text-align:left">Show message: <em>Do you really want to delete attachment {attachmentName}({attachmentId})?</em></td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Click <em>Delete Attachment button</em></td> -<td style="text-align:left">Attachment is deleted successfully, data of attachment is removed from attachment table.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Release Ree1 is updated correctly with message <em>Success: Release {componentName}({version}) updated successfully!</em></td> -</tr> -</tbody> -</table> -<h2 id="tc08-duplicate-an-existing-release">TC08: Duplicate an existing release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release with all fields filled in (Eg: created in TC05) and click <em>Release Overview</em></td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Duplicate</em> button under Action column</td> -<td style="text-align:left">The page changes to create duplicate release screen</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Check all fields from copied release</td> -<td style="text-align:left">- <em>Summary</em> tab:<br> + <em>CPE ID</em> field: blank<br> + Remain fields are unchanged (exclude disable fields).<br>- <em>Linked Releases</em> tab: there is no linked release.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Change the <em>Version</em> field and fill in a <em>CPE ID</em>.<br><em>Eg:</em>  Version: ver_duplicate<br> CPE ID: CPE ID_duplicate<br>Click <em>Create Release</em> button</td> -<td style="text-align:left">- Redirect to edit release screen.<br>- Create duplicate release is success with message: <em>Success:You are editing the original document.</em><br>- Data of duplicate release is correct.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Modify some other fields.<br><em>Eg:</em> Release Date: 2023-06-12. <br>Click <em>Clearing Details</em> tab</td> -<td style="text-align:left"><em>Clearing Details</em> page is displayed and does not contain any field from copied release</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">The release is updated successfully with data correctly</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click component name link on top of the page</td> -<td style="text-align:left">Summary page for the component is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">The new copied release is listed among previous releases</td> -</tr> -</tbody> -</table> -<h2 id="tc09-search-for-and-create-a-new-vendor-for-a-new-release">TC09: Search for and create a new vendor for a new release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> portlet<br>At advanced Search, search for an existing component.<br><em>Eg:</em> input <em>Comp1</em> in the Component Name text box.<br>Click <em>Search</em> button.</td> -<td style="text-align:left">Component <em>Comp1</em> display in the result table.</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click edit icon in Actions column of component <em>Comp1</em>.</td> -<td style="text-align:left">Edit screen of component <em>Comp1</em> is displayed with message: <em>Success:You are editing the original document</em></td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Releases</em> button</td> -<td style="text-align:left">The page changes to <em>New Release Edit</em> page</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br> + Version: @1.0.2<br> + CPE ID: moshiano_002</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Add Vendor</em></td> -<td style="text-align:left"><em>Create New Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Fill in <em>Full name</em>, <em>Short name</em> and <em>URL</em><br><em>Eg:</em><br>Full Name: Fullvendor_0909<br>Short Name: Short_ven090<br>URL: <a href="https://github.com/">https://github.com/</a></td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Add Vendor</em></td> -<td style="text-align:left">Dialog closes and the new vendor is displayed in release <em>Vendor</em> field with full name <em>Fullvendor_0909</em></td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Create Release</em></td> -<td style="text-align:left">Redirect to edit release page with the message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click component name link on top of the page</td> -<td style="text-align:left">Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under <em>Vendors</em> field for the component</td> -</tr> -</tbody> -</table> -<h2 id="tc10-link-a-release-to-the-project-in-view-component-page-and-check-used-by-projects">TC10: Link a release to the project in view component page and check used by projects</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Link Project</em> button under Action column</td> -<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> -<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> -<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Re-open the release at view page and click <em>Summary</em> tab</td> -<td style="text-align:left">Used by project information is updated correspondingly</td> -</tr> -</tbody> -</table> -<h2 id="tc11-link-a-release-to-a-project-in-the-view-release-page">TC11: Link a release to a project in the view release page</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>a release name</em> hyperlink. Eg: release R1</td> -<td style="text-align:left">Redirect to the <em>view release</em> page</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> -<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> -<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> -</tr> -</tbody> -</table> -<h2 id="tc12-import-a-new-component-by-spdxxml-rdf-file">TC12: Import a new component by .spdx/.xml/ .rdf file</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Import SBOM</em> button</td> -<td style="text-align:left">A dialog <em>Upload SBOM</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Choose a <strong><em>.spdx</em></strong> or <strong><em>.xml</em></strong> or <strong><em>.rdf</em></strong> file by clicking on the <em>Browse</em> button or drop/draft a file into the dialog</td> -<td style="text-align:left">The message is displayed in the dialog: <br> <em>The new Component and new Release will be created, do you want to import? <br> New Component: {new component names} <br> New Release: {new release names}</em></td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Import</em> button</td> -<td style="text-align:left">The dialog is closed. New releases and new components are imported successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc13-export-components-without-releases">TC13: Export components without releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components only</em> option</td> -<td style="text-align:left">- A new file with name&rsquo;s format <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded<br>- The content of the downloaded file includes information of all components in the system</td> -</tr> -</tbody> -</table> -<h2 id="tc14-export-components-with-releases">TC14: Export components with releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components with releases</em> option</td> -<td style="text-align:left">- New file with name <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded.<br>- The content of the downloaded file includes information of all components and releases in the system</td> -</tr> -</tbody> -</table> -<h2 id="tc15-create-a-clearing-request-for-a-release">TC15: Create a clearing request for a release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with releases and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Edit</em> button under <em>Action</em> column. Eg: edit release R1</td> -<td style="text-align:left">Redirect to <em>view release</em> page and the message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Attachments</em> tab, then add a source file (Eg: .rdf file) with <em>Type</em> is <em>Source file</em></td> -<td style="text-align:left">The data is updated correspondingly</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">The message <em>Success:Release {release name} updated successfully!</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Clearing details</em> tab, then click <em>Fossology Process</em> icon beside <em>Clearing State</em> field and wait for the process to finish</td> -<td style="text-align:left">The message <em>The FOSSology process already finished. You should find the resulting report as attachment at this release.</em> is displayed in the <em>Fossology Process</em> dialog</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Close</em> button in the dialog</td> -<td style="text-align:left">The dialog is closed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Reload this page, then click <em>Attachments</em> tab</td> -<td style="text-align:left">A new file is listed in <em>Attachments</em> page with name&rsquo;s format <em>{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf</em></td> -</tr> -</tbody> -</table> - - - - - - Docs: Licenses - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ - - - - <h2 id="create-edit-and-delete-license">Create, edit and delete license</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Licenses</em> tab</td> -<td style="text-align:left"><em>Licenses</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Add License</em></td> -<td style="text-align:left"><em>New License</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in <em>Fullname</em> and <em>Shortname</em> fields and press <em>Add License</em></td> -<td style="text-align:left"><em>License added successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Write the license or part of newly created license name in <em>Keyword Search</em> field</td> -<td style="text-align:left">License is filtered successfully</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click on license name and then on <em>Edit License Details and Text</em></td> -<td style="text-align:left">License page is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Modify some fields and click <em>Update License</em></td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Check all fields on <em>Details</em> and <em>Text</em> pages</td> -<td style="text-align:left">Values are filled in correctly</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click on <em>Edit License Details and Text</em></td> -<td style="text-align:left">License page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click o <em>Delete</em> license name</td> -<td style="text-align:left"><em>License removed successfully!</em> message is displayed</td> -</tr> -</tbody> -</table> -<h2 id="edit-license-todos-and-obligations">Edit license TODOs and Obligations</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on previously created license name</td> -<td style="text-align:left"><em>License Details</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Add a Todo</em></td> -<td style="text-align:left">Todo page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Enter a Todo text (e.g. &ldquo;First todo text&rdquo;), click <em>Applies to development</em>, and click <em>Submit</em></td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>TODOs and Obligations</em></td> -<td style="text-align:left">The previously entered Todo is listed on the page with <em>No obligations</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click on <em>Add a Todo</em></td> -<td style="text-align:left">Todo page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Enter a Todo text (e.g. &ldquo;Second todo text&rdquo;), click on some Obligations and click Submit</td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click TODOs and Obligations</td> -<td style="text-align:left">The previously entered Todo is listed on the page together with chosen obligations</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click on <em>Edit WhiteList</em>, deselect first Todo and click <em>Submit</em></td> -<td style="text-align:left">The deselected Todo is not displayed anymore on <em>TODOs and Obligations</em> page</td> -</tr> -</tbody> -</table> -<h2 id="check-export-licenses">Check Export Licenses</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Licenses</em> tab</td> -<td style="text-align:left"><em>Licenses</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Export Licenses</em></td> -<td style="text-align:left">A dialog for opening <em>Licenses.xlsx</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Open the xlsx file and compare the number of rows with total number of entries from <em>Licenses</em> tab</td> -<td style="text-align:left">All licenses names are exported successfully.</td> -</tr> -</tbody> -</table> - - - - - - Docs: Moderation - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ - - - - <h2 id="accept-moderation-request-for-visible-projects-by-other-users">Accept moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Open first browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile1&rdquo; -no-remote&rdquo;) and sign in with a known <em>First</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Open a second browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile2&rdquo; -no-remote&rdquo;) and sign in with a known <em>Second</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Create a new project visible for <em>Second</em> user (e.g. <em>Me and Moderators</em>, <em>Group and Moderators</em>, <em>Everyone</em>)</td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Search for the above created project and click <em>Edit</em></td> -<td style="text-align:left"><em>You will create a moderation request if you update.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Edit Description field or other fields and click <em>Update Project</em></td> -<td style="text-align:left"><em>Moderation request was sent to update the Project name!</em> message is displayed.</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">The above project that needs moderation is displayed with status <em>PENDING</em></td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click on <em>Moderation</em> page</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Click on moderation request</td> -<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Accept Request</em></td> -<td style="text-align:left"><em>You have accepted the previous moderation request.</em> message is displayed, and State changes to <em>Approved</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>APPROVED</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>APPROVED</em></td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> -<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Check the moderation requested changes</td> -<td style="text-align:left">Changes are visible in the corresponding fields</td> -</tr> -</tbody> -</table> -<h2 id="decline-moderation-request-for-visible-projects-by-other-users">Decline moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-11</td> -<td style="text-align:left">Same as in TC01</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Decline Request</em></td> -<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>REJECTED</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>REJECTED</em></td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> -<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Check the moderation requested changes</td> -<td style="text-align:left">Changes are not visible in the corresponding fields</td> -</tr> -</tbody> -</table> -<h2 id="remove-me-from-moderators-for-moderation-request-for-visible-projects-by-other-users">Remove Me from Moderators for moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-11</td> -<td style="text-align:left">Same as in TC01</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> -<td style="text-align:left"><em>You are the last moderator for this request - you are not allowed to unsubscribe.</em> message is displayed (assuming only <em>First</em> user was listed under <em>Moderators</em> column in step 10)</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click on <em>Decline Request</em></td> -<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Edit the project and add a new moderator (e.g. <em>Third</em> user) under <em>Moderators</em> field</td> -<td style="text-align:left">Project updated successfully.</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Edit the project and create a new moderation request</td> -<td style="text-align:left">Moderation request was sent</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">18</td> -<td style="text-align:left">Click on <em>Moderation</em> page</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -<tr> -<td style="text-align:right">19</td> -<td style="text-align:left">Click on moderation request</td> -<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> -</tr> -<tr> -<td style="text-align:right">20</td> -<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> -<td style="text-align:left"><em>You are removed from the list of moderators for the previous moderation request. You have no open Requests.</em> message is displayed. Also the document is deleted from moderation list.</td> -</tr> -<tr> -<td style="text-align:right">21</td> -<td style="text-align:left">Login with the <em>Third</em> user and check the <em>Moderation</em> tab</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -</tbody> -</table> - - - - - - Docs: Projects - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ - - - - <h2 id="add-a-simple-project-with-no-relations-and-no-releases">Add a simple project with no relations and no releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left">The new project should be added to the projects list</td> -</tr> -</tbody> -</table> -<h2 id="add-a-full-project-with-relations-releases-and-send-to-clearing-process">Add a full project with relations, releases and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Click to add linked Projects</em></td> -<td style="text-align:left"><em>Search Project</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Search</em> and <em>Select</em> the project to be linked (e.g. created in TC01)</td> -<td style="text-align:left">Dialog is closed and selected project is displayed under <em>Linked Projects</em> section</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Click to add Releases</em></td> -<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> a release to be added</td> -<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left">The new project should be added to the projects list</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Check <em>Clearing Status</em> by hovering mouse over the numbers.</td> -<td style="text-align:left">The message should be <em>new release, under clearing&hellip;</em></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Send open release to clearing by clicking the button <em>Send to fossology</em>, under <em>Actions</em> column</td> -<td style="text-align:left"><em>Fossology Clearing</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Select the release to be sent for clearing and click <em>Send</em></td> -<td style="text-align:left"><em>Sent</em> message is displayed near the <em>Send to fossology</em> button</td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click on project name and check <em>Summary</em> page</td> -<td style="text-align:left"><em>Clearing details</em> should have 1 for <em>Under clearing</em></td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Click on <em>Clearing Status</em></td> -<td style="text-align:left">The &ldquo;Release Clearing State_ should be <em>Sent to Fossology</em></td> -</tr> -</tbody> -</table> -<h2 id="add-a-project-with-releases-no-relations-remove-a-release-and-send-to-clearing-process">Add a project with releases, no relations, remove a release, and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-5</td> -<td style="text-align:left">Same as in TC02</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">5a</td> -<td style="text-align:left">Click on <em>Delete</em> icon to delete the linked project</td> -<td style="text-align:left"><em>Do you really want to remove the link to this project?</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5b</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">The project is removed from the list of <em>Linked Projects</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Click to add Releases</em></td> -<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> more than one release to be added</td> -<td style="text-align:left">Dialog is closed and selected releases are displayed under <em>Linked Releases</em> section</td> -</tr> -<tr> -<td style="text-align:right">7a</td> -<td style="text-align:left">Click on <em>Delete</em> icon to delete one of the linked release</td> -<td style="text-align:left"><em>Do you really want to remove the link to this release?</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">7b</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">The release is removed from the list of <em>Linked Releases</em></td> -</tr> -<tr> -<td style="text-align:right">8-15</td> -<td style="text-align:left">Same as in TC02</td> -<td></td> -</tr> -</tbody> -</table> -<p>##TC04: Delete a project that is first linked to another project and then not linked</p> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Create a new project</td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Create another project and add first created one as linked project</td> -<td style="text-align:left">Projects are linked successfully</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Go to first created project in the projects table and try to delete it</td> -<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Message <em>The project is used by another project!</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Project is not deleted (e.g. refresh the page by clicking Projects tab)</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Go to second created project in the projects table and delete it</td> -<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Project is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Go to first created project in the table (not linked anymore to second project) and delete it</td> -<td style="text-align:left">Project is deleted successfully</td> -</tr> -</tbody> -</table> -<h2 id="modify-an-existing-project-with-relations-releases-and-send-to-clearing-process">Modify an existing project with relations, releases and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for a simple project (e.g. created in TC01) and click <em>Edit</em></td> -<td style="text-align:left"><em>You are editing the original document</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Execute steps 5-16 from TC02</td> -<td></td> -</tr> -</tbody> -</table> -<h2 id="add-and-modify-a-project-with-all-project-fields-filled-in">Add and modify a project with all project fields filled in</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill in all editable fields under <em>Basic Information</em>, <em>User Information</em> and <em>Admin Information</em></td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Check all fields on <em>Summary</em> page</td> -<td style="text-align:left">Values are filled in correctly</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Edit</em> button, modify some fields and <em>Update Project</em></td> -<td style="text-align:left">Values are updated successfully</td> -</tr> -</tbody> -</table> -<h2 id="duplicate-an-existing-project">Duplicate an existing project</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing project with all fields filled in (e.g. created in TC06) and click <em>Duplicate</em> button under <em>Actions</em> column</td> -<td style="text-align:left">Project <em>Information</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Check all fields from copied project</td> -<td style="text-align:left">All fields are unchanged, including <em>Linked Projects</em> and <em>Linked Releases</em></td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name and click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Check all fields</td> -<td style="text-align:left">All fields were copied successfully, except the new name of the project</td> -</tr> -</tbody> -</table> - - - - - - +Eclipse SW360 – Test Caseshttps://www.eclipse.org/sw360/docs/development/testcases/Recent content in Test Cases on Eclipse SW360Hugo -- gohugo.ioDocs: Component / Releasehttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ +<h2 id="tc01-add-a-component-and-release-with-vendor-present">TC01: Add a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Component</em> button</td> +<td style="text-align:left">- <em>New Component</em> page is displayed with mandatory fields marked with red star: Name, Categories, Component Type. <br>- A message <em>Success:New Component</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a component <em>Name</em>, <em>Categories</em> and <em>Component Type</em> fields. <br><em>Eg:</em><br>- Name: Component 1@1<br>- Categories: Categories_1@1<br>- Component Type: OSS</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Create Component</em> button</td> +<td style="text-align:left">- Create component successfully. <br>- Redirect to the edit component page.<br>-Show message: <em>Success:You are editing the original document.</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Release</em> button</td> +<td style="text-align:left">Redirect to Add Release page</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> +<td style="text-align:left">Values are entered in the fields:<br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Create Release</em> button</td> +<td style="text-align:left">- Create a release successfully.<br>- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click <em>Add Vendor</em> button</td> +<td style="text-align:left"><em>Create new Vendor</em> dialog display</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Input data in fields<br>- Full Name: add vendor 01<br>-Short Name: add vendor01<br>-URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> +<td style="text-align:left">Values are entered in the fields.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Add Vendor</em> button</td> +<td style="text-align:left">The vendor is added in Vendor field of the release with full name is <em>add vendor 01</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left"><em>Attachments</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click <em>Add Attachment</em> button</td> +<td style="text-align:left"><em>Upload Attachment</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Click <em>Browse</em> and select the attachment.<br>Eg: attachment1.xlsx</td> +<td style="text-align:left">File name is displayed in the dialog</td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the <em>Attachment</em> page</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Change the attachment <em>Type</em> to real type.<br>Eg: Component license information (Combined)</td> +<td style="text-align:left">Type changed successfully</td> +</tr> +<tr> +<td style="text-align:right">18</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Message: <em>Success:Release {name} ({version}) updated successfully!</em> is displayed</td> +</tr> +</tbody> +</table> +<h2 id="tc02-verify-data-after-add-a-component-and-release-with-vendor-present">TC02: Verify data after add a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for the component is created in TC01:<br>- Click <em>Components</em> portlet<br>- At Advanced Search area, input <em>Component 1@1</em> in the <em>Component Name</em> textbox.<br>- Click <em>Search</em> button</td> +<td style="text-align:left">The new component display in the table with:<br>- Vendor: add vendor01<br>- Component Name: <em>Component 1@1</em> is displayed with hyper link.<br>- Main licenses: blank<br>- Component Type: OSS</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click hyper link of name <em>Component 1@1</em></td> +<td style="text-align:left">Redirect to view component <em>Component 1@1</em> page</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">The release display with:<br>- Name: Component 1@1<br>- Version displays with hyper link: version1.0.0.x<br>- Clearing State: New<br>- Clearing Report: no report<br>- Release Mainline State: Open</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click hyper link <em>version1.0.0.x</em></td> +<td style="text-align:left">Redirect to view screen of release <em>Component 1@1 version1.0.0.x</em><br>Data of the release:<br>- Summary tab:<br>+ display text with: COMPONENT 1@1 VERSION1.0.0.X<br>+ CPE ID: UUID_1002<br>+ Created on: date of created.<br>+ Created by: user created.<br>+ Modified On: date of modified.<br>+ Modified By: user modified.<br>+ Clearing State: New<br>+ Release Mainline State: Open<br>+ Release Vendor with:<br>   Full Name: add vendor 01<br>   Short Name: add vendor01<br>   URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left">Display file name <em>attachment1.xlsx</em> in the table.</td> +</tr> +</tbody> +</table> +<h2 id="tc03-modify-a-component-and-release-with-vendor-present">TC03: Modify a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component (e.g. created in TC01: <em>Component 1@1</em>) and click <em>Edit</em> icon</td> +<td style="text-align:left"><em>Success:You are editing the original document</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Releases</em> tab</td> +<td style="text-align:left">Release list is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Release</em> button</td> +<td style="text-align:left">Redirect to Add Release page</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> +<td style="text-align:left">Values are entered in the fields:<br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Create Release</em> button</td> +<td style="text-align:left">- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search</em> button.<br>Select a vendor (eg: select vendor with full name <em>VendorUp</em>) <br>Click <em>Select Vendor</em> button.</td> +<td style="text-align:left">Dialog is closed and selected Vendor is added under <em>Vendor</em> field: VendorUp</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. Eg: attachment2.img<br>Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Message <em>Success:Release Component 1@1 (v1.0.0.1) updated successfully!</em> is displayed</td> +</tr> +</tbody> +</table> +<h2 id="tc04-verify-data-after--modify-a-component-and-release-with-vendor-present">TC04: Verify data after modify a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Continue TC03</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Summary</em> tab</td> +<td style="text-align:left">Data in the tab:<br>- Modified On: date of modified.<br>- Modified By: user modified.<br>Data of other fields in the tab is same data before updated.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">New release with version <em>v1.0.0.1</em> is added in the release table.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>v1.0.0.1</em> hyper link</td> +<td style="text-align:left">Text display with: <em>COMPONENT 1@1 V1.0.0.1</em> at the right corner.<br>- At Summary tab: <br> + CPE ID: cpe:id:123456<br> + Release Vendor: display with Full Name, Short Name and URL correctly with vendor <em>VendorUp</em> <br>- At Attachments tab: attachment <em>attachment2.img</em> display in the attachment table with correct information.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Component 1@1</em> hyper link</td> +<td style="text-align:left">Redirect to view screen of <em>Component 1@1</em> component.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left">Data in the tab is same data before updated.</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Vulnerabilities</em> tab</td> +<td style="text-align:left">Data in the tab is same data before updated.</td> +</tr> +</tbody> +</table> +<h2 id="tc05-add-and-modify-a-component-and-release-with-all-fields-filled-in">TC05: Add and modify a component and release with all fields filled in</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab<br>Click <em>Add Component</em> button<br>Fill in all editable fields<br>Click <em>Create Component</em> button</td> +<td style="text-align:left">- Redirect to edit component screen with the message <em>Success:You are editing the original document.</em> is displayed in the left corner.<br>- Create component successfully. Data match with input data.</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Releases</em> tab.<br>Click <em>Add Releases</em> button.<br>At <em>Summary</em> tab, fill in all editable fields under <em>Release Summary</em> and <em>Release Repository</em>.<br>Click <em>Create Release</em> button.<br></td> +<td style="text-align:left">Redirect to edit release screen.<br>Created release successfully. Data match with input data.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Linked Releases</em> tab<br>Click <em>Click to add Releases</em> button</td> +<td style="text-align:left">The dialog <em>Link Releases</em> is displayed.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Input search name into textbox<br>Click <em>Search</em> button<br>Select 3 releases.<br>Click <em>Link Releases</em> button</td> +<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Linked Packages</em> tab<br>Click <em>Add Packages</em> button</td> +<td style="text-align:left">The dialog <em>Link Packages</em> is displayed.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Input an exist orphan package name into textbox.<br>Click <em>Search</em> button.<br>Select a package.<br>Click <em>Link Packages</em> button.</td> +<td style="text-align:left">Dialog is closed and selected package is displayed under <em>Linked Packages</em> table</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Clearing Details</em> tab<br>Fill in all editable fields</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>ECC Details</em> tab<br>Fill in all editable fields</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. <em>Eg</em>: attachment3.xlsx<br>Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">- <em>Success:Release {componentName} ({version}) updated successfully!</em> message is displayed.<br>- Redirect to the view release screen.</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Check all fields of the release by click tabs: <em>Summary, Linked Releases, Linked Packages, Clearing Details and Attachments</em>.</td> +<td style="text-align:left">Values are filled in correctly, match with input data.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Edit Release</em> button, modify some fields.<br>Eg: <br>- <em>Version</em> field ( in <em>Summary</em> tab): rename version name_updated<br> - <em>ECC Status</em> field (in <em>ECC Details</em> tab): Approved.<br>Click <em>Update Release</em> button.</td> +<td style="text-align:left">Values are updated successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc06-delete-a-component-that-is-first-linked-to-a-project-and-then-not-and-a-project">TC06: Delete a component that is first linked to a project and then not, and a project</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Create a new component<br><em>Eg:</em> component with name <em>Component @1234</em></td> +<td style="text-align:left">Component is created successfully</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Add a new release to this component<br><em>Eg:</em> release <em>Rel1</em></td> +<td style="text-align:left">Release is added successfully</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Create a new project <em>P1</em></td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Add the linked release <em>Rel1</em> to project <em>P1</em>.</td> +<td style="text-align:left">Release linked successfully</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Components</em> portlet.<br>Search component <em>Component @1234</em> by name at advanced search.</td> +<td style="text-align:left">Component <em>Component @1234</em> display on the result table.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click delete icon of component <em>Component @1234</em></td> +<td style="text-align:left">A warning <em>The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.</em></td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>OK</em> button in the warning dialog.</td> +<td style="text-align:left">The dialog is closed, component is not deleted</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Components</em> portlet.<br>Search for the component <em>Component @1234</em> and click hyper link of component <em>Component @1234</em>.</td> +<td style="text-align:left">View screen of <em>Component @1234</em> component is display</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Release</em> Overview.<br>Click Delete icon button of release <em>Rel1</em>.<br>Click <em>Delete Release</em> button in the dialog.</td> +<td style="text-align:left">- Dialog <em>Delete Releases</em> is displayed.<br>- Delete the release is failure.<br>- The message: <em>I could not delete the release, since it is used by another component (release) or project</em> display.</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Go to project <em>P1</em>, delete project <em>P1</em>.</td> +<td style="text-align:left">The project is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Go to component <em>Component @1234</em>, at <em>Release Overview</em> tab, click Delete icon button of release <em>Rel1</em>.</td> +<td style="text-align:left">Show message: <em>Do you really want to delete the release {componentName} ({version}) ?</em></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Delete Release</em> button</td> +<td style="text-align:left">Release is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click <em>Edit Component</em> button.<br>Click <em>Delete Component</em> button.</td> +<td style="text-align:left">The dialog is displayed with message: <em>Do you really want to delete the component {componentName} ?</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click <em>Delete Component</em> button</td> +<td style="text-align:left">Component is deleted successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc07-add-new-attachments-to-an-existing-release-and-delete-attachments">TC07: Add new attachments to an existing release and delete attachments</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component (e.g. created in TC01) and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click edit icon in the Action column of release version that needs a new attachment. <em>Eg:</em> release <em>Rel1</em>.</td> +<td style="text-align:left">Edit release <em>Rel1</em> page is displayed.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select several attachments.<br><em>Eg:</em> 5 attachment files (att1, att2, att3, att4, att5)</td> +<td style="text-align:left">File names are displayed in the dialog</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Delete</em> button near some files not to be added.<br><em>Eg:</em> delete 2 attachment files (att1, att3)</td> +<td style="text-align:left">File names are removed from the list</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Upload</em> button for the remaining files.</td> +<td style="text-align:left">The attached file are listed in the <em>Attachment</em> page: att2, att4, att5</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Change some <em>Attachment type</em> to real type, e.g. <em>source file, clearing report, CLI,&hellip;</em></td> +<td style="text-align:left">Type changed successfully</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Release <em>Ree1</em> is updated correctly.</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Edit Release</em> button</td> +<td style="text-align:left"><em>Success:You are editing the original document.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left"><em>Attachments</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click delete icon to delete an attachment</td> +<td style="text-align:left">Show message: <em>Do you really want to delete attachment {attachmentName}({attachmentId})?</em></td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Click <em>Delete Attachment button</em></td> +<td style="text-align:left">Attachment is deleted successfully, data of attachment is removed from attachment table.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Release Ree1 is updated correctly with message <em>Success: Release {componentName}({version}) updated successfully!</em></td> +</tr> +</tbody> +</table> +<h2 id="tc08-duplicate-an-existing-release">TC08: Duplicate an existing release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release with all fields filled in (Eg: created in TC05) and click <em>Release Overview</em></td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Duplicate</em> button under Action column</td> +<td style="text-align:left">The page changes to create duplicate release screen</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Check all fields from copied release</td> +<td style="text-align:left">- <em>Summary</em> tab:<br> + <em>CPE ID</em> field: blank<br> + Remain fields are unchanged (exclude disable fields).<br>- <em>Linked Releases</em> tab: there is no linked release.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Change the <em>Version</em> field and fill in a <em>CPE ID</em>.<br><em>Eg:</em>  Version: ver_duplicate<br> CPE ID: CPE ID_duplicate<br>Click <em>Create Release</em> button</td> +<td style="text-align:left">- Redirect to edit release screen.<br>- Create duplicate release is success with message: <em>Success:You are editing the original document.</em><br>- Data of duplicate release is correct.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Modify some other fields.<br><em>Eg:</em> Release Date: 2023-06-12. <br>Click <em>Clearing Details</em> tab</td> +<td style="text-align:left"><em>Clearing Details</em> page is displayed and does not contain any field from copied release</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">The release is updated successfully with data correctly</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click component name link on top of the page</td> +<td style="text-align:left">Summary page for the component is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">The new copied release is listed among previous releases</td> +</tr> +</tbody> +</table> +<h2 id="tc09-search-for-and-create-a-new-vendor-for-a-new-release">TC09: Search for and create a new vendor for a new release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> portlet<br>At advanced Search, search for an existing component.<br><em>Eg:</em> input <em>Comp1</em> in the Component Name text box.<br>Click <em>Search</em> button.</td> +<td style="text-align:left">Component <em>Comp1</em> display in the result table.</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click edit icon in Actions column of component <em>Comp1</em>.</td> +<td style="text-align:left">Edit screen of component <em>Comp1</em> is displayed with message: <em>Success:You are editing the original document</em></td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Releases</em> button</td> +<td style="text-align:left">The page changes to <em>New Release Edit</em> page</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br> + Version: @1.0.2<br> + CPE ID: moshiano_002</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Add Vendor</em></td> +<td style="text-align:left"><em>Create New Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Fill in <em>Full name</em>, <em>Short name</em> and <em>URL</em><br><em>Eg:</em><br>Full Name: Fullvendor_0909<br>Short Name: Short_ven090<br>URL: <a href="https://github.com/">https://github.com/</a></td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Add Vendor</em></td> +<td style="text-align:left">Dialog closes and the new vendor is displayed in release <em>Vendor</em> field with full name <em>Fullvendor_0909</em></td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Create Release</em></td> +<td style="text-align:left">Redirect to edit release page with the message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click component name link on top of the page</td> +<td style="text-align:left">Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under <em>Vendors</em> field for the component</td> +</tr> +</tbody> +</table> +<h2 id="tc10-link-a-release-to-the-project-in-view-component-page-and-check-used-by-projects">TC10: Link a release to the project in view component page and check used by projects</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Link Project</em> button under Action column</td> +<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> +<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> +<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Re-open the release at view page and click <em>Summary</em> tab</td> +<td style="text-align:left">Used by project information is updated correspondingly</td> +</tr> +</tbody> +</table> +<h2 id="tc11-link-a-release-to-a-project-in-the-view-release-page">TC11: Link a release to a project in the view release page</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>a release name</em> hyperlink. Eg: release R1</td> +<td style="text-align:left">Redirect to the <em>view release</em> page</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> +<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> +<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> +</tr> +</tbody> +</table> +<h2 id="tc12-import-a-new-component-by-spdxxml-rdf-file">TC12: Import a new component by .spdx/.xml/ .rdf file</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Import SBOM</em> button</td> +<td style="text-align:left">A dialog <em>Upload SBOM</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Choose a <strong><em>.spdx</em></strong> or <strong><em>.xml</em></strong> or <strong><em>.rdf</em></strong> file by clicking on the <em>Browse</em> button or drop/draft a file into the dialog</td> +<td style="text-align:left">The message is displayed in the dialog: <br> <em>The new Component and new Release will be created, do you want to import? <br> New Component: {new component names} <br> New Release: {new release names}</em></td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Import</em> button</td> +<td style="text-align:left">The dialog is closed. New releases and new components are imported successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc13-export-components-without-releases">TC13: Export components without releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components only</em> option</td> +<td style="text-align:left">- A new file with name&rsquo;s format <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded<br>- The content of the downloaded file includes information of all components in the system</td> +</tr> +</tbody> +</table> +<h2 id="tc14-export-components-with-releases">TC14: Export components with releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components with releases</em> option</td> +<td style="text-align:left">- New file with name <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded.<br>- The content of the downloaded file includes information of all components and releases in the system</td> +</tr> +</tbody> +</table> +<h2 id="tc15-create-a-clearing-request-for-a-release">TC15: Create a clearing request for a release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with releases and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Edit</em> button under <em>Action</em> column. Eg: edit release R1</td> +<td style="text-align:left">Redirect to <em>view release</em> page and the message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Attachments</em> tab, then add a source file (Eg: .rdf file) with <em>Type</em> is <em>Source file</em></td> +<td style="text-align:left">The data is updated correspondingly</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">The message <em>Success:Release {release name} updated successfully!</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Clearing details</em> tab, then click <em>Fossology Process</em> icon beside <em>Clearing State</em> field and wait for the process to finish</td> +<td style="text-align:left">The message <em>The FOSSology process already finished. You should find the resulting report as attachment at this release.</em> is displayed in the <em>Fossology Process</em> dialog</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Close</em> button in the dialog</td> +<td style="text-align:left">The dialog is closed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Reload this page, then click <em>Attachments</em> tab</td> +<td style="text-align:left">A new file is listed in <em>Attachments</em> page with name&rsquo;s format <em>{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf</em></td> +</tr> +</tbody> +</table>Docs: Licenseshttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ +<h2 id="create-edit-and-delete-license">Create, edit and delete license</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Licenses</em> tab</td> +<td style="text-align:left"><em>Licenses</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Add License</em></td> +<td style="text-align:left"><em>New License</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in <em>Fullname</em> and <em>Shortname</em> fields and press <em>Add License</em></td> +<td style="text-align:left"><em>License added successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Write the license or part of newly created license name in <em>Keyword Search</em> field</td> +<td style="text-align:left">License is filtered successfully</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click on license name and then on <em>Edit License Details and Text</em></td> +<td style="text-align:left">License page is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Modify some fields and click <em>Update License</em></td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Check all fields on <em>Details</em> and <em>Text</em> pages</td> +<td style="text-align:left">Values are filled in correctly</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click on <em>Edit License Details and Text</em></td> +<td style="text-align:left">License page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click o <em>Delete</em> license name</td> +<td style="text-align:left"><em>License removed successfully!</em> message is displayed</td> +</tr> +</tbody> +</table> +<h2 id="edit-license-todos-and-obligations">Edit license TODOs and Obligations</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on previously created license name</td> +<td style="text-align:left"><em>License Details</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Add a Todo</em></td> +<td style="text-align:left">Todo page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Enter a Todo text (e.g. &ldquo;First todo text&rdquo;), click <em>Applies to development</em>, and click <em>Submit</em></td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>TODOs and Obligations</em></td> +<td style="text-align:left">The previously entered Todo is listed on the page with <em>No obligations</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click on <em>Add a Todo</em></td> +<td style="text-align:left">Todo page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Enter a Todo text (e.g. &ldquo;Second todo text&rdquo;), click on some Obligations and click Submit</td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click TODOs and Obligations</td> +<td style="text-align:left">The previously entered Todo is listed on the page together with chosen obligations</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click on <em>Edit WhiteList</em>, deselect first Todo and click <em>Submit</em></td> +<td style="text-align:left">The deselected Todo is not displayed anymore on <em>TODOs and Obligations</em> page</td> +</tr> +</tbody> +</table> +<h2 id="check-export-licenses">Check Export Licenses</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Licenses</em> tab</td> +<td style="text-align:left"><em>Licenses</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Export Licenses</em></td> +<td style="text-align:left">A dialog for opening <em>Licenses.xlsx</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Open the xlsx file and compare the number of rows with total number of entries from <em>Licenses</em> tab</td> +<td style="text-align:left">All licenses names are exported successfully.</td> +</tr> +</tbody> +</table>Docs: Moderationhttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ +<h2 id="accept-moderation-request-for-visible-projects-by-other-users">Accept moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Open first browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile1&rdquo; -no-remote&rdquo;) and sign in with a known <em>First</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Open a second browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile2&rdquo; -no-remote&rdquo;) and sign in with a known <em>Second</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Create a new project visible for <em>Second</em> user (e.g. <em>Me and Moderators</em>, <em>Group and Moderators</em>, <em>Everyone</em>)</td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Search for the above created project and click <em>Edit</em></td> +<td style="text-align:left"><em>You will create a moderation request if you update.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Edit Description field or other fields and click <em>Update Project</em></td> +<td style="text-align:left"><em>Moderation request was sent to update the Project name!</em> message is displayed.</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">The above project that needs moderation is displayed with status <em>PENDING</em></td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click on <em>Moderation</em> page</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Click on moderation request</td> +<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Accept Request</em></td> +<td style="text-align:left"><em>You have accepted the previous moderation request.</em> message is displayed, and State changes to <em>Approved</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>APPROVED</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>APPROVED</em></td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> +<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Check the moderation requested changes</td> +<td style="text-align:left">Changes are visible in the corresponding fields</td> +</tr> +</tbody> +</table> +<h2 id="decline-moderation-request-for-visible-projects-by-other-users">Decline moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-11</td> +<td style="text-align:left">Same as in TC01</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Decline Request</em></td> +<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>REJECTED</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>REJECTED</em></td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> +<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Check the moderation requested changes</td> +<td style="text-align:left">Changes are not visible in the corresponding fields</td> +</tr> +</tbody> +</table> +<h2 id="remove-me-from-moderators-for-moderation-request-for-visible-projects-by-other-users">Remove Me from Moderators for moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-11</td> +<td style="text-align:left">Same as in TC01</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> +<td style="text-align:left"><em>You are the last moderator for this request - you are not allowed to unsubscribe.</em> message is displayed (assuming only <em>First</em> user was listed under <em>Moderators</em> column in step 10)</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click on <em>Decline Request</em></td> +<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Edit the project and add a new moderator (e.g. <em>Third</em> user) under <em>Moderators</em> field</td> +<td style="text-align:left">Project updated successfully.</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Edit the project and create a new moderation request</td> +<td style="text-align:left">Moderation request was sent</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">18</td> +<td style="text-align:left">Click on <em>Moderation</em> page</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +<tr> +<td style="text-align:right">19</td> +<td style="text-align:left">Click on moderation request</td> +<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> +</tr> +<tr> +<td style="text-align:right">20</td> +<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> +<td style="text-align:left"><em>You are removed from the list of moderators for the previous moderation request. You have no open Requests.</em> message is displayed. Also the document is deleted from moderation list.</td> +</tr> +<tr> +<td style="text-align:right">21</td> +<td style="text-align:left">Login with the <em>Third</em> user and check the <em>Moderation</em> tab</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +</tbody> +</table>Docs: Projectshttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ +<h2 id="add-a-simple-project-with-no-relations-and-no-releases">Add a simple project with no relations and no releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left">The new project should be added to the projects list</td> +</tr> +</tbody> +</table> +<h2 id="add-a-full-project-with-relations-releases-and-send-to-clearing-process">Add a full project with relations, releases and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Click to add linked Projects</em></td> +<td style="text-align:left"><em>Search Project</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Search</em> and <em>Select</em> the project to be linked (e.g. created in TC01)</td> +<td style="text-align:left">Dialog is closed and selected project is displayed under <em>Linked Projects</em> section</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Click to add Releases</em></td> +<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> a release to be added</td> +<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left">The new project should be added to the projects list</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Check <em>Clearing Status</em> by hovering mouse over the numbers.</td> +<td style="text-align:left">The message should be <em>new release, under clearing&hellip;</em></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Send open release to clearing by clicking the button <em>Send to fossology</em>, under <em>Actions</em> column</td> +<td style="text-align:left"><em>Fossology Clearing</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Select the release to be sent for clearing and click <em>Send</em></td> +<td style="text-align:left"><em>Sent</em> message is displayed near the <em>Send to fossology</em> button</td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click on project name and check <em>Summary</em> page</td> +<td style="text-align:left"><em>Clearing details</em> should have 1 for <em>Under clearing</em></td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Click on <em>Clearing Status</em></td> +<td style="text-align:left">The &ldquo;Release Clearing State_ should be <em>Sent to Fossology</em></td> +</tr> +</tbody> +</table> +<h2 id="add-a-project-with-releases-no-relations-remove-a-release-and-send-to-clearing-process">Add a project with releases, no relations, remove a release, and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-5</td> +<td style="text-align:left">Same as in TC02</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">5a</td> +<td style="text-align:left">Click on <em>Delete</em> icon to delete the linked project</td> +<td style="text-align:left"><em>Do you really want to remove the link to this project?</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5b</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">The project is removed from the list of <em>Linked Projects</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Click to add Releases</em></td> +<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> more than one release to be added</td> +<td style="text-align:left">Dialog is closed and selected releases are displayed under <em>Linked Releases</em> section</td> +</tr> +<tr> +<td style="text-align:right">7a</td> +<td style="text-align:left">Click on <em>Delete</em> icon to delete one of the linked release</td> +<td style="text-align:left"><em>Do you really want to remove the link to this release?</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">7b</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">The release is removed from the list of <em>Linked Releases</em></td> +</tr> +<tr> +<td style="text-align:right">8-15</td> +<td style="text-align:left">Same as in TC02</td> +<td></td> +</tr> +</tbody> +</table> +<p>##TC04: Delete a project that is first linked to another project and then not linked</p> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Create a new project</td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Create another project and add first created one as linked project</td> +<td style="text-align:left">Projects are linked successfully</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Go to first created project in the projects table and try to delete it</td> +<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Message <em>The project is used by another project!</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Project is not deleted (e.g. refresh the page by clicking Projects tab)</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Go to second created project in the projects table and delete it</td> +<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Project is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Go to first created project in the table (not linked anymore to second project) and delete it</td> +<td style="text-align:left">Project is deleted successfully</td> +</tr> +</tbody> +</table> +<h2 id="modify-an-existing-project-with-relations-releases-and-send-to-clearing-process">Modify an existing project with relations, releases and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for a simple project (e.g. created in TC01) and click <em>Edit</em></td> +<td style="text-align:left"><em>You are editing the original document</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Execute steps 5-16 from TC02</td> +<td></td> +</tr> +</tbody> +</table> +<h2 id="add-and-modify-a-project-with-all-project-fields-filled-in">Add and modify a project with all project fields filled in</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill in all editable fields under <em>Basic Information</em>, <em>User Information</em> and <em>Admin Information</em></td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Check all fields on <em>Summary</em> page</td> +<td style="text-align:left">Values are filled in correctly</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Edit</em> button, modify some fields and <em>Update Project</em></td> +<td style="text-align:left">Values are updated successfully</td> +</tr> +</tbody> +</table> +<h2 id="duplicate-an-existing-project">Duplicate an existing project</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing project with all fields filled in (e.g. created in TC06) and click <em>Duplicate</em> button under <em>Actions</em> column</td> +<td style="text-align:left">Project <em>Information</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Check all fields from copied project</td> +<td style="text-align:left">All fields are unchanged, including <em>Linked Projects</em> and <em>Linked Releases</em></td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name and click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Check all fields</td> +<td style="text-align:left">All fields were copied successfully, except the new name of the project</td> +</tr> +</tbody> +</table> \ No newline at end of file diff --git a/docs/development/testcases/test-cases-components/index.html b/docs/development/testcases/test-cases-components/index.html index 639ee76..0e36798 100644 --- a/docs/development/testcases/test-cases-components/index.html +++ b/docs/development/testcases/test-cases-components/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -Component / Release | Eclipse SW360 -Component / Release | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Component / Release

    - -
    - - - - - - - - - - - - - -
    -

    TC01: Add a component and release with vendor present

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click Components tabComponents page is displayed
    3Click Add Component button- New Component page is displayed with mandatory fields marked with red star: Name, Categories, Component Type.
    - A message Success:New Component is displayed
    4Fill in a component Name, Categories and Component Type fields.
    Eg:
    - Name: Component 1@1
    - Categories: Categories_1@1
    - Component Type: OSS    		Values are entered in the fields
    5Click Create Component button- Create component successfully.
    - Redirect to the edit component page.
    -Show message: Success:You are editing the original document.
    6Click Releases tab
    Click Add Release button    		Redirect to Add Release page
    7Fill in a release Version and CPE ID
    Eg:
    - Version: version1.0.0.x
    - CPE ID: UUID_1002    		Values are entered in the fields:
    - Version: version1.0.0.x
    - CPE ID: UUID_1002
    8Click Create Release button- Create a release successfully.
    - Redirect to the edit new release page.
    - The message Success:You are editing the original document. is displayed
    9Click Vendor fieldSearch Vendor dialog is displayed
    10Click Add Vendor buttonCreate new Vendor dialog display
    11Input data in fields
    - Full Name: add vendor 01
    -Short Name: add vendor01
    -URL: https://github.com/eclipse-sw360/sw360    		Values are entered in the fields.
    12Click Add Vendor buttonThe vendor is added in Vendor field of the release with full name is add vendor 01
    13Click Attachments tabAttachments page is displayed
    14Click Add Attachment buttonUpload Attachment dialog is displayed
    15Click Browse and select the attachment.
    Eg: attachment1.xlsx    		File name is displayed in the dialog
    16Click Upload buttonThe file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    17Change the attachment Type to real type.
    Eg: Component license information (Combined)    		Type changed successfully
    18Click Update Release buttonMessage: Success:Release {name} ({version}) updated successfully! is displayed
    -

    TC02: Verify data after add a component and release with vendor present

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for the component is created in TC01:
    - Click Components portlet
    - At Advanced Search area, input Component 1@1 in the Component Name textbox.
    - Click Search button    		The new component display in the table with:
    - Vendor: add vendor01
    - Component Name: Component 1@1 is displayed with hyper link.
    - Main licenses: blank
    - Component Type: OSS
    2Click hyper link of name Component 1@1Redirect to view component Component 1@1 page
    3Click Release Overview tabThe release display with:
    - Name: Component 1@1
    - Version displays with hyper link: version1.0.0.x
    - Clearing State: New
    - Clearing Report: no report
    - Release Mainline State: Open
    4Click hyper link version1.0.0.xRedirect to view screen of release Component 1@1 version1.0.0.x
    Data of the release:
    - Summary tab:
    + display text with: COMPONENT 1@1 VERSION1.0.0.X
    + CPE ID: UUID_1002
    + Created on: date of created.
    + Created by: user created.
    + Modified On: date of modified.
    + Modified By: user modified.
    + Clearing State: New
    + Release Mainline State: Open
    + Release Vendor with:
      Full Name: add vendor 01
      Short Name: add vendor01
      URL: https://github.com/eclipse-sw360/sw360
    5Click Attachments tabDisplay file name attachment1.xlsx in the table.
    -

    TC03: Modify a component and release with vendor present

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component (e.g. created in TC01: Component 1@1) and click Edit iconSuccess:You are editing the original document message is displayed
    2Click Releases tabRelease list is displayed
    3Click Add Release buttonRedirect to Add Release page
    4Fill in a release Version and CPE ID
    Eg:
    - Version: v1.0.0.1
    - CPE ID: cpe:id:123456    		Values are entered in the fields:
    - Version: v1.0.0.1
    - CPE ID: cpe:id:123456
    5Click Create Release button- Redirect to the edit new release page.
    - The message Success:You are editing the original document. is displayed
    6Click Vendor fieldSearch Vendor dialog is displayed
    7Click Search button.
    Select a vendor (eg: select vendor with full name VendorUp)
    Click Select Vendor button.    		Dialog is closed and selected Vendor is added under Vendor field: VendorUp
    8Click Attachments tab
    Click Add Attachment button
    Click Browse and select the attachment. Eg: attachment2.img
    Click Upload button    		The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    9Click Update Release buttonMessage Success:Release Component 1@1 (v1.0.0.1) updated successfully! is displayed
    -

    TC04: Verify data after modify a component and release with vendor present

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Continue TC03
    2Click Summary tabData in the tab:
    - Modified On: date of modified.
    - Modified By: user modified.
    Data of other fields in the tab is same data before updated.
    3Click Release Overview tabNew release with version v1.0.0.1 is added in the release table.
    4Click v1.0.0.1 hyper linkText display with: COMPONENT 1@1 V1.0.0.1 at the right corner.
    - At Summary tab:
    + CPE ID: cpe:id:123456
    + Release Vendor: display with Full Name, Short Name and URL correctly with vendor VendorUp
    - At Attachments tab: attachment attachment2.img display in the attachment table with correct information.
    5Click Component 1@1 hyper linkRedirect to view screen of Component 1@1 component.
    6Click Attachments tabData in the tab is same data before updated.
    7Click Vulnerabilities tabData in the tab is same data before updated.
    -

    TC05: Add and modify a component and release with all fields filled in

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click Components tab
    Click Add Component button
    Fill in all editable fields
    Click Create Component button    		- Redirect to edit component screen with the message Success:You are editing the original document. is displayed in the left corner.
    - Create component successfully. Data match with input data.
    2Click Releases tab.
    Click Add Releases button.
    At Summary tab, fill in all editable fields under Release Summary and Release Repository.
    Click Create Release button.
    		Redirect to edit release screen.
    Created release successfully. Data match with input data.
    3Click Linked Releases tab
    Click Click to add Releases button    		The dialog Link Releases is displayed.
    4Input search name into textbox
    Click Search button
    Select 3 releases.
    Click Link Releases button    		Dialog is closed and selected release is displayed under Linked Releases section.
    5Click Linked Packages tab
    Click Add Packages button    		The dialog Link Packages is displayed.
    6Input an exist orphan package name into textbox.
    Click Search button.
    Select a package.
    Click Link Packages button.    		Dialog is closed and selected package is displayed under Linked Packages table
    7Click Clearing Details tab
    Fill in all editable fields    		Values are entered in the fields
    8Click ECC Details tab
    Fill in all editable fields    		Values are entered in the fields
    9Click Attachments tab
    Click Add Attachment button
    Click Browse and select the attachment. Eg: attachment3.xlsx
    Click Upload button    		The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    10Click Update Release button- Success:Release {componentName} ({version}) updated successfully! message is displayed.
    - Redirect to the view release screen.
    11Check all fields of the release by click tabs: Summary, Linked Releases, Linked Packages, Clearing Details and Attachments.Values are filled in correctly, match with input data.
    12Click Edit Release button, modify some fields.
    Eg:
    - Version field ( in Summary tab): rename version name_updated
    - ECC Status field (in ECC Details tab): Approved.
    Click Update Release button.    		Values are updated successfully
    -

    TC06: Delete a component that is first linked to a project and then not, and a project

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Create a new component
    Eg: component with name Component @1234    		Component is created successfully
    2Add a new release to this component
    Eg: release Rel1    		Release is added successfully
    3Create a new project P1Project is created successfully
    4Add the linked release Rel1 to project P1.Release linked successfully
    5Click Components portlet.
    Search component Component @1234 by name at advanced search.    		Component Component @1234 display on the result table.
    6Click delete icon of component Component @1234A warning The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.
    7Click OK button in the warning dialog.The dialog is closed, component is not deleted
    8Click Components portlet.
    Search for the component Component @1234 and click hyper link of component Component @1234.    		View screen of Component @1234 component is display
    9Click Release Overview.
    Click Delete icon button of release Rel1.
    Click Delete Release button in the dialog.    		- Dialog Delete Releases is displayed.
    - Delete the release is failure.
    - The message: I could not delete the release, since it is used by another component (release) or project display.
    10Go to project P1, delete project P1.The project is deleted successfully
    11Go to component Component @1234, at Release Overview tab, click Delete icon button of release Rel1.Show message: Do you really want to delete the release {componentName} ({version}) ?
    12Click Delete Release buttonRelease is deleted successfully
    13Click Edit Component button.
    Click Delete Component button.    		The dialog is displayed with message: Do you really want to delete the component {componentName} ?
    14Click Delete Component buttonComponent is deleted successfully
    -

    TC07: Add new attachments to an existing release and delete attachments

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component (e.g. created in TC01) and click Release Overview tabThe list of releases are displayed
    2Click edit icon in the Action column of release version that needs a new attachment. Eg: release Rel1.Edit release Rel1 page is displayed.
    3Click Attachments tab
    Click Add Attachment button
    Click Browse and select several attachments.
    Eg: 5 attachment files (att1, att2, att3, att4, att5)    		File names are displayed in the dialog
    4Click Delete button near some files not to be added.
    Eg: delete 2 attachment files (att1, att3)    		File names are removed from the list
    5Click Upload button for the remaining files.The attached file are listed in the Attachment page: att2, att4, att5
    6Change some Attachment type to real type, e.g. source file, clearing report, CLI,…Type changed successfully
    7Click Update Release buttonRelease Ree1 is updated correctly.
    8Click Edit Release buttonSuccess:You are editing the original document. message is displayed
    9Click Attachments tabAttachments page is displayed
    10Click delete icon to delete an attachmentShow message: Do you really want to delete attachment {attachmentName}({attachmentId})?
    11Click Delete Attachment buttonAttachment is deleted successfully, data of attachment is removed from attachment table.
    12Click Update Release buttonRelease Ree1 is updated correctly with message Success: Release {componentName}({version}) updated successfully!
    -

    TC08: Duplicate an existing release

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component with release with all fields filled in (Eg: created in TC05) and click Release OverviewThe list of releases are displayed
    2Click Duplicate button under Action columnThe page changes to create duplicate release screen
    3Check all fields from copied release- Summary tab:
    + CPE ID field: blank
    + Remain fields are unchanged (exclude disable fields).
    - Linked Releases tab: there is no linked release.
    4Change the Version field and fill in a CPE ID.
    Eg:  Version: ver_duplicate
    CPE ID: CPE ID_duplicate
    Click Create Release button    		- Redirect to edit release screen.
    - Create duplicate release is success with message: Success:You are editing the original document.
    - Data of duplicate release is correct.
    5Modify some other fields.
    Eg: Release Date: 2023-06-12.
    Click Clearing Details tab    		Clearing Details page is displayed and does not contain any field from copied release
    6Click Update Release buttonThe release is updated successfully with data correctly
    7Click component name link on top of the pageSummary page for the component is displayed
    8Click Release Overview tabThe new copied release is listed among previous releases
    -

    TC09: Search for and create a new vendor for a new release

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click Components portlet
    At advanced Search, search for an existing component.
    Eg: input Comp1 in the Component Name text box.
    Click Search button.    		Component Comp1 display in the result table.
    2Click edit icon in Actions column of component Comp1.Edit screen of component Comp1 is displayed with message: Success:You are editing the original document
    3Click Releases tab
    Click Add Releases button    		The page changes to New Release Edit page
    4Fill in a release Version and CPE ID
    Eg:
    + Version: @1.0.2
    + CPE ID: moshiano_002    		Values are entered in the fields
    5Click Vendor fieldSearch Vendor dialog is displayed
    6Click Add VendorCreate New Vendor dialog is displayed
    7Fill in Full name, Short name and URL
    Eg:
    Full Name: Fullvendor_0909
    Short Name: Short_ven090
    URL: https://github.com/    		Values are entered in the fields
    8Click Add VendorDialog closes and the new vendor is displayed in release Vendor field with full name Fullvendor_0909
    9Click Create ReleaseRedirect to edit release page with the message Success:You are editing the original document. is displayed
    10Click component name link on top of the pageSummary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under Vendors field for the component
    -

    TC10: Link a release to the project in view component page and check used by projects

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component with release and click Release Overview tabThe list of releases are displayed
    2Click Link Project button under Action columnThe dialog Link Release to Project is displayed with Link to Project button is disabled
    3Click Search button then choose a project to linkLink to Project button on the dialog is enabled
    4Click Link to Project buttonThe release {component name} ({version}) has been successfully linked to project {project name}
    Click here to edit the release relation as well as the project mainline state in the project. message is displayed
    5Click here hyperlink in the dialogRedirect to the edit project page with the release was linked (displayed on License Clearing page)
    6Re-open the release at view page and click Summary tabUsed by project information is updated correspondingly
    -

    TC11: Link a release to a project in the view release page

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component with release and click Release Overview tabThe list of releases are displayed
    2Click a release name hyperlink. Eg: release R1Redirect to the view release page
    3Click Link to Project buttonThe dialog Link Release to Project is displayed with Link to Project button is disabled
    4Click Search button then choose a project to linkLink to Project button on the dialog is enabled
    5Click Link to Project buttonThe release {component name} ({version}) has been successfully linked to project {project name}
    Click here to edit the release relation as well as the project mainline state in the project. message is displayed
    6Click here hyperlink in the dialogRedirect to the edit project page with the release was linked (displayed on License Clearing page)
    -

    TC12: Import a new component by .spdx/.xml/ .rdf file

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Import SBOM buttonA dialog Upload SBOM is displayed
    3Choose a .spdx or .xml or .rdf file by clicking on the Browse button or drop/draft a file into the dialogThe message is displayed in the dialog:
    The new Component and new Release will be created, do you want to import?
    New Component: {new component names}
    New Release: {new release names}
    4Click Import buttonThe dialog is closed. New releases and new components are imported successfully
    -

    TC13: Export components without releases

    - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Export Spreadsheet button and choose Components only option- A new file with name’s format components-{yyyy}-{mm}-{dd}.xlsx is downloaded
    - The content of the downloaded file includes information of all components in the system
    -

    TC14: Export components with releases

    - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Export Spreadsheet button and choose Components with releases option- New file with name components-{yyyy}-{mm}-{dd}.xlsx is downloaded.
    - The content of the downloaded file includes information of all components and releases in the system
    -

    TC15: Create a clearing request for a release

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing component with releases and click Release Overview tabThe list of releases are displayed
    2Click Edit button under Action column. Eg: edit release R1Redirect to view release page and the message Success:You are editing the original document. is displayed
    3Click Attachments tab, then add a source file (Eg: .rdf file) with Type is Source fileThe data is updated correspondingly
    4Click Update Release buttonThe message Success:Release {release name} updated successfully! is displayed
    5Click Clearing details tab, then click Fossology Process icon beside Clearing State field and wait for the process to finishThe message The FOSSology process already finished. You should find the resulting report as attachment at this release. is displayed in the Fossology Process dialog
    6Click Close button in the dialogThe dialog is closed
    7Reload this page, then click Attachments tabA new file is listed in Attachments page with name’s format {component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf
    - - - -
    - Last modified March 1, 2024: feat(docs): Update test case for Component, Release (d3f2afc) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +User successfully signed in and Home page …"> +

    Component / Release

    TC01: Add a component and release with vendor present

    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click Components tabComponents page is displayed
    3Click Add Component button- New Component page is displayed with mandatory fields marked with red star: Name, Categories, Component Type.
    - A message Success:New Component is displayed
    4Fill in a component Name, Categories and Component Type fields.
    Eg:
    - Name: Component 1@1
    - Categories: Categories_1@1
    - Component Type: OSS    		Values are entered in the fields
    5Click Create Component button- Create component successfully.
    - Redirect to the edit component page.
    -Show message: Success:You are editing the original document.
    6Click Releases tab
    Click Add Release button    		Redirect to Add Release page
    7Fill in a release Version and CPE ID
    Eg:
    - Version: version1.0.0.x
    - CPE ID: UUID_1002    		Values are entered in the fields:
    - Version: version1.0.0.x
    - CPE ID: UUID_1002
    8Click Create Release button- Create a release successfully.
    - Redirect to the edit new release page.
    - The message Success:You are editing the original document. is displayed
    9Click Vendor fieldSearch Vendor dialog is displayed
    10Click Add Vendor buttonCreate new Vendor dialog display
    11Input data in fields
    - Full Name: add vendor 01
    -Short Name: add vendor01
    -URL: https://github.com/eclipse-sw360/sw360    		Values are entered in the fields.
    12Click Add Vendor buttonThe vendor is added in Vendor field of the release with full name is add vendor 01
    13Click Attachments tabAttachments page is displayed
    14Click Add Attachment buttonUpload Attachment dialog is displayed
    15Click Browse and select the attachment.
    Eg: attachment1.xlsx    		File name is displayed in the dialog
    16Click Upload buttonThe file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    17Change the attachment Type to real type.
    Eg: Component license information (Combined)    		Type changed successfully
    18Click Update Release buttonMessage: Success:Release {name} ({version}) updated successfully! is displayed

    TC02: Verify data after add a component and release with vendor present

    StepActionResult
    1Search for the component is created in TC01:
    - Click Components portlet
    - At Advanced Search area, input Component 1@1 in the Component Name textbox.
    - Click Search button    		The new component display in the table with:
    - Vendor: add vendor01
    - Component Name: Component 1@1 is displayed with hyper link.
    - Main licenses: blank
    - Component Type: OSS
    2Click hyper link of name Component 1@1Redirect to view component Component 1@1 page
    3Click Release Overview tabThe release display with:
    - Name: Component 1@1
    - Version displays with hyper link: version1.0.0.x
    - Clearing State: New
    - Clearing Report: no report
    - Release Mainline State: Open
    4Click hyper link version1.0.0.xRedirect to view screen of release Component 1@1 version1.0.0.x
    Data of the release:
    - Summary tab:
    + display text with: COMPONENT 1@1 VERSION1.0.0.X
    + CPE ID: UUID_1002
    + Created on: date of created.
    + Created by: user created.
    + Modified On: date of modified.
    + Modified By: user modified.
    + Clearing State: New
    + Release Mainline State: Open
    + Release Vendor with:
      Full Name: add vendor 01
      Short Name: add vendor01
      URL: https://github.com/eclipse-sw360/sw360
    5Click Attachments tabDisplay file name attachment1.xlsx in the table.

    TC03: Modify a component and release with vendor present

    StepActionResult
    1Search for an existing component (e.g. created in TC01: Component 1@1) and click Edit iconSuccess:You are editing the original document message is displayed
    2Click Releases tabRelease list is displayed
    3Click Add Release buttonRedirect to Add Release page
    4Fill in a release Version and CPE ID
    Eg:
    - Version: v1.0.0.1
    - CPE ID: cpe:id:123456    		Values are entered in the fields:
    - Version: v1.0.0.1
    - CPE ID: cpe:id:123456
    5Click Create Release button- Redirect to the edit new release page.
    - The message Success:You are editing the original document. is displayed
    6Click Vendor fieldSearch Vendor dialog is displayed
    7Click Search button.
    Select a vendor (eg: select vendor with full name VendorUp)
    Click Select Vendor button.    		Dialog is closed and selected Vendor is added under Vendor field: VendorUp
    8Click Attachments tab
    Click Add Attachment button
    Click Browse and select the attachment. Eg: attachment2.img
    Click Upload button    		The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    9Click Update Release buttonMessage Success:Release Component 1@1 (v1.0.0.1) updated successfully! is displayed

    TC04: Verify data after modify a component and release with vendor present

    StepActionResult
    1Continue TC03
    2Click Summary tabData in the tab:
    - Modified On: date of modified.
    - Modified By: user modified.
    Data of other fields in the tab is same data before updated.
    3Click Release Overview tabNew release with version v1.0.0.1 is added in the release table.
    4Click v1.0.0.1 hyper linkText display with: COMPONENT 1@1 V1.0.0.1 at the right corner.
    - At Summary tab:
    + CPE ID: cpe:id:123456
    + Release Vendor: display with Full Name, Short Name and URL correctly with vendor VendorUp
    - At Attachments tab: attachment attachment2.img display in the attachment table with correct information.
    5Click Component 1@1 hyper linkRedirect to view screen of Component 1@1 component.
    6Click Attachments tabData in the tab is same data before updated.
    7Click Vulnerabilities tabData in the tab is same data before updated.

    TC05: Add and modify a component and release with all fields filled in

    StepActionResult
    1Click Components tab
    Click Add Component button
    Fill in all editable fields
    Click Create Component button    		- Redirect to edit component screen with the message Success:You are editing the original document. is displayed in the left corner.
    - Create component successfully. Data match with input data.
    2Click Releases tab.
    Click Add Releases button.
    At Summary tab, fill in all editable fields under Release Summary and Release Repository.
    Click Create Release button.
    		Redirect to edit release screen.
    Created release successfully. Data match with input data.
    3Click Linked Releases tab
    Click Click to add Releases button    		The dialog Link Releases is displayed.
    4Input search name into textbox
    Click Search button
    Select 3 releases.
    Click Link Releases button    		Dialog is closed and selected release is displayed under Linked Releases section.
    5Click Linked Packages tab
    Click Add Packages button    		The dialog Link Packages is displayed.
    6Input an exist orphan package name into textbox.
    Click Search button.
    Select a package.
    Click Link Packages button.    		Dialog is closed and selected package is displayed under Linked Packages table
    7Click Clearing Details tab
    Fill in all editable fields    		Values are entered in the fields
    8Click ECC Details tab
    Fill in all editable fields    		Values are entered in the fields
    9Click Attachments tab
    Click Add Attachment button
    Click Browse and select the attachment. Eg: attachment3.xlsx
    Click Upload button    		The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page
    10Click Update Release button- Success:Release {componentName} ({version}) updated successfully! message is displayed.
    - Redirect to the view release screen.
    11Check all fields of the release by click tabs: Summary, Linked Releases, Linked Packages, Clearing Details and Attachments.Values are filled in correctly, match with input data.
    12Click Edit Release button, modify some fields.
    Eg:
    - Version field ( in Summary tab): rename version name_updated
    - ECC Status field (in ECC Details tab): Approved.
    Click Update Release button.    		Values are updated successfully

    TC06: Delete a component that is first linked to a project and then not, and a project

    StepActionResult
    1Create a new component
    Eg: component with name Component @1234    		Component is created successfully
    2Add a new release to this component
    Eg: release Rel1    		Release is added successfully
    3Create a new project P1Project is created successfully
    4Add the linked release Rel1 to project P1.Release linked successfully
    5Click Components portlet.
    Search component Component @1234 by name at advanced search.    		Component Component @1234 display on the result table.
    6Click delete icon of component Component @1234A warning The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.
    7Click OK button in the warning dialog.The dialog is closed, component is not deleted
    8Click Components portlet.
    Search for the component Component @1234 and click hyper link of component Component @1234.    		View screen of Component @1234 component is display
    9Click Release Overview.
    Click Delete icon button of release Rel1.
    Click Delete Release button in the dialog.    		- Dialog Delete Releases is displayed.
    - Delete the release is failure.
    - The message: I could not delete the release, since it is used by another component (release) or project display.
    10Go to project P1, delete project P1.The project is deleted successfully
    11Go to component Component @1234, at Release Overview tab, click Delete icon button of release Rel1.Show message: Do you really want to delete the release {componentName} ({version}) ?
    12Click Delete Release buttonRelease is deleted successfully
    13Click Edit Component button.
    Click Delete Component button.    		The dialog is displayed with message: Do you really want to delete the component {componentName} ?
    14Click Delete Component buttonComponent is deleted successfully

    TC07: Add new attachments to an existing release and delete attachments

    StepActionResult
    1Search for an existing component (e.g. created in TC01) and click Release Overview tabThe list of releases are displayed
    2Click edit icon in the Action column of release version that needs a new attachment. Eg: release Rel1.Edit release Rel1 page is displayed.
    3Click Attachments tab
    Click Add Attachment button
    Click Browse and select several attachments.
    Eg: 5 attachment files (att1, att2, att3, att4, att5)    		File names are displayed in the dialog
    4Click Delete button near some files not to be added.
    Eg: delete 2 attachment files (att1, att3)    		File names are removed from the list
    5Click Upload button for the remaining files.The attached file are listed in the Attachment page: att2, att4, att5
    6Change some Attachment type to real type, e.g. source file, clearing report, CLI,…Type changed successfully
    7Click Update Release buttonRelease Ree1 is updated correctly.
    8Click Edit Release buttonSuccess:You are editing the original document. message is displayed
    9Click Attachments tabAttachments page is displayed
    10Click delete icon to delete an attachmentShow message: Do you really want to delete attachment {attachmentName}({attachmentId})?
    11Click Delete Attachment buttonAttachment is deleted successfully, data of attachment is removed from attachment table.
    12Click Update Release buttonRelease Ree1 is updated correctly with message Success: Release {componentName}({version}) updated successfully!

    TC08: Duplicate an existing release

    StepActionResult
    1Search for an existing component with release with all fields filled in (Eg: created in TC05) and click Release OverviewThe list of releases are displayed
    2Click Duplicate button under Action columnThe page changes to create duplicate release screen
    3Check all fields from copied release- Summary tab:
    + CPE ID field: blank
    + Remain fields are unchanged (exclude disable fields).
    - Linked Releases tab: there is no linked release.
    4Change the Version field and fill in a CPE ID.
    Eg:  Version: ver_duplicate
    CPE ID: CPE ID_duplicate
    Click Create Release button    		- Redirect to edit release screen.
    - Create duplicate release is success with message: Success:You are editing the original document.
    - Data of duplicate release is correct.
    5Modify some other fields.
    Eg: Release Date: 2023-06-12.
    Click Clearing Details tab    		Clearing Details page is displayed and does not contain any field from copied release
    6Click Update Release buttonThe release is updated successfully with data correctly
    7Click component name link on top of the pageSummary page for the component is displayed
    8Click Release Overview tabThe new copied release is listed among previous releases

    TC09: Search for and create a new vendor for a new release

    StepActionResult
    1Click Components portlet
    At advanced Search, search for an existing component.
    Eg: input Comp1 in the Component Name text box.
    Click Search button.    		Component Comp1 display in the result table.
    2Click edit icon in Actions column of component Comp1.Edit screen of component Comp1 is displayed with message: Success:You are editing the original document
    3Click Releases tab
    Click Add Releases button    		The page changes to New Release Edit page
    4Fill in a release Version and CPE ID
    Eg:
    + Version: @1.0.2
    + CPE ID: moshiano_002    		Values are entered in the fields
    5Click Vendor fieldSearch Vendor dialog is displayed
    6Click Add VendorCreate New Vendor dialog is displayed
    7Fill in Full name, Short name and URL
    Eg:
    Full Name: Fullvendor_0909
    Short Name: Short_ven090
    URL: https://github.com/    		Values are entered in the fields
    8Click Add VendorDialog closes and the new vendor is displayed in release Vendor field with full name Fullvendor_0909
    9Click Create ReleaseRedirect to edit release page with the message Success:You are editing the original document. is displayed
    10Click component name link on top of the pageSummary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under Vendors field for the component

    TC10: Link a release to the project in view component page and check used by projects

    StepActionResult
    1Search for an existing component with release and click Release Overview tabThe list of releases are displayed
    2Click Link Project button under Action columnThe dialog Link Release to Project is displayed with Link to Project button is disabled
    3Click Search button then choose a project to linkLink to Project button on the dialog is enabled
    4Click Link to Project buttonThe release {component name} ({version}) has been successfully linked to project {project name}
    Click here to edit the release relation as well as the project mainline state in the project. message is displayed
    5Click here hyperlink in the dialogRedirect to the edit project page with the release was linked (displayed on License Clearing page)
    6Re-open the release at view page and click Summary tabUsed by project information is updated correspondingly

    TC11: Link a release to a project in the view release page

    StepActionResult
    1Search for an existing component with release and click Release Overview tabThe list of releases are displayed
    2Click a release name hyperlink. Eg: release R1Redirect to the view release page
    3Click Link to Project buttonThe dialog Link Release to Project is displayed with Link to Project button is disabled
    4Click Search button then choose a project to linkLink to Project button on the dialog is enabled
    5Click Link to Project buttonThe release {component name} ({version}) has been successfully linked to project {project name}
    Click here to edit the release relation as well as the project mainline state in the project. message is displayed
    6Click here hyperlink in the dialogRedirect to the edit project page with the release was linked (displayed on License Clearing page)

    TC12: Import a new component by .spdx/.xml/ .rdf file

    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Import SBOM buttonA dialog Upload SBOM is displayed
    3Choose a .spdx or .xml or .rdf file by clicking on the Browse button or drop/draft a file into the dialogThe message is displayed in the dialog:
    The new Component and new Release will be created, do you want to import?
    New Component: {new component names}
    New Release: {new release names}
    4Click Import buttonThe dialog is closed. New releases and new components are imported successfully

    TC13: Export components without releases

    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Export Spreadsheet button and choose Components only option- A new file with name’s format components-{yyyy}-{mm}-{dd}.xlsx is downloaded
    - The content of the downloaded file includes information of all components in the system

    TC14: Export components with releases

    StepActionResult
    1Click Components tabComponents page is displayed
    2Click Export Spreadsheet button and choose Components with releases option- New file with name components-{yyyy}-{mm}-{dd}.xlsx is downloaded.
    - The content of the downloaded file includes information of all components and releases in the system

    TC15: Create a clearing request for a release

    StepActionResult
    1Search for an existing component with releases and click Release Overview tabThe list of releases are displayed
    2Click Edit button under Action column. Eg: edit release R1Redirect to view release page and the message Success:You are editing the original document. is displayed
    3Click Attachments tab, then add a source file (Eg: .rdf file) with Type is Source fileThe data is updated correspondingly
    4Click Update Release buttonThe message Success:Release {release name} updated successfully! is displayed
    5Click Clearing details tab, then click Fossology Process icon beside Clearing State field and wait for the process to finishThe message The FOSSology process already finished. You should find the resulting report as attachment at this release. is displayed in the Fossology Process dialog
    6Click Close button in the dialogThe dialog is closed
    7Reload this page, then click Attachments tabA new file is listed in Attachments page with name’s format {component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf
    Last modified March 1, 2024: feat(docs): Update test case for Component, Release (d3f2afc)
    + + + \ No newline at end of file diff --git a/docs/development/testcases/test-cases-licenses/index.html b/docs/development/testcases/test-cases-licenses/index.html index 7d9060e..24637f1 100644 --- a/docs/development/testcases/test-cases-licenses/index.html +++ b/docs/development/testcases/test-cases-licenses/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -Licenses | Eclipse SW360 -Licenses | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Licenses

    - -
    - - - - - - - - - - - - - -
    -

    Create, edit and delete license

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Sign In with a known clearing admin userUser successfully signed in and Home page is displayed
    2Click on Licenses tabLicenses page is displayed
    3Click on Add LicenseNew License page is displayed
    4Fill in Fullname and Shortname fields and press Add LicenseLicense added successfully! message is displayed
    5Write the license or part of newly created license name in Keyword Search fieldLicense is filtered successfully
    6Click on license name and then on Edit License Details and TextLicense page is displayed
    7Modify some fields and click Update LicenseLicense updated successfully! message is displayed
    8Check all fields on Details and Text pagesValues are filled in correctly
    9Click on Edit License Details and TextLicense page is displayed
    10Click o Delete license nameLicense removed successfully! message is displayed
    -

    Edit license TODOs and Obligations

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Sign In with a known clearing admin userUser successfully signed in and Home page is displayed
    2Click on previously created license nameLicense Details page is displayed
    3Click on Add a TodoTodo page displayed successfully
    4Enter a Todo text (e.g. “First todo text”), click Applies to development, and click SubmitLicense updated successfully! message is displayed
    5Click TODOs and ObligationsThe previously entered Todo is listed on the page with No obligations
    6Click on Add a TodoTodo page displayed successfully
    7Enter a Todo text (e.g. “Second todo text”), click on some Obligations and click SubmitLicense updated successfully! message is displayed
    8Click TODOs and ObligationsThe previously entered Todo is listed on the page together with chosen obligations
    9Click on Edit WhiteList, deselect first Todo and click SubmitThe deselected Todo is not displayed anymore on TODOs and Obligations page
    -

    Check Export Licenses

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click on Licenses tabLicenses page is displayed
    3Click on Export LicensesA dialog for opening Licenses.xlsx is displayed
    4Open the xlsx file and compare the number of rows with total number of entries from Licenses tabAll licenses names are exported successfully.
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +User successfully signed in and Home page is …"> +

    Licenses

    Create, edit and delete license

    StepActionResult
    1Sign In with a known clearing admin userUser successfully signed in and Home page is displayed
    2Click on Licenses tabLicenses page is displayed
    3Click on Add LicenseNew License page is displayed
    4Fill in Fullname and Shortname fields and press Add LicenseLicense added successfully! message is displayed
    5Write the license or part of newly created license name in Keyword Search fieldLicense is filtered successfully
    6Click on license name and then on Edit License Details and TextLicense page is displayed
    7Modify some fields and click Update LicenseLicense updated successfully! message is displayed
    8Check all fields on Details and Text pagesValues are filled in correctly
    9Click on Edit License Details and TextLicense page is displayed
    10Click o Delete license nameLicense removed successfully! message is displayed

    Edit license TODOs and Obligations

    StepActionResult
    1Sign In with a known clearing admin userUser successfully signed in and Home page is displayed
    2Click on previously created license nameLicense Details page is displayed
    3Click on Add a TodoTodo page displayed successfully
    4Enter a Todo text (e.g. “First todo text”), click Applies to development, and click SubmitLicense updated successfully! message is displayed
    5Click TODOs and ObligationsThe previously entered Todo is listed on the page with No obligations
    6Click on Add a TodoTodo page displayed successfully
    7Enter a Todo text (e.g. “Second todo text”), click on some Obligations and click SubmitLicense updated successfully! message is displayed
    8Click TODOs and ObligationsThe previously entered Todo is listed on the page together with chosen obligations
    9Click on Edit WhiteList, deselect first Todo and click SubmitThe deselected Todo is not displayed anymore on TODOs and Obligations page

    Check Export Licenses

    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click on Licenses tabLicenses page is displayed
    3Click on Export LicensesA dialog for opening Licenses.xlsx is displayed
    4Open the xlsx file and compare the number of rows with total number of entries from Licenses tabAll licenses names are exported successfully.
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/testcases/test-cases-moderations/index.html b/docs/development/testcases/test-cases-moderations/index.html index 73209e3..e031abf 100644 --- a/docs/development/testcases/test-cases-moderations/index.html +++ b/docs/development/testcases/test-cases-moderations/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -Moderation | Eclipse SW360 -Moderation | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Moderation

    - -
    - - - - - - - - - - - - - -
    -

    Accept moderation request, for visible projects by other users

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Open first browser instance ((e.g. “firefox.exe -p “profile1” -no-remote”) and sign in with a known First userUser successfully signed in and Home page is displayed
    2Open a second browser instance ((e.g. “firefox.exe -p “profile2” -no-remote”) and sign in with a known Second userUser successfully signed in and Home page is displayed
    3Activate First browser instanceInstance is active
    4Create a new project visible for Second user (e.g. Me and Moderators, Group and Moderators, Everyone)Project is created successfully
    5Activate Second browser instanceInstance is active
    6Search for the above created project and click EditYou will create a moderation request if you update. message is displayed
    7Edit Description field or other fields and click Update ProjectModeration request was sent to update the Project name! message is displayed.
    8Activate First browser instanceInstance is active
    9Check My Task Assignments on Home pageThe above project that needs moderation is displayed with status PENDING
    10Click on Moderation pageThe moderation request of Second user is displayed with state Pending
    11Click on moderation requestModeration Change Project page is displayed, with proposed changes from step 7 listed
    12Click on Accept RequestYou have accepted the previous moderation request. message is displayed, and State changes to Approved
    13Check My Task Assignments on Home pageStatus is APPROVED
    14Activate Second browser instanceInstance is active
    15Check _My Task Submissions on Home pageStatus is APPROVED
    16Open the Projects tab and click on previously modified project on step 7Project Summary page displayed successfully
    17Check the moderation requested changesChanges are visible in the corresponding fields
    -

    Decline moderation request, for visible projects by other users

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1-11Same as in TC01
    12Click on Decline RequestYou have declined the previous moderation request message is displayed, and State changes to Rejected
    13Check My Task Assignments on Home pageStatus is REJECTED
    14Activate Second browser instanceInstance is active
    15Check _My Task Submissions on Home pageStatus is REJECTED
    16Open the Projects tab and click on previously modified project on step 7Project Summary page displayed successfully
    17Check the moderation requested changesChanges are not visible in the corresponding fields
    -

    Remove Me from Moderators for moderation request, for visible projects by other users

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1-11Same as in TC01
    12Click on Remove Me from ModeratorsYou are the last moderator for this request - you are not allowed to unsubscribe. message is displayed (assuming only First user was listed under Moderators column in step 10)
    13Click on Decline RequestYou have declined the previous moderation request message is displayed, and State changes to Rejected
    14Edit the project and add a new moderator (e.g. Third user) under Moderators fieldProject updated successfully.
    15Activate Second browser instanceInstance is active
    16Edit the project and create a new moderation requestModeration request was sent
    17Activate First browser instanceInstance is active
    18Click on Moderation pageThe moderation request of Second user is displayed with state Pending
    19Click on moderation requestModeration Change Project page is displayed, with proposed changes from step 7 listed
    20Click on Remove Me from ModeratorsYou are removed from the list of moderators for the previous moderation request. You have no open Requests. message is displayed. Also the document is deleted from moderation list.
    21Login with the Third user and check the Moderation tabThe moderation request of Second user is displayed with state Pending
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Open first browser instance ((e.g. “firefox.exe -p …"> +

    Moderation

    Accept moderation request, for visible projects by other users

    StepActionResult
    1Open first browser instance ((e.g. “firefox.exe -p “profile1” -no-remote”) and sign in with a known First userUser successfully signed in and Home page is displayed
    2Open a second browser instance ((e.g. “firefox.exe -p “profile2” -no-remote”) and sign in with a known Second userUser successfully signed in and Home page is displayed
    3Activate First browser instanceInstance is active
    4Create a new project visible for Second user (e.g. Me and Moderators, Group and Moderators, Everyone)Project is created successfully
    5Activate Second browser instanceInstance is active
    6Search for the above created project and click EditYou will create a moderation request if you update. message is displayed
    7Edit Description field or other fields and click Update ProjectModeration request was sent to update the Project name! message is displayed.
    8Activate First browser instanceInstance is active
    9Check My Task Assignments on Home pageThe above project that needs moderation is displayed with status PENDING
    10Click on Moderation pageThe moderation request of Second user is displayed with state Pending
    11Click on moderation requestModeration Change Project page is displayed, with proposed changes from step 7 listed
    12Click on Accept RequestYou have accepted the previous moderation request. message is displayed, and State changes to Approved
    13Check My Task Assignments on Home pageStatus is APPROVED
    14Activate Second browser instanceInstance is active
    15Check _My Task Submissions on Home pageStatus is APPROVED
    16Open the Projects tab and click on previously modified project on step 7Project Summary page displayed successfully
    17Check the moderation requested changesChanges are visible in the corresponding fields

    Decline moderation request, for visible projects by other users

    StepActionResult
    1-11Same as in TC01
    12Click on Decline RequestYou have declined the previous moderation request message is displayed, and State changes to Rejected
    13Check My Task Assignments on Home pageStatus is REJECTED
    14Activate Second browser instanceInstance is active
    15Check _My Task Submissions on Home pageStatus is REJECTED
    16Open the Projects tab and click on previously modified project on step 7Project Summary page displayed successfully
    17Check the moderation requested changesChanges are not visible in the corresponding fields

    Remove Me from Moderators for moderation request, for visible projects by other users

    StepActionResult
    1-11Same as in TC01
    12Click on Remove Me from ModeratorsYou are the last moderator for this request - you are not allowed to unsubscribe. message is displayed (assuming only First user was listed under Moderators column in step 10)
    13Click on Decline RequestYou have declined the previous moderation request message is displayed, and State changes to Rejected
    14Edit the project and add a new moderator (e.g. Third user) under Moderators fieldProject updated successfully.
    15Activate Second browser instanceInstance is active
    16Edit the project and create a new moderation requestModeration request was sent
    17Activate First browser instanceInstance is active
    18Click on Moderation pageThe moderation request of Second user is displayed with state Pending
    19Click on moderation requestModeration Change Project page is displayed, with proposed changes from step 7 listed
    20Click on Remove Me from ModeratorsYou are removed from the list of moderators for the previous moderation request. You have no open Requests. message is displayed. Also the document is deleted from moderation list.
    21Login with the Third user and check the Moderation tabThe moderation request of Second user is displayed with state Pending
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/development/testcases/test-cases-projects/index.html b/docs/development/testcases/test-cases-projects/index.html index 5241462..2318c7d 100644 --- a/docs/development/testcases/test-cases-projects/index.html +++ b/docs/development/testcases/test-cases-projects/index.html @@ -1,25 +1,4 @@ - - - - - - - - - - - - - - - - - - - - -Projects | Eclipse SW360 -Projects | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Projects

    - -
    - - - - - - - - - - - - - -
    -

    Add a simple project with no relations and no releases

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click on Projects tabProjects page is displayed
    3Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    4Fill mandatory Name with a project name, change other fields if neededValues are entered in the fields
    5Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    6Click Cancel buttonNew project Summary page is displayed
    7Click on Projects tabThe new project should be added to the projects list
    -

    Add a full project with relations, releases and send to clearing process

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click on Projects tabProjects page is displayed
    2Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    3Fill mandatory Name with a project name, change other fields if neededValues are entered in the fields
    4Click Click to add linked ProjectsSearch Project dialog is displayed
    5Click Search and Select the project to be linked (e.g. created in TC01)Dialog is closed and selected project is displayed under Linked Projects section
    6Click Click to add ReleasesSearch Release dialog is displayed
    7Click Search by name and Select a release to be addedDialog is closed and selected release is displayed under Linked Releases section
    8Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    9Click Cancel buttonNew project Summary page is displayed
    10Click on Projects tabThe new project should be added to the projects list
    11Check Clearing Status by hovering mouse over the numbers.The message should be new release, under clearing…
    12Send open release to clearing by clicking the button Send to fossology, under Actions columnFossology Clearing dialog is displayed
    13Select the release to be sent for clearing and click SendSent message is displayed near the Send to fossology button
    14Click on project name and check Summary pageClearing details should have 1 for Under clearing
    15Click on Clearing StatusThe “Release Clearing State_ should be Sent to Fossology
    -

    Add a project with releases, no relations, remove a release, and send to clearing process

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1-5Same as in TC02
    5aClick on Delete icon to delete the linked projectDo you really want to remove the link to this project? message is displayed
    5bClick OKThe project is removed from the list of Linked Projects
    6Click Click to add ReleasesSearch Release dialog is displayed
    7Click Search by name and Select more than one release to be addedDialog is closed and selected releases are displayed under Linked Releases section
    7aClick on Delete icon to delete one of the linked releaseDo you really want to remove the link to this release? message is displayed
    7bClick OKThe release is removed from the list of Linked Releases
    8-15Same as in TC02
    -

    ##TC04: Delete a project that is first linked to another project and then not linked

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Create a new projectProject is created successfully
    2Create another project and add first created one as linked projectProjects are linked successfully
    3Go to first created project in the projects table and try to delete itMessage Do you want to delete project name? is displayed
    4Click OKMessage The project is used by another project! is displayed
    5Click OKProject is not deleted (e.g. refresh the page by clicking Projects tab)
    6Go to second created project in the projects table and delete itMessage Do you want to delete project name? is displayed
    7Click OKProject is deleted successfully
    8Go to first created project in the table (not linked anymore to second project) and delete itProject is deleted successfully
    -

    Modify an existing project with relations, releases and send to clearing process

    - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for a simple project (e.g. created in TC01) and click EditYou are editing the original document message is displayed
    2Execute steps 5-16 from TC02
    -

    Add and modify a project with all project fields filled in

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Click on Projects tabProjects page is displayed
    2Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    3Fill in all editable fields under Basic Information, User Information and Admin InformationValues are entered in the fields
    4Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    5Click Cancel buttonNew project Summary page is displayed
    6Check all fields on Summary pageValues are filled in correctly
    7Click Edit button, modify some fields and Update ProjectValues are updated successfully
    -

    Duplicate an existing project

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StepActionResult
    1Search for an existing project with all fields filled in (e.g. created in TC06) and click Duplicate button under Actions columnProject Information page is displayed
    2Check all fields from copied projectAll fields are unchanged, including Linked Projects and Linked Releases
    3Fill mandatory Name with a project name and click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    4Click Cancel buttonNew project Summary page is displayed
    5Check all fieldsAll fields were copied successfully, except the new name of the project
    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +User successfully signed in and Home page …"> +

    Projects

    Add a simple project with no relations and no releases

    StepActionResult
    1Sign In with a known userUser successfully signed in and Home page is displayed
    2Click on Projects tabProjects page is displayed
    3Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    4Fill mandatory Name with a project name, change other fields if neededValues are entered in the fields
    5Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    6Click Cancel buttonNew project Summary page is displayed
    7Click on Projects tabThe new project should be added to the projects list

    Add a full project with relations, releases and send to clearing process

    StepActionResult
    1Click on Projects tabProjects page is displayed
    2Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    3Fill mandatory Name with a project name, change other fields if neededValues are entered in the fields
    4Click Click to add linked ProjectsSearch Project dialog is displayed
    5Click Search and Select the project to be linked (e.g. created in TC01)Dialog is closed and selected project is displayed under Linked Projects section
    6Click Click to add ReleasesSearch Release dialog is displayed
    7Click Search by name and Select a release to be addedDialog is closed and selected release is displayed under Linked Releases section
    8Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    9Click Cancel buttonNew project Summary page is displayed
    10Click on Projects tabThe new project should be added to the projects list
    11Check Clearing Status by hovering mouse over the numbers.The message should be new release, under clearing…
    12Send open release to clearing by clicking the button Send to fossology, under Actions columnFossology Clearing dialog is displayed
    13Select the release to be sent for clearing and click SendSent message is displayed near the Send to fossology button
    14Click on project name and check Summary pageClearing details should have 1 for Under clearing
    15Click on Clearing StatusThe “Release Clearing State_ should be Sent to Fossology

    Add a project with releases, no relations, remove a release, and send to clearing process

    StepActionResult
    1-5Same as in TC02
    5aClick on Delete icon to delete the linked projectDo you really want to remove the link to this project? message is displayed
    5bClick OKThe project is removed from the list of Linked Projects
    6Click Click to add ReleasesSearch Release dialog is displayed
    7Click Search by name and Select more than one release to be addedDialog is closed and selected releases are displayed under Linked Releases section
    7aClick on Delete icon to delete one of the linked releaseDo you really want to remove the link to this release? message is displayed
    7bClick OKThe release is removed from the list of Linked Releases
    8-15Same as in TC02

    ##TC04: Delete a project that is first linked to another project and then not linked

    StepActionResult
    1Create a new projectProject is created successfully
    2Create another project and add first created one as linked projectProjects are linked successfully
    3Go to first created project in the projects table and try to delete itMessage Do you want to delete project name? is displayed
    4Click OKMessage The project is used by another project! is displayed
    5Click OKProject is not deleted (e.g. refresh the page by clicking Projects tab)
    6Go to second created project in the projects table and delete itMessage Do you want to delete project name? is displayed
    7Click OKProject is deleted successfully
    8Go to first created project in the table (not linked anymore to second project) and delete itProject is deleted successfully

    Modify an existing project with relations, releases and send to clearing process

    StepActionResult
    1Search for a simple project (e.g. created in TC01) and click EditYou are editing the original document message is displayed
    2Execute steps 5-16 from TC02

    Add and modify a project with all project fields filled in

    StepActionResult
    1Click on Projects tabProjects page is displayed
    2Click Add ProjectNew Project page is displayed with mandatory fields marked with red star
    3Fill in all editable fields under Basic Information, User Information and Admin InformationValues are entered in the fields
    4Click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    5Click Cancel buttonNew project Summary page is displayed
    6Check all fields on Summary pageValues are filled in correctly
    7Click Edit button, modify some fields and Update ProjectValues are updated successfully

    Duplicate an existing project

    StepActionResult
    1Search for an existing project with all fields filled in (e.g. created in TC06) and click Duplicate button under Actions columnProject Information page is displayed
    2Check all fields from copied projectAll fields are unchanged, including Linked Projects and Linked Releases
    3Fill mandatory Name with a project name and click Add ProjectThe page remain the same and the message You are editing the original document. is displayed
    4Click Cancel buttonNew project Summary page is displayed
    5Check all fieldsAll fields were copied successfully, except the new name of the project
    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (d9ed054)
    + + + \ No newline at end of file diff --git a/docs/index.html b/docs/index.html index 5221c39..329645d 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,883 +1,90 @@ - - - - - - - - - - - - - - - - - - - - - -SW360 Documentation | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 Documentation

    - -
    - - - - - - - - - - - - - -
    -

    Overview

    -

    SW360 is a software catalogue application that has been developed to facilitate the sharing of information related to software components used by an organization. Its primary objective is to manage software license information with the support of workflows. The application employs license scanners FOSSology, which is integrated to analyze the source code for licenses, copyrights, and other relevant information.

    -

    SW360 has been designed to seamlessly integrate with existing software artifact and project management infrastructures. It provides separate backend services for distinct tasks and a set of portlets to access these services. To ensure a smooth and hassle-free deployment, a complete deployment unit is available, which includes a Vagrant box or Docker container that contains a complete configuration of all services and portlets.

    -

    SW360 comprises the following main use case areas:

    -
      -
    • Project: Handling of project information with all contained Open Source SW components and other Third Party SW Components and Snippets.
      • -
    • Component/Releases: Handling of information and processes related to components, e.g. name, vendor, version, ECCN information, license compliance information
      • -
    • License: Handling of information regarding licenses, e.g. license texts, copyrights, acknowledgements, obligations etc.
      • -
    • Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service
      • -
    • License Compliance documentation: all relevant documents (e.g. Readme, source code bundle) can be created, supported by workflows.
      • -
    -

    Functionality

    -

    The SW360 is a software catalogue application with which you can:

    -
      -
    • Manage your components and projects
      • -
    • Send source packages to the clearing tool Fossology
      • -
    • Reuse cleared components and releases for your project
      • -
    • Import cleared components with clearing reports and other documents
      • -
    • Browse licenses and their obligations
      • -
    -

    SW360 is

    -
      -
    • Based on the Open Source Liferay portal server
      • -
    • Integrated with Fossology
      • -
    -

    In order to work with SW360, please note a fundamental setup in the data model when dealing with components:

    -
      -
    • A component is a list of releases with metadata.
      • -
    • A Release is a version of a component with metadata and specific attachments.
      • -
    • A project refers to a number of releases of components accordingly, not components.
      • -
    • A vendor is separate from a component and releases. The link to the vendor is set at the release. (think of Sun and Oracle where the owner changed with a new release)
      • -
    -

    Getting started

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameURLRemarks
    Main home pagehttps://www.eclipse.org/sw360/main home page with general info
    Project @ Githubhttps://github.com/eclipse/sw360where the music plays
    Developer mailing listsw360-dev@eclipse.orgfor developers, discussion about developing
    Slack Channelhttps://sw360chat.slack.com/the main chat spot, everybody is welcome
    Slack Channel Invitation LinkSharable join link to jointhat should bring you in
    sw360 developer meetingMeeting InfoEveryone is welcome!
    - -
    - - - - - - - - -
    - - -
    -
    - User Guides -
    -

    This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools.

    -
    - - -
    -
    - Administration Guides -
    -

    SW360 Administration Guides

    -
    - - -
    -
    - Deployment -
    -

    SW360 Deployment Guides

    -
    - - -
    -
    - Development -
    -

    SW360 Development Information

    -
    - - -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +SW360 Documentation | Eclipse SW360 +

    SW360 Documentation

    Overview

    SW360 is a software catalogue application that has been developed to facilitate the sharing of information related to software components used by an organization. Its primary objective is to manage software license information with the support of workflows. The application employs license scanners FOSSology, which is integrated to analyze the source code for licenses, copyrights, and other relevant information.

    SW360 has been designed to seamlessly integrate with existing software artifact and project management infrastructures. It provides separate backend services for distinct tasks and a set of portlets to access these services. To ensure a smooth and hassle-free deployment, a complete deployment unit is available, which includes a Vagrant box or Docker container that contains a complete configuration of all services and portlets.

    SW360 comprises the following main use case areas:

    • Project: Handling of project information with all contained Open Source SW components and other Third Party SW Components and Snippets.
    • Component/Releases: Handling of information and processes related to components, e.g. name, vendor, version, ECCN information, license compliance information
    • License: Handling of information regarding licenses, e.g. license texts, copyrights, acknowledgements, obligations etc.
    • Vulnerability: Collecting Security Vulnerability Management Information and matching them with components stored in the component service
    • License Compliance documentation: all relevant documents (e.g. Readme, source code bundle) can be created, supported by workflows.

    Functionality

    The SW360 is a software catalogue application with which you can:

    • Manage your components and projects
    • Send source packages to the clearing tool Fossology
    • Reuse cleared components and releases for your project
    • Import cleared components with clearing reports and other documents
    • Browse licenses and their obligations

    SW360 is

    • Based on the Open Source Liferay portal server
    • Integrated with Fossology

    In order to work with SW360, please note a fundamental setup in the data model when dealing with components:

    • A component is a list of releases with metadata.
    • A Release is a version of a component with metadata and specific attachments.
    • A project refers to a number of releases of components accordingly, not components.
    • A vendor is separate from a component and releases. The link to the vendor is set at the release. (think of Sun and Oracle where the owner changed with a new release)

    Getting started

    NameURLRemarks
    Main home pagehttps://www.eclipse.org/sw360/main home page with general info
    Project @ Githubhttps://github.com/eclipse/sw360where the music plays
    Developer mailing listsw360-dev@eclipse.orgfor developers, discussion about developing
    Slack Channelhttps://sw360chat.slack.com/the main chat spot, everybody is welcome
    Slack Channel Invitation LinkSharable join link to jointhat should bring you in
    sw360 developer meetingMeeting InfoEveryone is welcome!
    User Guides

    This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools.

    Administration Guides

    SW360 Administration Guides

    Deployment

    SW360 Deployment Guides

    Development

    SW360 Development Information

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/index.xml b/docs/index.xml index b436047..cee03ae 100644 --- a/docs/index.xml +++ b/docs/index.xml @@ -1,8650 +1,7772 @@ - - - Eclipse SW360 – SW360 Documentation - https://www.eclipse.org/sw360/docs/ - Recent content in SW360 Documentation on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Login - https://www.eclipse.org/sw360/docs/userguide/login/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/login/ - - - - <p>You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.</p> -<p>You will see a &ldquo;Welcome to SW360!&rdquo; homepage which is a public area with <strong>Sign In</strong> and <strong>Create Account</strong> buttons. -The Sign In button will redirect to the private area in order to work with the portal.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/duo.png"/> -</figure> - -<p>Your private area contains an overview of your <strong>Projects</strong> and <strong>Components</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/homepage.png"/> -</figure> - -<p>The idea of &ldquo;Your&rdquo; refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.</p> - - - - - - Docs: Home Page - https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ - - - - <h1 id="home-page">Home Page</h1> -<p>The private area of the home page contains an overview of projects and components which are specific to you and other general information.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Home_Page.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No</th> -<th style="text-align:left">Name</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left">Main Menu</td> -<td style="text-align:left">Main menu consists primarily of the various tasks you can perform.</td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left">My Projects</td> -<td style="text-align:left">Displays the list of projects for a specific role or clearing state.</td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left">My Task Assignments</td> -<td style="text-align:left">Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.</td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left">My Components</td> -<td style="text-align:left">Displays the list of components that are created by you.</td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left">My Task Submissions</td> -<td style="text-align:left">These are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.</td> -</tr> -<tr> -<td style="text-align:center">6</td> -<td style="text-align:left">Search Bar</td> -<td style="text-align:left">You can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.</td> -</tr> -<tr> -<td style="text-align:center">7</td> -<td style="text-align:left">My Profile</td> -<td style="text-align:left">You can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:</br> - <strong>My sites</strong>, will redirect you to a page where you can view all the sites you have opened in the past. </br> - <strong>My profile</strong>, will redirect you to a page where you can view your vcard. </br> - <strong>My dashboard</strong>, will redirect you to a page where you can view summary of your profile. </br> - <strong>Notifications</strong>, will redirect you to a page where you can view all the latest updates. </br> - <strong>Shared content</strong>, will redirect you to a page where you can view all the shared content which are shared with you or shared by you. </br> - <strong>My submissions</strong>, will redirect you to a page where you can view all of your submissions. </br> - <strong>My workflow tasks</strong>, will redirect you to a page where you can view the tasks which are assined to you or your roles. </br> - <strong>Account settings</strong>, will redirect you to a page where you can modify <strong>general information</strong>, <strong>passwords</strong>, <strong>addresses and contact</strong> information and <strong>alert preferences</strong> as needed. </br> - <strong>My connected applications</strong>, will redirect you to a page where you can view connected applications. </br> - <strong>My organization</strong>, will redirect you to a page where you can view your organization information. </br> - You can sign out of SW360 using <strong>sign out</strong> option.</td> -</tr> -<tr> -<td style="text-align:center">8</td> -<td style="text-align:left">My Subscriptions</td> -<td style="text-align:left">Displays a list of various components and releases you have subscribed to. </br> <code> NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.</code></td> -</tr> -<tr> -<td style="text-align:center">9</td> -<td style="text-align:left">Recent Components</td> -<td style="text-align:left">Displays a list of recent components which are added to SW360.</td> -</tr> -<tr> -<td style="text-align:center">10</td> -<td style="text-align:left">Recent Releases</td> -<td style="text-align:left">Displays a list of recent releases which are added to SW360.</td> -</tr> -</tbody> -</table> - - - - - - Docs: Project - https://www.eclipse.org/sw360/docs/userguide/project/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/project/ - - - - <h1 id="10-project-page">1.0 Project Page</h1> -<h2 id="101-introduction">1.01 Introduction</h2> -<p>Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Projectpage.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#103-project-search">Advanced Search</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#104-add-project">Add Project</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#105-import-sbom">Import SPDX BOM</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#113-export-spreadsheet">Export Spreadsheet</a></td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left"><a href="#102-project-list">Project List</a></td> -</tr> -</tbody> -</table> -<h2 id="102-project-list">1.02 Project List</h2> -<p>The Project List lists all the relevant projects with the following information:</p> -<ul> -<li> -<p><strong>Project name</strong>: All the projects are listed with their names.</p> -</li> -<li> -<p><strong>Description</strong>: The description for the project is displayed here.</p> -</li> -<li> -<p><strong>Project responsible</strong>: The email address of the person responsible for the project is displayed.</p> -</li> -<li> -<p><strong>State</strong>: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.</p> -<table> -<thead> -<tr> -<th style="text-align:right">Color</th> -<th style="text-align:left">Project State (PS)</th> -<th style="text-align:left">Project Clearing State (CS)</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right"><span style="color:#68C17C"> <strong>Green</strong> </span></td> -<td style="text-align:left">Active</td> -<td style="text-align:left">Closed</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#FFD351"> <strong>Yellow</strong> </span></td> -<td style="text-align:left">Not Applicable</td> -<td style="text-align:left">In-progress</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#E6717C"> <strong>Red</strong> </span></td> -<td style="text-align:left">Open</td> -<td style="text-align:left">Open</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#DEE2E6"> <strong>Grey</strong> </span></td> -<td style="text-align:left">Phase out/ Unknown</td> -<td style="text-align:left">Not Applicable</td> -</tr> -</tbody> -</table> -</li> -<li> -<p><strong>License Clearing</strong> displays the clearing states for releases for the project including sub projects.</p> -</li> -<li> -<p><strong>Actions</strong>: you can perform the following actions for a project:</p> -<table> -<thead> -<tr> -<th style="text-align:center">Action</th> -<th style="text-align:left">Description </span></th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> -</figure> -</td> -<td style="text-align:left">To edit a Project</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> -</td> -<td style="text-align:left">To create clearing request the OSS clearing team</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> -</figure> -</td> -<td style="text-align:left">To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -</td> -<td style="text-align:left">To delete the project from SW360.</td> -</tr> -</tbody> -</table> -</li> -</ul> -<p><strong>NOTE: CLICK ON -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SortIcon.png"/> -</figure> - TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="103-project-search">1.03 Project Search</h2> -<p><strong>Advanced search</strong> dialogue box allows you to search for a particular project. To search for a project follow the procedure:</p> -<ol> -<li>Enter the <strong>Project name</strong> and <strong>Version</strong> of the project that you want to search.</li> -<li>Select the <strong>Project Type</strong> from the drop-down list. For more information regarding the project type, refer to paragraph 4. of <a href="#a-general-information">General Information</a>.</li> -<li>Search the project by <strong>Project Responsible</strong> email.</li> -<li>Search projects by their <strong>Group</strong>, select the group from the drop-down list.</br><code>NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.</code></li> -<li>Search projects by their project <strong>State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> -<li>You can search the projects by their <strong>Clearing State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> -<li>You can search projects by their <strong>Tags</strong>. If there are multiple tags that you want to search, use a comma to separate.</li> -<li>You can search projects by <strong>Additional Data</strong>.</li> -</ol> -<h2 id="104-add-project">1.04 Add Project</h2> -<p>To add a new project, click on the <strong>Add Project</strong> on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:</p> -<ul> -<li><strong>Summary</strong></li> -<li><strong>Administration</strong></li> -<li><strong>Linked Releases and Projects</strong></li> -</ul> -<h3 id="1-summary"><strong>1.</strong> <strong>Summary</strong></h3> -<h4 id="a-general-information"><strong>A.</strong> <strong>General Information</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY</code></p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20%281%29.png"/> -</figure> - -<ol> -<li> -<p>Enter the <strong>Name</strong> of the project you want to create.</p> -</li> -<li> -<p>The field <strong>Created by</strong> is set automatically to the creator/owner of the project.</p> -</li> -<li> -<p><strong>Version</strong> of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.</p> -</li> -<li> -<p>Select the <strong>Project Type</strong> from the drop-down list.</p> -<ul> -<li>Customer: Delivered to the customer</li> -<li>Internal: Internally used but can also be used in other projects as a sub-project</li> -<li>Product: Developed as a product and delivered to the customer</li> -<li>Services: Developed as a service and delivered to the customer</li> -<li>Inner Source: OSS within a particular organization</li> -</ul> -</li> -<li> -<p><strong>Project Visibility</strong> describes if the project is visible to all or only selected personnel. The default is set to &ldquo;everyone&rdquo;, you can select the project visibility from the drop-down list.</p> -<ul> -<li>Private: Only visible to creator or admin</li> -<li>Me and Moderators: Visible to creator, moderators and admins</li> -<li>Group and Moderators: Visible to all users of the same group and the moderators</li> -<li>Everyone: All logged in users</li> -</ul> -</li> -<li> -<p><strong>Tags</strong> are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.</p> -</li> -<li> -<p>Check or uncheck the following fields as required:</p> -<ul> -<li><strong>Enable Security Vulnerability Monitoring</strong> (activated only if security responsible are added), refer to <a href="#c-roles">C. Roles</a>.</li> -<li><strong>Do not create monitoring list</strong>, but use from the external id, refer to <a href="#e-external-ids">E. External IDs</a>.</li> -<li><strong>Enable Displaying Vulnerabilities</strong> if you want the vulnerabilities to be visible.</li> -</ul> -</li> -<li> -<p><strong>Modified on</strong> date will be set automatically on creating the project.</p> -</li> -<li> -<p><strong>Description</strong>: You can enter details of your project.</p> -</li> -<li> -<p><strong>Modified by</strong> will be set automatically.</p> -</li> -<li> -<p>Select the <strong>Domain</strong> for your project from the drop-down list.</p> -<ul> -<li>Application software</li> -<li>Documentation</li> -<li>Embedded Software</li> -<li>Hardware</li> -<li>Test and diagnostics</li> -</ul> -</li> -<li> -<p>Click on the field to select the <strong>Vendor</strong> for your project.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the vendors.</li> -<li>Select the vendors</li> -<li>Click on <strong>Add Vendor</strong>.</li> -</ul> -</li> -</ol> -<h4 id="b-external-urls"><strong>B. External URLs</strong></h4> -<p>Click on <strong>Click to add row to external URLs</strong> to add URLs of your project.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png"/> - </figure> -</p> -<ol> -<li> -<p>Select <strong>External URL Key</strong> from the drop-down list.</p> -<ul> -<li>Homepage: Link for homepage</li> -<li>Wiki page: Link for wiki page</li> -<li>Clearing:</li> -</ul> -</li> -<li> -<p>Enter <strong>External URL Value</strong>. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png"/> - </figure> -</p> -</li> -<li> -<p>To delete an external URL, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="c-roles"><strong>C. Roles</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png"/> -</figure> - -<ol> -<li> -<p><strong>Group</strong> is the department you/project owner belongs to. Click on the group field to select a <strong>Group</strong> for your project.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the group.</li> -<li>Select the group.</li> -<li>Click on <strong>Select</strong></li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject4.png"/> - </figure> - -</li> -<li> -<p>Enter the <strong>Owners Accounting Unit</strong>.</p> -</li> -<li> -<p>Project manager is the user who manages the project. Click on the field to select <strong>Project Manager</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Project Manager.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject_5.png"/> - </figure> - -</li> -<li> -<p>Enter the <strong>Owners Billing Group</strong>.</p> -</li> -<li> -<p><strong>Project Owner</strong> holds the project. Click on the field to select <strong>Project Owner</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Project Owner.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Select the <strong>Owner Country</strong> from the drop-down list.</p> -</li> -<li> -<p><strong>Security responsible</strong> is the list of users responsible for the security of the project. Click on the field to select <strong>Security responsible</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Security responsible.</li> -<li>Select the Users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Click on the field to select <strong>Lead Architect</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Lead Architect.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the project. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Moderators.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Click on the field to select <strong>Contributors</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Contributors.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<h4 id="d-additional-roles"><strong>D. Additional Roles</strong></h4> -<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles1.png"/> -</figure> - -<ol> -<li> -<p>Select the type of <strong>Role</strong> from the drop-down list.</p> -<ul> -<li>Stakeholder</li> -<li>Analyst</li> -<li>Contributor</li> -<li>Accountant</li> -<li>End user</li> -<li>Quality manager</li> -<li>Test Manager</li> -<li>Technical writer</li> -<li>Key user</li> -</ul> -</li> -<li> -<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same procedure.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles2.png"/> - </figure> - -</li> -<li> -<p>To delete an additional role, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="e-external-ids"><strong>E. External Ids</strong></h4> -<p>Click on <strong>Click to add row to External Ids</strong> to add external Ids to your project.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png"/> -</figure> - -<ol> -<li>Click on field to enter <strong>External Id Key</strong> and select from the drop-down list.</li> -<li>Enter <strong>External Id Value</strong>. To add multiple external Ids, repeat the same procedure.</li> -</ol> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png"/> -</figure> - -<ol> -<li>To delete an External Id, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</li> -</ol> -<h4 id="f-additional-data"><strong>F. Additional Data</strong></h4> -<p>You can add data keys and corresponding data values for your project.</p> -<p>To add more additional data keys, click on <strong>Click to add rows to additional data</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png"/> -</figure> - -<ol> -<li> -<p>Enter <strong>additional data key</strong>.</p> -</li> -<li> -<p>Enter <strong>additional data value</strong>. To add multiple additional data, repeat the same procedure.</p> -<p> - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png"/> - </figure> -.</p> -</li> -<li> -<p>To delete an additional data, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h3 id="2-administrationbr"><strong>2.</strong> <strong>Administration</strong></br></h3> -<p>Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on &ldquo;Administration&rdquo;, use navigation section. </br></p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png"/> -</figure> - -<h4 id="a-clearing-information"><strong>A.</strong> <strong>Clearing information</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png"/> -</figure> - -<p>To add clearing information for your project:</p> -<ol> -<li> -<p>Select the values for <strong>Project Clearing State</strong> from the drop-down list.</p> -<ul> -<li>Open Project</li> -<li>In progress</li> -<li>Closed</li> -</ul> -</li> -<li> -<p>Clearing team is responsible for project clearing. To assign a clearing team, select the values for <strong>Clearing team</strong> from the drop-down list.</p> -</li> -<li> -<p>Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set <strong>Deadline for pre-evaluation</strong> date.</p> -</li> -<li> -<p>Following information should be entered manually:</p> -<ul> -<li><strong>Clearing summary</strong>: Overview of the clearing for the project management.</li> -<li><strong>Special risk open source software</strong>: Risks which occur out from usage of specific OSS components.</li> -<li><strong>General risk 3rd party software</strong>: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.</li> -<li><strong>Special risk 3rd party software</strong>: Specific risks which occur by using specific projects, including commercial projects.</li> -<li><strong>Sales and delivery channels</strong>: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.</li> -<li><strong>Remarks and additional requirements</strong>: Any additional relevant requirement.</li> -</ul> -<p><code>NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.</code></p> -</li> -</ol> -<h4 id="b-lifecycle-information"><strong>B.</strong> <strong>Lifecycle information</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png"/> -</figure> - -<p>To add lifecycle information for your project:</p> -<ol> -<li> -<p>Select the values for <strong>Project state</strong> from the drop-down list.</p> -<ul> -<li>Active</li> -<li>Phase-out</li> -<li>Unknown</li> -</ul> -</li> -<li> -<p>Set <strong>System test begin</strong> and <strong>System test end</strong> dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.</p> -</li> -<li> -<p>Set <strong>Delivery start</strong> and <strong>Phase out</strong> dates. After the phase out date, maintenance is not required for the project.</p> -<p><code>NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.</code></p> -</li> -</ol> -<h4 id="c-license-info-header"><strong>C.</strong> <strong>License Info Header</strong></h4> -<p>The license info header can be set as a default header. However, you can edit this field as required.</p> -<h3 id="3-linked-releases-and-projects"><strong>3.</strong> <strong>Linked Releases and Projects</strong></h3> -<p>You can link other projects and releases to the project that you are adding. Click on <strong>Linked Releases and Projects</strong>, use navigation section.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png"/> -</figure> - -<h4 id="a-linking-projects"><strong>A.</strong> <strong>Linking Projects</strong></h4> -<p>To add existing projects as a sub-project:</p> -<ol> -<li> -<p>Click on <strong>Add Projects</strong>, this action opens a dialogue box.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> - </figure> - -</li> -<li> -<p>Search and select the projects which you would like to link.</p> -</li> -<li> -<p>Click on <strong>Link Projects</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> - </figure> - -</li> -<li> -<p>After the project is linked, you can select the <strong>Project Relation</strong> for your sub-project from the drop-down list.</p> -<ul> -<li>Sub-project</li> -<li>Duplicate</li> -<li>Unknown</li> -<li>Related</li> -</ul> -</li> -<li> -<p>Check or uncheck <strong>Enable SVM</strong> as required.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png"/> - </figure> - -</li> -<li> -<p>To link multiple projects, repeat the same procedure.</p> -</li> -<li> -<p>To delete a linked project, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="b-linking-releases"><strong>B.</strong> <strong>Linking releases</strong></h4> -<p>To add releases to your project:</p> -<ol> -<li> -<p>Click on <strong>Add Releases</strong>, this action opens a dialogue box.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_1.png"/> - </figure> - -</li> -<li> -<p><strong>Search</strong> for the releases which you want to link or click on <strong>Releases of linked projects</strong> to view all the releases which are linked to the project.</p> -</li> -<li> -<p>Select all the releases which you want to link and click on <strong>Link releases</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_2.png"/> - </figure> - -</li> -<li> -<p>After the release is linked, you can select the value for the <strong>Release relation</strong> from the drop-down list.</p> -<ul> -<li>Unknown</li> -<li>Contained</li> -<li>Related</li> -<li>Dynamically linked</li> -<li>Statically linked</li> -<li>Side by side</li> -<li>Standalone</li> -<li>Internal Use</li> -<li>Optional</li> -<li>To be replaced</li> -<li>Code snippet</li> -</ul> -</li> -<li> -<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> -<ul> -<li>Open</li> -<li>Mainline</li> -<li>Specific</li> -<li>Phaseout</li> -<li>Denied</li> -</ul> -</li> -<li> -<p>Add <strong>Comments</strong>, if required.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_3.png"/> - </figure> - -</li> -<li> -<p>To link multiple releases/components, repeat the same procedure.</p> -</li> -<li> -<p>To delete a linked release, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<p>After all the information for the new project is filled out. Click on &ldquo;<strong>Create Project</strong>&rdquo; at the top.</p> -<p>If you do not want to create a project on any point of time, click on &ldquo;<strong>Cancel</strong>&rdquo; at the top.</p> -<h2 id="105-import-sbom">1.05 Import SBOM</h2> -<p>SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:</p> -<ol> -<li> -<p>Click on <strong>Import SBOM</strong> on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).</p> -</li> -<li> -<p>Drag and drop the file from your local system to the dialogue box or click on <strong>Browse File</strong> and select the file you want to import.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png"/> - </figure> - -<p><code>NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.</code></br></p> -</li> -<li> -<p>After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.</p> -</li> -</ol> -<h2 id="106-edit-project">1.06 Edit Project</h2> -<p>You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:</p> -<ol> -<li> -<p>Search for the projects you want to edit or navigate from the project list.</p> -</li> -<li> -<p>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> -</figure> - from the actions column. You can also edit a project by clicking on the project and click on <strong>Edit Project</strong>.</p> -</li> -<li> -<p>Change the data for the project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</p> -</li> -<li> -<p>In this view, you can also add attachments for the project in this view, click on <strong>Attachments</strong>, use navigation section.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png"/> - </figure> -</br></p> -<ul> -<li>Click on <strong>Add Attachment</strong>, this action opens a dialogue box.</br></li> -<li>Browse and select the files which you want to upload or drag and drop them into the area.</br></li> -<li>Click on <strong>Upload</strong>.</br></li> -<li>Select the type of file from the drop-down list. </br></li> -<li>Select the status from the drop-down list.</br></li> -<li>If required, add <strong>comments</strong></br></li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Attachment_2.png"/> - </figure> - -<ul> -<li>To delete an attachment, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</br></li> -</ul> -</li> -<li> -<p>After you modify the required fields, click on &ldquo;<strong>Update Project</strong>&rdquo;.</p> -</li> -<li> -<p>To delete the project, click on &ldquo;<strong>Delete Project</strong>&rdquo;.</p> -</li> -<li> -<p>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</p> -</li> -</ol> -<h2 id="107-duplicate-a-project">1.07 Duplicate a Project</h2> -<p>Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:</p> -<ol> -<li>Search for the projects you want to duplicate or navigate from the project list.</li> -<li>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> -</figure> - from the actions column to duplicate the project.</li> -<li>Modify the data for the duplicate project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</li> -<li>Click on &ldquo;<strong>Create Project</strong>&rdquo; after all changes are made.</li> -<li>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</li> -</ol> -<h2 id="108-deleting-a-project">1.08 Deleting a Project</h2> -<p>You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:</p> -<p><code>WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.</code></p> -<ol> -<li> -<p>Search for the projects you want to delete or navigate from the project list.</p> -</li> -<li> -<p>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> - from the actions column to delete the project.</p> -</li> -<li> -<p>The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.</p> -</li> -<li> -<p>Click on <strong>Delete Project</strong>.</p> -</li> -<li> -<p>To cancel any changes that you made click on <strong>Cancel</strong>.</br></p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png"/> - </figure> - -</li> -</ol> -<h2 id="109-linking-a-project">1.09 Linking A Project</h2> -<p>There are multiple ways that you can link a project to another.</p> -<h3 id="a-linking-to-a-parent-project"><strong>A. Linking to a parent project</strong></h3> -<ol> -<li> -<p>Search for the projects you want to link or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project. Click on &ldquo;<strong>Link Projects</strong>&rdquo; on the top. This will open a dialogue box to search for the projects.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> - </figure> - -</li> -<li> -<p>Search for the projects which you want to link.</p> -</li> -<li> -<p>Select the projects and click on <strong>Link Projects</strong>.</p> -</li> -<li> -<p>Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the <strong>click here to edit the project relation</strong> on the green prompt.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linking_project.png"/> - </figure> - -</li> -<li> -<p>Again, the project opens up in edit mode.</p> -</li> -<li> -<p>Modify the project details as required for the linked project. Refer to <a href="#a-linking-projects">Link Projects</a>.</p> -</li> -<li> -<p>Click on <strong>&ldquo;Update Project&rdquo;</strong> to save your changes.</p> -</li> -</ol> -<h3 id="b-linking-a-child-project"><strong>B. Linking a child project</strong></h3> -<p>To add child projects to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> -<h2 id="110-linking-components-or-releases">1.10 Linking Components or Releases</h2> -<p>You can directly link a component or release to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> -<h3 id="a-link-component"><strong>A. Link Component</strong></h3> -<p>You can also link a component to a project while editing a project.</p> -<ol> -<li> -<p>Search for the projects you want to delete or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project, click on <strong>license clearing</strong>, use navigation section.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png"/> - </figure> - -</li> -<li> -<p>Select the component/release from the list displayed. After which, which redirects you to its component page.</p> -</li> -<li> -<p>Click on &ldquo;<strong>Link to Projects</strong>&rdquo; to link this release/component to a project. This will open a dialogue box to search for the projects.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> - </figure> - -</li> -<li> -<p>If you want to view the projects which are already linked to the components/release, check the box for <strong>show already linked projects</strong>.</p> -</li> -<li> -<p>Select the project which you want to link the component / release to and then click on <strong>link to project</strong>.</p> -</li> -</ol> -<h2 id="111-security-vulnerability-tracking-for-projects">1.11 Security Vulnerability tracking for Projects</h2> -<p>You can view all the security vulnerabilities for your project. To view vulnerability tracking status:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project, click on <strong>Vulnerability Tracking Status</strong>.</p> -</li> -<li> -<p>Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the &ldquo;security responsible&rdquo; is assigned. Refer to paragraphs <a href="#c-roles">C. Roles</a>.</p> -</li> -<li> -<p>You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png"/> - </figure> - -</li> -<li> -<p>To view all the listed vulnerabilities for sub-projects of the parent project click on <strong>Vulnerabilities</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png"/> - </figure> - -</li> -<li> -<p>If you want to view the complete data for a vulnerability, refer to <a href="../New%20Userguide/5.%20Vulnerabilities.pdf">5. Vulnerability</a>.</p> -</li> -</ol> -<h2 id="112-clearing-requests">1.12 Clearing Requests</h2> -<p>Each project needs license clearing and it is a project level activity.</p> -<h3 id="a-create-clearing-requests"><strong>A. Create Clearing Requests</strong></h3> -<p>To create a clearing request:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> - or,</p> -</li> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>Click on <strong>Create Clearing Request</strong>, a dialogue box will appear.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png"/> - </figure> - -</li> -<li> -<p>Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on <strong>Select Users</strong>.</p> -</li> -<li> -<p>Select the <strong>Preferred Clearing Date</strong>.</p> -</li> -<li> -<p>If required, add <strong>Comments</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png"/> - </figure> - -</li> -<li> -<p>Click on &ldquo;<strong>Create Request</strong>&rdquo;.</p> -</li> -<li> -<p>To cancel any changes that you made click on <strong>Cancel</strong>.</p> -</li> -</ol> -<h3 id="b-view-clearing-requests"><strong>B. View Clearing Requests</strong></h3> -<p>You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> - or,</p> -</li> -<li> -<p>Click on the required project.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>Click on <strong>View Clearing Request</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png"/> - </figure> - -</li> -<li> -<p>A new dialogue box with the clearing request information will be displayed.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png"/> - </figure> - -</li> -</ol> -<h3 id="c-edit-clearing-requests"><strong>C. Edit Clearing Requests</strong></h3> -<p>For more information on how to edit the existing clearing requests, refer to <a href="../New%20Userguide/6.%20Requests.pdf">6. Requests</a>.</p> -<h2 id="113-export-spreadsheet">1.13 Export Spreadsheet</h2> -<p>You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group &ldquo;SHS&rdquo;.</p> -<ol> -<li> -<p>Go to project home page.</p> -</li> -<li> -<p>If required, you can filter the projects using the advanced search options. Refer to <a href="#103-project-search">1.02 Project Search</a>.</p> -</li> -<li> -<p>After the search gives a result, click on <strong>Export Spreadsheet</strong> and select the option from the drop-down list.</p> -<ul> -<li>Projects only</li> -<li>Projects with linked releases</li> -</ul> -</li> -<li> -<p>A file will now be downloaded to your local system with the required information.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png"/> - </figure> - -</li> -</ol> -<p><code>NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.</code></p> -<h2 id="114-generate-license-info">1.14 Generate License Info</h2> -<p>You can generate a read me OSS file of all the license information for a project. To generate license information:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>The page displays the list of all the releases listed and their respective release clearing state in the <em><strong>state</strong></em> column. Each of the releases has license information in the form of CLI files. You can view this information in the <em><strong>main licenses</strong></em> or <em><strong>other licenses</strong></em> column. -Generating a license info will create a read me OSS document combining all the licenses.</p> -</li> -<li> -<p>Click on <strong>Generate license info</strong> and select the options from the drop-down list.</p> -<ul> -<li>Project only</li> -<li>Project with sub project</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png"/> - </figure> - -</li> -<li> -<p>After your selection, you are redirected to another page where you can further modify the output of the license information.</p> -</li> -<li> -<p>Select <strong>Show all</strong> to view all the license information or <strong>Only Approved</strong> to view approved licenses.</p> -</li> -<li> -<p>Select which CLI you want to publish the information from the list displayed below.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png"/> - </figure> - -</li> -<li> -<p>Click on <strong>Download</strong>. A new Dialogue box will appear asking for your preferences.</p> -</li> -<li> -<p>Check the required boxes and select an output format.</p> -</li> -<li> -<p>Click on <strong>Download</strong> to get a Readme.OSS file.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png"/> - </figure> - -</li> -</ol> -<h2 id="115-generate-source-code-bundle">1.15 Generate Source Code Bundle</h2> -<p>Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:</p> -<ol> -<li> -<p>To select the project, use the search option or navigate from the project list and click on it.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>The window shows a list of all the releases listed. Click on <strong>Generate Source Code Bundle</strong> and select the option from the drop-down list.</p> -<ul> -<li>Project only</li> -<li>Project with sub project</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_1.png"/> - </figure> - -</li> -<li> -<p>After you select, you are redirected to another page which lists all the source code information.</p> -</li> -<li> -<p>Select the required source code and click <strong>Download</strong>.</p> -</li> -<li> -<p>A combined zip file comprising of all the select source code will be downloaded.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_2.png"/> - </figure> - -</li> -</ol> - - - - - - Docs: Components - https://www.eclipse.org/sw360/docs/userguide/components/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/components/ - - - - <h1 id="20-components">2.0 Components</h1> -<h2 id="201-introduction">2.01 Introduction</h2> -<p>The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.</p> -<p>To open a component page, click <strong>Components</strong> tab from the main menu. -You can find a particular component with Advanced Search, you can also add and edit components in this page.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentPage.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#203-component-search">Advanced Search</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#204-add-component">Add Component</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#207-import-spdx-bom">Import SPDX BOM</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#208-export-spreadsheet">Export Spreadsheet</a></td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left"><a href="#202-component-list">Component List</a></td> -</tr> -</tbody> -</table> -<h2 id="202-component-list">2.02 Component List</h2> -<p>On the component page, you can view all the components that are relevant to you. The components are listed with the following information:</p> -<ul> -<li><strong>Vendor</strong>: Vendor is organization which is selling the component or the community which is hosting the component.</li> -<li><strong>Component Name</strong>: All components are listed by their names.</li> -<li><strong>Main Licenses</strong>: The list of main licenses available for a component are displayed.</li> -<li><strong>Component Type</strong>: Lists all the components by their type. For more information on component types, refer to <a href="#a-general-information">A. General Info</a>.</li> -<li><strong>Actions</strong>: You can perform the following actions for a component: -<table> -<thead> -<tr> -<th style="text-align:center">Action</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png"/> -</figure> -</td> -<td style="text-align:left">To edit a component</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png"/> -</figure> -</td> -<td style="text-align:left">To delete the component from SW360.</td> -</tr> -</tbody> -</table> -</li> -</ul> -<p><strong>NOTE: CLICK ON -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png"/> -</figure> - TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="203-component-search">2.03 Component Search</h2> -<p><strong>Advanced Search</strong> dialogue box is used to search for a particular component.</p> -<ol> -<li>Search the component with <strong>Component Name</strong> and <strong>Categories</strong>.</li> -<li>Search the component with <strong>Component Type</strong>. Select the component type from the drop-down list. For more information on the component types, refer to <a href="#a-general-information">A. General Information</a>.</li> -<li>Search components with their coding <strong>Languages</strong>, <strong>Software Platforms</strong>, <strong>Operating Systems</strong>, <strong>Vendors</strong> and <strong>Main Licenses</strong>.</li> -<li>Search components with <strong>Created by (Email)</strong>.</li> -<li>You can use <strong>Created on</strong> field to search for the components created on specific dates or specific time frames.</li> -</ol> -<h2 id="204-add-component">2.04 Add Component</h2> -<p>To add a new component, click <strong>Add Component</strong> from the component page, this will redirect you to another page where you can add component summary information.</p> -<h3 id="1-summary"><strong>1. Summary</strong></h3> -<h4 id="a-general-information"><strong>A. General Information</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code> -<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png" alt=""></p> -<ol> -<li>Enter the <strong>Name</strong> of the component you want to create.</BR> -<code>NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.</code></BR></li> -<li>Select the <strong>Component Type</strong> from the drop-down list. -<ul> -<li>OSS: Open-Source Software</li> -<li>COTS: Commercial off-the-shelf</li> -<li>Internal: Internally used</li> -<li>Inner Source: OSS within a particular organization</li> -<li>Services: Developed as a service</li> -<li>Freeware: Software that is available free of cost</li> -<li>Code snippet: A small code which shows how to accomplish a specific task</li> -</ul> -</li> -<li>The field <strong>Created by</strong> is set automatically to the creator/owner of the component.</li> -<li>Click on <strong>Default Vendor</strong> field. -<ul> -<li>This opens a dialogue box, use the type field to search for the vendors.</li> -<li>Select the vendors</li> -<li>Click on <strong>Select Vendor</strong>.</li> -</ul> -</li> -<li>When you start typing in the <strong>Categories</strong> field, a list of categories that match are displayed to choose from.</li> -<li>Enter the <strong>Homepage URL</strong>, this is the web address for your component.</li> -<li>Enter a <strong>Short Description</strong> for your component.</li> -<li>Enter the <strong>Blog URL</strong>, this is the web address for the blog of your component.</li> -<li><strong>Modified on</strong> date will be set automatically.</li> -<li>Enter the <strong>Wiki URL</strong>, this is web address for the wiki page of your component.</li> -<li><strong>Modified by</strong> will be set automatically.</li> -<li>Enter the <strong>Mailing List URL</strong>, this is the web address of the mailing list of your component.</li> -</ol> -<h4 id="b-roles"><strong>B. Roles</strong></h4> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Roles.png" alt=""></p> -<ol> -<li> -<p><strong>Component owner</strong> holds the component. Click on the field to select <strong>Component Owner</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Component Owner.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Addproject_5.png" alt=""></p> -</li> -<li> -<p>Select a country from the list to assign as <strong>Owner Country</strong>.</p> -</li> -<li> -<p>Enter the <strong>Owner Accounting Unit</strong>.</p> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the component. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the moderator.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<p><code> NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.</code></p> -<ol> -<li>Enter the <strong>Owner Billing Group</strong>.</li> -</ol> -<h4 id="c-additional-roles"><strong>C. Additional Roles</strong></h4> -<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/additionalroles1.png" alt=""></p> -<ol> -<li> -<p>Select the type of <strong>role</strong> from the drop-down list.</p> -<ul> -<li>Committer</li> -<li>Contributor</li> -<li>Expert</li> -</ul> -</li> -<li> -<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same -procedure.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png" alt=""></p> -</li> -<li> -<p>To delete an additional role, click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> -</li> -</ol> -<h4 id="d-external-ids"><strong>D. External Ids</strong></h4> -<p>For more information on how to add an <strong>External ID</strong> for your component, refer to <a href="1.ProjectPage.md/#e-external-ids">E. External Ids</a>.</p> -<h4 id="e-additional-data"><strong>E. Additional Data</strong></h4> -<p>For more information on how to add an <strong>Additional Data</strong> for your component, refer to <a href="1.ProjectPage.md/#f-additional-data">F. Additional Data</a>.</p> -<p>After all the summary information is filled click on <strong>Create Component</strong>, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:</p> -<ul> -<li><strong>Releases</strong></li> -<li><strong>Attachments</strong></li> -</ul> -<h3 id="2-releases"><strong>2. Releases</strong></h3> -<p>A release is a specific version of a component. To add Release information for your component:</p> -<ol> -<li> -<p>Click on <strong>Releases</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Componentreleases.png" alt=""></p> -</li> -<li> -<p>Then click on <strong>Add Releases</strong>. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information</br></p> -<ul> -<li><strong>Summary</strong></li> -<li><strong>Linked Releases</strong></li> -</ul> -</li> -</ol> -<h4 id="a-summary"><strong>A. Summary</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release1.png" alt=""></p> -<ol> -<li>Click on the field to select the <strong>Vendor</strong> for your component. This opens a dialogue box, search and select the vendor and click on <strong>Select Vendor</strong>.</li> -<li>Enter the <strong>Programming Languages</strong> used for the release.</li> -<li><strong>Name</strong> for the release will be auto generated from the name given to the component.</li> -<li>Enter the <strong>Operating Systems</strong> used for the release.</li> -<li>Enter the <strong>Version</strong> for the release.</li> -<li>Enter the <strong>CPE (Common Platform Enumeration) ID</strong> for the release.</li> -</ol> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release2.png" alt=""></p> -<ol start="7"> -<li> -<p>Enter the <strong>Software Platforms</strong> for the release.</p> -</li> -<li> -<p>Click on the field <strong>Other License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> -</li> -<li> -<p>Set <strong>Release Date</strong>.</p> -</li> -<li> -<p>Enter the <strong>Source Code Download URL</strong>. This is the web address from where source code of the release can be downloaded.</p> -</li> -<li> -<p>Click on the field <strong>Main License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> -</li> -<li> -<p>Enter <strong>Binary Download URL</strong>. This is the web address from where binary of the release can be downloaded.</p> -</li> -<li> -<p><strong>Clearing state</strong> will be set to &ldquo;new&rdquo; by default.</p> -</li> -<li> -<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> -<ul> -<li>Open: No license clearing</li> -<li>Mainline: Permissive license with no specific obligations</li> -<li>Specific: Permissive license with additional obligations with standard obligations</li> -<li>Phaseout: Not used anymore</li> -<li>Denied: Not to be used because of a specific reason</li> -</ul> -</li> -<li> -<p><strong>Created on</strong> is set automatically.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release3.png" alt=""></p> -</li> -<li> -<p><strong>Created by</strong> is set automatically.</p> -</li> -<li> -<p><strong>Modified on</strong> is set automatically.</p> -</li> -<li> -<p>Click on the field to select <strong>Contributors</strong>. This opens a dialogue box, search and select the contributors and click on <strong>Select Users</strong>.</p> -</li> -<li> -<p><strong>Modified by</strong> is set automatically.</p> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the release. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the moderator.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<p><strong>Additional Roles</strong>, refer to <a href="#3-additional-roles">3. Additional Roles</a>.</p> -<p><strong>External Ids</strong>, refer to <a href="#4-external-ids">4. External Ids</a>.</p> -<p><strong>Additional Data</strong>, refer to <a href="#5-additional-data">5. Additional Data</a>.</p> -<p><strong>Release Repository</strong></p> -<p>You can add a release repository URL for your release. To add a release repository:</p> -<ol> -<li> -<p>Select the <strong>Repository Type</strong> from the drop-down list.</p> -</li> -<li> -<p>Enter the <strong>Repository URL</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Releaserepository.png" alt=""></br></p> -</li> -</ol> -<h4 id="b-linked-releases"><strong>B. Linked Releases</strong></h4> -<p>To add linked releases to your release, click on linked releases. For more information, refer to <a href="1.ProjectPage.md/#b-linking-releases">B. Linking Releases</a>.</p> -<p>Click on <strong>Create Release</strong> to add more information for this release.</p> -<h4 id="c-clearing-details"><strong>C. Clearing Details</strong></h4> -<p>Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. -To add clearing information to your release, click on <strong>Clearing Details</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png" alt=""></p> -<ul> -<li>Check the boxes for all applicable clearing details.</li> -<li>Enter the applicable data for <strong>Scanned</strong> and <strong>Clearing Standard</strong>. For e.g., date or specific version of your License Scanner.</li> -<li>Enter <strong>External URL</strong> for the release.</li> -<li>Add <strong>Comments</strong>.</li> -</ul> -<p><strong>Request Information</strong></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png" alt=""></p> -<p>To request more information regarding the release, follow the procedure:</p> -<ul> -<li>Enter <strong>Request ID</strong> and <strong>Additional request Info</strong>.</li> -<li>Set <strong>Evaluation Start</strong> and <strong>Evaluation End</strong> date.</li> -</ul> -<p><strong>Supplemental Information</strong></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png" alt=""></p> -<p>You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.</p> -<ul> -<li>Enter <strong>External Supplier Id</strong> and the count of <strong>Vulnerabilities</strong>.</li> -</ul> -<h4 id="d-ecc-details"><strong>D. ECC Details</strong></h4> -<p><code>NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.</code></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png" alt=""></p> -<p>To enter ECC details for a release click on <strong>ECC Details</strong>.</p> -<ul> -<li>Select the <strong>ECC Status</strong> from the drop-down list. -<ul> -<li>Open</li> -<li>In progress</li> -<li>Approved</li> -<li>Rejected</li> -</ul> -</li> -<li>Add <strong>ECC Comment</strong>, if required.</li> -<li>Enter <strong>Ausfuhrliste</strong>, this is a German ECC number.</li> -<li>Enter <strong>ECCN</strong> and <strong>Material Index Number</strong>.</li> -<li><strong>Assessor Contact Person</strong>, <strong>Assessor Department</strong> and <strong>Assessment date</strong> will be set automatically.</li> -</ul> -<h4 id="e-attachments"><strong>E. Attachments</strong></h4> -<p>You can add or modify the attachments to your release. To add attachments, click on <strong>Attachments</strong> on the left. For more information on how to add attachments to the release, refer to <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</p> -<h2 id="heading"></h2> -<p>After entering all the release information, click on <strong>Update Release</strong>.</p> -<p>To delete the release, click on <strong>Delete Release</strong>.</p> -<p>If you do not want to create a release, click on <strong>Cancel</strong>.</p> -<h2 id="205-edit-component">2.05 Edit Component</h2> -<ol> -<li>Search for the components you want to edit or navigate from the component list.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column. You can also edit a component by clicking on the component and then clicking on <strong>Edit Component</strong>.</li> -<li>You can view summary, releases, and attachment information of the component.</li> -<li>Click on <strong>Summary</strong> to edit component summary information. For more information on the fields to edit, refer to <a href="#1-summary">1. Summary</a>.</li> -<li>Click on <strong>Releases</strong> to view all the releases that are linked to the component. If you want to add more releases to the component click on <strong>Add Releases</strong> at the bottom of the list. For more information on how to add a release, refer to <a href="#2-releases">2. Releases</a>.</li> -<li>Click on <strong>Attachments</strong> to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</li> -<li>To update the new component information, click on <strong>Update Component</strong>.</li> -<li>To delete the component, click on <strong>Delete Component</strong>.</li> -<li>If you do not want to edit the component, click on <strong>Cancel</strong>.</li> -</ol> -<h2 id="206-view-component">2.06 View Component</h2> -<p>To open a view mode for a component:</p> -<ol> -<li>Search for the components you want to edit or navigate from the component list.</li> -<li>Click on the component name.</li> -<li>You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.</li> -<li>You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.</li> -</ol> -<h3 id="a-merge"><strong>A. Merge</strong></h3> -<p>This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. -To merge a component with another, click on <strong>Merge</strong>. This action will redirect you to another page where you can:</p> -<ol> -<li>Choose the from the list of components that should be merged into the current one.</li> -<li>Merge the data from the source into the target component.</li> -<li>Check the merged component and confirm the merge.</li> -</ol> -<h3 id="b-split"><strong>B. Split</strong></h3> -<p>This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.</p> -<p>To Split a component, click on <strong>Split</strong>. This action will redirect you to another page where you can:</p> -<ol> -<li>Choose a target component into which the current component needs to split.</li> -<li>Split the data from current component to the target component.</li> -<li>Check the split version of the component and confirm the split.</li> -</ol> -<h3 id="c-subscribe"><strong>C. Subscribe</strong></h3> -<p>You can <strong>Subscribe</strong> to a component to get notified with emails when any changes are made to the component.</p> -<p>To not get notified for a particular component, click <strong>Unsubscribe</strong>.</p> -<h3 id="d-view-component-information"><strong>D. View Component Information</strong></h3> -<p>You can view component information by navigating the navigation tree.</p> -<ol> -<li>To view component summary, click on <strong>Summary</strong>. To edit summary information for the component, refer to <a href="#205-edit-component">2.05 Edit Component</a>.</li> -<li>Click on <strong>Release Overview</strong> to view all the releases for the component. To edit details for any of the linked releases click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> +Eclipse SW360 – SW360 Documentationhttps://www.eclipse.org/sw360/docs/Recent content in SW360 Documentation on Eclipse SW360Hugo -- gohugo.ioDocs: Loginhttps://www.eclipse.org/sw360/docs/userguide/login/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/login/ +<p>You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.</p> +<p>You will see a &ldquo;Welcome to SW360!&rdquo; homepage which is a public area with <strong>Sign In</strong> and <strong>Create Account</strong> buttons. +The Sign In button will redirect to the private area in order to work with the portal.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/duo.png"/> +</figure> +<p>Your private area contains an overview of your <strong>Projects</strong> and <strong>Components</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/homepage.png"/> +</figure> +<p>The idea of &ldquo;Your&rdquo; refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.</p>Docs: Home Pagehttps://www.eclipse.org/sw360/docs/userguide/sw360-homepage/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ +<h1 id="home-page">Home Page</h1> +<p>The private area of the home page contains an overview of projects and components which are specific to you and other general information.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Home_Page.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No</th> +<th style="text-align:left">Name</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left">Main Menu</td> +<td style="text-align:left">Main menu consists primarily of the various tasks you can perform.</td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left">My Projects</td> +<td style="text-align:left">Displays the list of projects for a specific role or clearing state.</td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left">My Task Assignments</td> +<td style="text-align:left">Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.</td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left">My Components</td> +<td style="text-align:left">Displays the list of components that are created by you.</td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left">My Task Submissions</td> +<td style="text-align:left">These are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.</td> +</tr> +<tr> +<td style="text-align:center">6</td> +<td style="text-align:left">Search Bar</td> +<td style="text-align:left">You can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.</td> +</tr> +<tr> +<td style="text-align:center">7</td> +<td style="text-align:left">My Profile</td> +<td style="text-align:left">You can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:</br> - <strong>My sites</strong>, will redirect you to a page where you can view all the sites you have opened in the past. </br> - <strong>My profile</strong>, will redirect you to a page where you can view your vcard. </br> - <strong>My dashboard</strong>, will redirect you to a page where you can view summary of your profile. </br> - <strong>Notifications</strong>, will redirect you to a page where you can view all the latest updates. </br> - <strong>Shared content</strong>, will redirect you to a page where you can view all the shared content which are shared with you or shared by you. </br> - <strong>My submissions</strong>, will redirect you to a page where you can view all of your submissions. </br> - <strong>My workflow tasks</strong>, will redirect you to a page where you can view the tasks which are assined to you or your roles. </br> - <strong>Account settings</strong>, will redirect you to a page where you can modify <strong>general information</strong>, <strong>passwords</strong>, <strong>addresses and contact</strong> information and <strong>alert preferences</strong> as needed. </br> - <strong>My connected applications</strong>, will redirect you to a page where you can view connected applications. </br> - <strong>My organization</strong>, will redirect you to a page where you can view your organization information. </br> - You can sign out of SW360 using <strong>sign out</strong> option.</td> +</tr> +<tr> +<td style="text-align:center">8</td> +<td style="text-align:left">My Subscriptions</td> +<td style="text-align:left">Displays a list of various components and releases you have subscribed to. </br> <code> NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.</code></td> +</tr> +<tr> +<td style="text-align:center">9</td> +<td style="text-align:left">Recent Components</td> +<td style="text-align:left">Displays a list of recent components which are added to SW360.</td> +</tr> +<tr> +<td style="text-align:center">10</td> +<td style="text-align:left">Recent Releases</td> +<td style="text-align:left">Displays a list of recent releases which are added to SW360.</td> +</tr> +</tbody> +</table>Docs: Projecthttps://www.eclipse.org/sw360/docs/userguide/project/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/project/ +<h1 id="10-project-page">1.0 Project Page</h1> +<h2 id="101-introduction">1.01 Introduction</h2> +<p>Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Projectpage.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#103-project-search">Advanced Search</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#104-add-project">Add Project</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#105-import-sbom">Import SPDX BOM</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#113-export-spreadsheet">Export Spreadsheet</a></td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left"><a href="#102-project-list">Project List</a></td> +</tr> +</tbody> +</table> +<h2 id="102-project-list">1.02 Project List</h2> +<p>The Project List lists all the relevant projects with the following information:</p> +<ul> +<li> +<p><strong>Project name</strong>: All the projects are listed with their names.</p> +</li> +<li> +<p><strong>Description</strong>: The description for the project is displayed here.</p> +</li> +<li> +<p><strong>Project responsible</strong>: The email address of the person responsible for the project is displayed.</p> +</li> +<li> +<p><strong>State</strong>: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.</p> +<table> +<thead> +<tr> +<th style="text-align:right">Color</th> +<th style="text-align:left">Project State (PS)</th> +<th style="text-align:left">Project Clearing State (CS)</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right"><span style="color:#68C17C"> <strong>Green</strong> </span></td> +<td style="text-align:left">Active</td> +<td style="text-align:left">Closed</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#FFD351"> <strong>Yellow</strong> </span></td> +<td style="text-align:left">Not Applicable</td> +<td style="text-align:left">In-progress</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#E6717C"> <strong>Red</strong> </span></td> +<td style="text-align:left">Open</td> +<td style="text-align:left">Open</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#DEE2E6"> <strong>Grey</strong> </span></td> +<td style="text-align:left">Phase out/ Unknown</td> +<td style="text-align:left">Not Applicable</td> +</tr> +</tbody> +</table> +</li> +<li> +<p><strong>License Clearing</strong> displays the clearing states for releases for the project including sub projects.</p> +</li> +<li> +<p><strong>Actions</strong>: you can perform the following actions for a project:</p> +<table> +<thead> +<tr> +<th style="text-align:center">Action</th> +<th style="text-align:left">Description </span></th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> +</figure> +</td> +<td style="text-align:left">To edit a Project</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +</td> +<td style="text-align:left">To create clearing request the OSS clearing team</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> +</figure> +</td> +<td style="text-align:left">To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +</td> +<td style="text-align:left">To delete the project from SW360.</td> +</tr> +</tbody> +</table> +</li> +</ul> +<p><strong>NOTE: CLICK ON +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SortIcon.png"/> +</figure> +TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="103-project-search">1.03 Project Search</h2> +<p><strong>Advanced search</strong> dialogue box allows you to search for a particular project. To search for a project follow the procedure:</p> +<ol> +<li>Enter the <strong>Project name</strong> and <strong>Version</strong> of the project that you want to search.</li> +<li>Select the <strong>Project Type</strong> from the drop-down list. For more information regarding the project type, refer to paragraph 4. of <a href="#a-general-information">General Information</a>.</li> +<li>Search the project by <strong>Project Responsible</strong> email.</li> +<li>Search projects by their <strong>Group</strong>, select the group from the drop-down list.</br><code>NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.</code></li> +<li>Search projects by their project <strong>State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> +<li>You can search the projects by their <strong>Clearing State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> +<li>You can search projects by their <strong>Tags</strong>. If there are multiple tags that you want to search, use a comma to separate.</li> +<li>You can search projects by <strong>Additional Data</strong>.</li> +</ol> +<h2 id="104-add-project">1.04 Add Project</h2> +<p>To add a new project, click on the <strong>Add Project</strong> on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:</p> +<ul> +<li><strong>Summary</strong></li> +<li><strong>Administration</strong></li> +<li><strong>Linked Releases and Projects</strong></li> +</ul> +<h3 id="1-summary"><strong>1.</strong> <strong>Summary</strong></h3> +<h4 id="a-general-information"><strong>A.</strong> <strong>General Information</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY</code></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20%281%29.png"/> +</figure> +<ol> +<li> +<p>Enter the <strong>Name</strong> of the project you want to create.</p> +</li> +<li> +<p>The field <strong>Created by</strong> is set automatically to the creator/owner of the project.</p> +</li> +<li> +<p><strong>Version</strong> of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.</p> +</li> +<li> +<p>Select the <strong>Project Type</strong> from the drop-down list.</p> +<ul> +<li>Customer: Delivered to the customer</li> +<li>Internal: Internally used but can also be used in other projects as a sub-project</li> +<li>Product: Developed as a product and delivered to the customer</li> +<li>Services: Developed as a service and delivered to the customer</li> +<li>Inner Source: OSS within a particular organization</li> +</ul> +</li> +<li> +<p><strong>Project Visibility</strong> describes if the project is visible to all or only selected personnel. The default is set to &ldquo;everyone&rdquo;, you can select the project visibility from the drop-down list.</p> +<ul> +<li>Private: Only visible to creator or admin</li> +<li>Me and Moderators: Visible to creator, moderators and admins</li> +<li>Group and Moderators: Visible to all users of the same group and the moderators</li> +<li>Everyone: All logged in users</li> +</ul> +</li> +<li> +<p><strong>Tags</strong> are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.</p> +</li> +<li> +<p>Check or uncheck the following fields as required:</p> +<ul> +<li><strong>Enable Security Vulnerability Monitoring</strong> (activated only if security responsible are added), refer to <a href="#c-roles">C. Roles</a>.</li> +<li><strong>Do not create monitoring list</strong>, but use from the external id, refer to <a href="#e-external-ids">E. External IDs</a>.</li> +<li><strong>Enable Displaying Vulnerabilities</strong> if you want the vulnerabilities to be visible.</li> +</ul> +</li> +<li> +<p><strong>Modified on</strong> date will be set automatically on creating the project.</p> +</li> +<li> +<p><strong>Description</strong>: You can enter details of your project.</p> +</li> +<li> +<p><strong>Modified by</strong> will be set automatically.</p> +</li> +<li> +<p>Select the <strong>Domain</strong> for your project from the drop-down list.</p> +<ul> +<li>Application software</li> +<li>Documentation</li> +<li>Embedded Software</li> +<li>Hardware</li> +<li>Test and diagnostics</li> +</ul> +</li> +<li> +<p>Click on the field to select the <strong>Vendor</strong> for your project.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the vendors.</li> +<li>Select the vendors</li> +<li>Click on <strong>Add Vendor</strong>.</li> +</ul> +</li> +</ol> +<h4 id="b-external-urls"><strong>B. External URLs</strong></h4> +<p>Click on <strong>Click to add row to external URLs</strong> to add URLs of your project.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png"/> +</figure> +</p> +<ol> +<li> +<p>Select <strong>External URL Key</strong> from the drop-down list.</p> +<ul> +<li>Homepage: Link for homepage</li> +<li>Wiki page: Link for wiki page</li> +<li>Clearing:</li> +</ul> +</li> +<li> +<p>Enter <strong>External URL Value</strong>. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png"/> +</figure> +</p> +</li> +<li> +<p>To delete an external URL, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="c-roles"><strong>C. Roles</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png"/> +</figure> +<ol> +<li> +<p><strong>Group</strong> is the department you/project owner belongs to. Click on the group field to select a <strong>Group</strong> for your project.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the group.</li> +<li>Select the group.</li> +<li>Click on <strong>Select</strong></li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject4.png"/> +</figure> +</li> +<li> +<p>Enter the <strong>Owners Accounting Unit</strong>.</p> +</li> +<li> +<p>Project manager is the user who manages the project. Click on the field to select <strong>Project Manager</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Project Manager.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject_5.png"/> +</figure> +</li> +<li> +<p>Enter the <strong>Owners Billing Group</strong>.</p> +</li> +<li> +<p><strong>Project Owner</strong> holds the project. Click on the field to select <strong>Project Owner</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Project Owner.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Select the <strong>Owner Country</strong> from the drop-down list.</p> +</li> +<li> +<p><strong>Security responsible</strong> is the list of users responsible for the security of the project. Click on the field to select <strong>Security responsible</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Security responsible.</li> +<li>Select the Users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Click on the field to select <strong>Lead Architect</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Lead Architect.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the project. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Moderators.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Click on the field to select <strong>Contributors</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Contributors.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<h4 id="d-additional-roles"><strong>D. Additional Roles</strong></h4> +<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles1.png"/> +</figure> +<ol> +<li> +<p>Select the type of <strong>Role</strong> from the drop-down list.</p> +<ul> +<li>Stakeholder</li> +<li>Analyst</li> +<li>Contributor</li> +<li>Accountant</li> +<li>End user</li> +<li>Quality manager</li> +<li>Test Manager</li> +<li>Technical writer</li> +<li>Key user</li> +</ul> +</li> +<li> +<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same procedure.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles2.png"/> +</figure> +</li> +<li> +<p>To delete an additional role, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="e-external-ids"><strong>E. External Ids</strong></h4> +<p>Click on <strong>Click to add row to External Ids</strong> to add external Ids to your project.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png"/> +</figure> +<ol> +<li>Click on field to enter <strong>External Id Key</strong> and select from the drop-down list.</li> +<li>Enter <strong>External Id Value</strong>. To add multiple external Ids, repeat the same procedure.</li> +</ol> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png"/> +</figure> +<ol> +<li>To delete an External Id, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</li> +</ol> +<h4 id="f-additional-data"><strong>F. Additional Data</strong></h4> +<p>You can add data keys and corresponding data values for your project.</p> +<p>To add more additional data keys, click on <strong>Click to add rows to additional data</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png"/> +</figure> +<ol> +<li> +<p>Enter <strong>additional data key</strong>.</p> +</li> +<li> +<p>Enter <strong>additional data value</strong>. To add multiple additional data, repeat the same procedure.</p> +<p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png"/> +</figure> +.</p> +</li> +<li> +<p>To delete an additional data, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h3 id="2-administrationbr"><strong>2.</strong> <strong>Administration</strong></br></h3> +<p>Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on &ldquo;Administration&rdquo;, use navigation section. </br></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png"/> +</figure> +<h4 id="a-clearing-information"><strong>A.</strong> <strong>Clearing information</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png"/> +</figure> +<p>To add clearing information for your project:</p> +<ol> +<li> +<p>Select the values for <strong>Project Clearing State</strong> from the drop-down list.</p> +<ul> +<li>Open Project</li> +<li>In progress</li> +<li>Closed</li> +</ul> +</li> +<li> +<p>Clearing team is responsible for project clearing. To assign a clearing team, select the values for <strong>Clearing team</strong> from the drop-down list.</p> +</li> +<li> +<p>Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set <strong>Deadline for pre-evaluation</strong> date.</p> +</li> +<li> +<p>Following information should be entered manually:</p> +<ul> +<li><strong>Clearing summary</strong>: Overview of the clearing for the project management.</li> +<li><strong>Special risk open source software</strong>: Risks which occur out from usage of specific OSS components.</li> +<li><strong>General risk 3rd party software</strong>: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.</li> +<li><strong>Special risk 3rd party software</strong>: Specific risks which occur by using specific projects, including commercial projects.</li> +<li><strong>Sales and delivery channels</strong>: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.</li> +<li><strong>Remarks and additional requirements</strong>: Any additional relevant requirement.</li> +</ul> +<p><code>NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.</code></p> +</li> +</ol> +<h4 id="b-lifecycle-information"><strong>B.</strong> <strong>Lifecycle information</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png"/> +</figure> +<p>To add lifecycle information for your project:</p> +<ol> +<li> +<p>Select the values for <strong>Project state</strong> from the drop-down list.</p> +<ul> +<li>Active</li> +<li>Phase-out</li> +<li>Unknown</li> +</ul> +</li> +<li> +<p>Set <strong>System test begin</strong> and <strong>System test end</strong> dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.</p> +</li> +<li> +<p>Set <strong>Delivery start</strong> and <strong>Phase out</strong> dates. After the phase out date, maintenance is not required for the project.</p> +<p><code>NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.</code></p> +</li> +</ol> +<h4 id="c-license-info-header"><strong>C.</strong> <strong>License Info Header</strong></h4> +<p>The license info header can be set as a default header. However, you can edit this field as required.</p> +<h3 id="3-linked-releases-and-projects"><strong>3.</strong> <strong>Linked Releases and Projects</strong></h3> +<p>You can link other projects and releases to the project that you are adding. Click on <strong>Linked Releases and Projects</strong>, use navigation section.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png"/> +</figure> +<h4 id="a-linking-projects"><strong>A.</strong> <strong>Linking Projects</strong></h4> +<p>To add existing projects as a sub-project:</p> +<ol> +<li> +<p>Click on <strong>Add Projects</strong>, this action opens a dialogue box.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> +</figure> +</li> +<li> +<p>Search and select the projects which you would like to link.</p> +</li> +<li> +<p>Click on <strong>Link Projects</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> +</figure> +</li> +<li> +<p>After the project is linked, you can select the <strong>Project Relation</strong> for your sub-project from the drop-down list.</p> +<ul> +<li>Sub-project</li> +<li>Duplicate</li> +<li>Unknown</li> +<li>Related</li> +</ul> +</li> +<li> +<p>Check or uncheck <strong>Enable SVM</strong> as required.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png"/> +</figure> +</li> +<li> +<p>To link multiple projects, repeat the same procedure.</p> +</li> +<li> +<p>To delete a linked project, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="b-linking-releases"><strong>B.</strong> <strong>Linking releases</strong></h4> +<p>To add releases to your project:</p> +<ol> +<li> +<p>Click on <strong>Add Releases</strong>, this action opens a dialogue box.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_1.png"/> +</figure> +</li> +<li> +<p><strong>Search</strong> for the releases which you want to link or click on <strong>Releases of linked projects</strong> to view all the releases which are linked to the project.</p> +</li> +<li> +<p>Select all the releases which you want to link and click on <strong>Link releases</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_2.png"/> +</figure> +</li> +<li> +<p>After the release is linked, you can select the value for the <strong>Release relation</strong> from the drop-down list.</p> +<ul> +<li>Unknown</li> +<li>Contained</li> +<li>Related</li> +<li>Dynamically linked</li> +<li>Statically linked</li> +<li>Side by side</li> +<li>Standalone</li> +<li>Internal Use</li> +<li>Optional</li> +<li>To be replaced</li> +<li>Code snippet</li> +</ul> +</li> +<li> +<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> +<ul> +<li>Open</li> +<li>Mainline</li> +<li>Specific</li> +<li>Phaseout</li> +<li>Denied</li> +</ul> +</li> +<li> +<p>Add <strong>Comments</strong>, if required.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_3.png"/> +</figure> +</li> +<li> +<p>To link multiple releases/components, repeat the same procedure.</p> +</li> +<li> +<p>To delete a linked release, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<p>After all the information for the new project is filled out. Click on &ldquo;<strong>Create Project</strong>&rdquo; at the top.</p> +<p>If you do not want to create a project on any point of time, click on &ldquo;<strong>Cancel</strong>&rdquo; at the top.</p> +<h2 id="105-import-sbom">1.05 Import SBOM</h2> +<p>SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:</p> +<ol> +<li> +<p>Click on <strong>Import SBOM</strong> on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).</p> +</li> +<li> +<p>Drag and drop the file from your local system to the dialogue box or click on <strong>Browse File</strong> and select the file you want to import.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png"/> +</figure> +<p><code>NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.</code></br></p> +</li> +<li> +<p>After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.</p> +</li> +</ol> +<h2 id="106-edit-project">1.06 Edit Project</h2> +<p>You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:</p> +<ol> +<li> +<p>Search for the projects you want to edit or navigate from the project list.</p> +</li> +<li> +<p>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> +</figure> +from the actions column. You can also edit a project by clicking on the project and click on <strong>Edit Project</strong>.</p> +</li> +<li> +<p>Change the data for the project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</p> +</li> +<li> +<p>In this view, you can also add attachments for the project in this view, click on <strong>Attachments</strong>, use navigation section.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png"/> +</figure> +</br></p> +<ul> +<li>Click on <strong>Add Attachment</strong>, this action opens a dialogue box.</br></li> +<li>Browse and select the files which you want to upload or drag and drop them into the area.</br></li> +<li>Click on <strong>Upload</strong>.</br></li> +<li>Select the type of file from the drop-down list. </br></li> +<li>Select the status from the drop-down list.</br></li> +<li>If required, add <strong>comments</strong></br></li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Attachment_2.png"/> +</figure> +<ul> +<li>To delete an attachment, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</br></li> +</ul> +</li> +<li> +<p>After you modify the required fields, click on &ldquo;<strong>Update Project</strong>&rdquo;.</p> +</li> +<li> +<p>To delete the project, click on &ldquo;<strong>Delete Project</strong>&rdquo;.</p> +</li> +<li> +<p>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</p> +</li> +</ol> +<h2 id="107-duplicate-a-project">1.07 Duplicate a Project</h2> +<p>Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:</p> +<ol> +<li>Search for the projects you want to duplicate or navigate from the project list.</li> +<li>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> +</figure> +from the actions column to duplicate the project.</li> +<li>Modify the data for the duplicate project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</li> +<li>Click on &ldquo;<strong>Create Project</strong>&rdquo; after all changes are made.</li> +<li>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</li> +</ol> +<h2 id="108-deleting-a-project">1.08 Deleting a Project</h2> +<p>You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:</p> +<p><code>WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.</code></p> +<ol> +<li> +<p>Search for the projects you want to delete or navigate from the project list.</p> +</li> +<li> +<p>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +from the actions column to delete the project.</p> +</li> +<li> +<p>The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.</p> +</li> +<li> +<p>Click on <strong>Delete Project</strong>.</p> +</li> +<li> +<p>To cancel any changes that you made click on <strong>Cancel</strong>.</br></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png"/> +</figure> +</li> +</ol> +<h2 id="109-linking-a-project">1.09 Linking A Project</h2> +<p>There are multiple ways that you can link a project to another.</p> +<h3 id="a-linking-to-a-parent-project"><strong>A. Linking to a parent project</strong></h3> +<ol> +<li> +<p>Search for the projects you want to link or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project. Click on &ldquo;<strong>Link Projects</strong>&rdquo; on the top. This will open a dialogue box to search for the projects.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> +</figure> +</li> +<li> +<p>Search for the projects which you want to link.</p> +</li> +<li> +<p>Select the projects and click on <strong>Link Projects</strong>.</p> +</li> +<li> +<p>Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the <strong>click here to edit the project relation</strong> on the green prompt.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linking_project.png"/> +</figure> +</li> +<li> +<p>Again, the project opens up in edit mode.</p> +</li> +<li> +<p>Modify the project details as required for the linked project. Refer to <a href="#a-linking-projects">Link Projects</a>.</p> +</li> +<li> +<p>Click on <strong>&ldquo;Update Project&rdquo;</strong> to save your changes.</p> +</li> +</ol> +<h3 id="b-linking-a-child-project"><strong>B. Linking a child project</strong></h3> +<p>To add child projects to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> +<h2 id="110-linking-components-or-releases">1.10 Linking Components or Releases</h2> +<p>You can directly link a component or release to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> +<h3 id="a-link-component"><strong>A. Link Component</strong></h3> +<p>You can also link a component to a project while editing a project.</p> +<ol> +<li> +<p>Search for the projects you want to delete or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project, click on <strong>license clearing</strong>, use navigation section.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png"/> +</figure> +</li> +<li> +<p>Select the component/release from the list displayed. After which, which redirects you to its component page.</p> +</li> +<li> +<p>Click on &ldquo;<strong>Link to Projects</strong>&rdquo; to link this release/component to a project. This will open a dialogue box to search for the projects.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> +</figure> +</li> +<li> +<p>If you want to view the projects which are already linked to the components/release, check the box for <strong>show already linked projects</strong>.</p> +</li> +<li> +<p>Select the project which you want to link the component / release to and then click on <strong>link to project</strong>.</p> +</li> +</ol> +<h2 id="111-security-vulnerability-tracking-for-projects">1.11 Security Vulnerability tracking for Projects</h2> +<p>You can view all the security vulnerabilities for your project. To view vulnerability tracking status:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project, click on <strong>Vulnerability Tracking Status</strong>.</p> +</li> +<li> +<p>Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the &ldquo;security responsible&rdquo; is assigned. Refer to paragraphs <a href="#c-roles">C. Roles</a>.</p> +</li> +<li> +<p>You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png"/> +</figure> +</li> +<li> +<p>To view all the listed vulnerabilities for sub-projects of the parent project click on <strong>Vulnerabilities</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png"/> +</figure> +</li> +<li> +<p>If you want to view the complete data for a vulnerability, refer to <a href="../New%20Userguide/5.%20Vulnerabilities.pdf">5. Vulnerability</a>.</p> +</li> +</ol> +<h2 id="112-clearing-requests">1.12 Clearing Requests</h2> +<p>Each project needs license clearing and it is a project level activity.</p> +<h3 id="a-create-clearing-requests"><strong>A. Create Clearing Requests</strong></h3> +<p>To create a clearing request:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +or,</p> +</li> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>Click on <strong>Create Clearing Request</strong>, a dialogue box will appear.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png"/> +</figure> +</li> +<li> +<p>Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on <strong>Select Users</strong>.</p> +</li> +<li> +<p>Select the <strong>Preferred Clearing Date</strong>.</p> +</li> +<li> +<p>If required, add <strong>Comments</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png"/> +</figure> +</li> +<li> +<p>Click on &ldquo;<strong>Create Request</strong>&rdquo;.</p> +</li> +<li> +<p>To cancel any changes that you made click on <strong>Cancel</strong>.</p> +</li> +</ol> +<h3 id="b-view-clearing-requests"><strong>B. View Clearing Requests</strong></h3> +<p>You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +or,</p> +</li> +<li> +<p>Click on the required project.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>Click on <strong>View Clearing Request</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png"/> +</figure> +</li> +<li> +<p>A new dialogue box with the clearing request information will be displayed.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png"/> +</figure> +</li> +</ol> +<h3 id="c-edit-clearing-requests"><strong>C. Edit Clearing Requests</strong></h3> +<p>For more information on how to edit the existing clearing requests, refer to <a href="../New%20Userguide/6.%20Requests.pdf">6. Requests</a>.</p> +<h2 id="113-export-spreadsheet">1.13 Export Spreadsheet</h2> +<p>You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group &ldquo;SHS&rdquo;.</p> +<ol> +<li> +<p>Go to project home page.</p> +</li> +<li> +<p>If required, you can filter the projects using the advanced search options. Refer to <a href="#103-project-search">1.02 Project Search</a>.</p> +</li> +<li> +<p>After the search gives a result, click on <strong>Export Spreadsheet</strong> and select the option from the drop-down list.</p> +<ul> +<li>Projects only</li> +<li>Projects with linked releases</li> +</ul> +</li> +<li> +<p>A file will now be downloaded to your local system with the required information.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png"/> +</figure> +</li> +</ol> +<p><code>NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.</code></p> +<h2 id="114-generate-license-info">1.14 Generate License Info</h2> +<p>You can generate a read me OSS file of all the license information for a project. To generate license information:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>The page displays the list of all the releases listed and their respective release clearing state in the <em><strong>state</strong></em> column. Each of the releases has license information in the form of CLI files. You can view this information in the <em><strong>main licenses</strong></em> or <em><strong>other licenses</strong></em> column. +Generating a license info will create a read me OSS document combining all the licenses.</p> +</li> +<li> +<p>Click on <strong>Generate license info</strong> and select the options from the drop-down list.</p> +<ul> +<li>Project only</li> +<li>Project with sub project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png"/> +</figure> +</li> +<li> +<p>After your selection, you are redirected to another page where you can further modify the output of the license information.</p> +</li> +<li> +<p>Select <strong>Show all</strong> to view all the license information or <strong>Only Approved</strong> to view approved licenses.</p> +</li> +<li> +<p>Select which CLI you want to publish the information from the list displayed below.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png"/> +</figure> +</li> +<li> +<p>Click on <strong>Download</strong>. A new Dialogue box will appear asking for your preferences.</p> +</li> +<li> +<p>Check the required boxes and select an output format.</p> +</li> +<li> +<p>Click on <strong>Download</strong> to get a Readme.OSS file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png"/> +</figure> +</li> +</ol> +<h2 id="115-generate-source-code-bundle">1.15 Generate Source Code Bundle</h2> +<p>Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:</p> +<ol> +<li> +<p>To select the project, use the search option or navigate from the project list and click on it.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>The window shows a list of all the releases listed. Click on <strong>Generate Source Code Bundle</strong> and select the option from the drop-down list.</p> +<ul> +<li>Project only</li> +<li>Project with sub project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_1.png"/> +</figure> +</li> +<li> +<p>After you select, you are redirected to another page which lists all the source code information.</p> +</li> +<li> +<p>Select the required source code and click <strong>Download</strong>.</p> +</li> +<li> +<p>A combined zip file comprising of all the select source code will be downloaded.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_2.png"/> +</figure> +</li> +</ol>Docs: Componentshttps://www.eclipse.org/sw360/docs/userguide/components/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/components/ +<h1 id="20-components">2.0 Components</h1> +<h2 id="201-introduction">2.01 Introduction</h2> +<p>The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.</p> +<p>To open a component page, click <strong>Components</strong> tab from the main menu. +You can find a particular component with Advanced Search, you can also add and edit components in this page.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentPage.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#203-component-search">Advanced Search</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#204-add-component">Add Component</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#207-import-spdx-bom">Import SPDX BOM</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#208-export-spreadsheet">Export Spreadsheet</a></td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left"><a href="#202-component-list">Component List</a></td> +</tr> +</tbody> +</table> +<h2 id="202-component-list">2.02 Component List</h2> +<p>On the component page, you can view all the components that are relevant to you. The components are listed with the following information:</p> +<ul> +<li><strong>Vendor</strong>: Vendor is organization which is selling the component or the community which is hosting the component.</li> +<li><strong>Component Name</strong>: All components are listed by their names.</li> +<li><strong>Main Licenses</strong>: The list of main licenses available for a component are displayed.</li> +<li><strong>Component Type</strong>: Lists all the components by their type. For more information on component types, refer to <a href="#a-general-information">A. General Info</a>.</li> +<li><strong>Actions</strong>: You can perform the following actions for a component: +<table> +<thead> +<tr> +<th style="text-align:center">Action</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png"/> +</figure> +</td> +<td style="text-align:left">To edit a component</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png"/> +</figure> +</td> +<td style="text-align:left">To delete the component from SW360.</td> +</tr> +</tbody> +</table> +</li> +</ul> +<p><strong>NOTE: CLICK ON +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png"/> +</figure> +TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="203-component-search">2.03 Component Search</h2> +<p><strong>Advanced Search</strong> dialogue box is used to search for a particular component.</p> +<ol> +<li>Search the component with <strong>Component Name</strong> and <strong>Categories</strong>.</li> +<li>Search the component with <strong>Component Type</strong>. Select the component type from the drop-down list. For more information on the component types, refer to <a href="#a-general-information">A. General Information</a>.</li> +<li>Search components with their coding <strong>Languages</strong>, <strong>Software Platforms</strong>, <strong>Operating Systems</strong>, <strong>Vendors</strong> and <strong>Main Licenses</strong>.</li> +<li>Search components with <strong>Created by (Email)</strong>.</li> +<li>You can use <strong>Created on</strong> field to search for the components created on specific dates or specific time frames.</li> +</ol> +<h2 id="204-add-component">2.04 Add Component</h2> +<p>To add a new component, click <strong>Add Component</strong> from the component page, this will redirect you to another page where you can add component summary information.</p> +<h3 id="1-summary"><strong>1. Summary</strong></h3> +<h4 id="a-general-information"><strong>A. General Information</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png" alt=""></p> +<ol> +<li>Enter the <strong>Name</strong> of the component you want to create.</BR> +<code>NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.</code></BR></li> +<li>Select the <strong>Component Type</strong> from the drop-down list. +<ul> +<li>OSS: Open-Source Software</li> +<li>COTS: Commercial off-the-shelf</li> +<li>Internal: Internally used</li> +<li>Inner Source: OSS within a particular organization</li> +<li>Services: Developed as a service</li> +<li>Freeware: Software that is available free of cost</li> +<li>Code snippet: A small code which shows how to accomplish a specific task</li> +</ul> +</li> +<li>The field <strong>Created by</strong> is set automatically to the creator/owner of the component.</li> +<li>Click on <strong>Default Vendor</strong> field. +<ul> +<li>This opens a dialogue box, use the type field to search for the vendors.</li> +<li>Select the vendors</li> +<li>Click on <strong>Select Vendor</strong>.</li> +</ul> +</li> +<li>When you start typing in the <strong>Categories</strong> field, a list of categories that match are displayed to choose from.</li> +<li>Enter the <strong>Homepage URL</strong>, this is the web address for your component.</li> +<li>Enter a <strong>Short Description</strong> for your component.</li> +<li>Enter the <strong>Blog URL</strong>, this is the web address for the blog of your component.</li> +<li><strong>Modified on</strong> date will be set automatically.</li> +<li>Enter the <strong>Wiki URL</strong>, this is web address for the wiki page of your component.</li> +<li><strong>Modified by</strong> will be set automatically.</li> +<li>Enter the <strong>Mailing List URL</strong>, this is the web address of the mailing list of your component.</li> +</ol> +<h4 id="b-roles"><strong>B. Roles</strong></h4> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Roles.png" alt=""></p> +<ol> +<li> +<p><strong>Component owner</strong> holds the component. Click on the field to select <strong>Component Owner</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Component Owner.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Addproject_5.png" alt=""></p> +</li> +<li> +<p>Select a country from the list to assign as <strong>Owner Country</strong>.</p> +</li> +<li> +<p>Enter the <strong>Owner Accounting Unit</strong>.</p> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the component. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the moderator.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<p><code> NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.</code></p> +<ol> +<li>Enter the <strong>Owner Billing Group</strong>.</li> +</ol> +<h4 id="c-additional-roles"><strong>C. Additional Roles</strong></h4> +<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/additionalroles1.png" alt=""></p> +<ol> +<li> +<p>Select the type of <strong>role</strong> from the drop-down list.</p> +<ul> +<li>Committer</li> +<li>Contributor</li> +<li>Expert</li> +</ul> +</li> +<li> +<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same +procedure.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png" alt=""></p> +</li> +<li> +<p>To delete an additional role, click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> +</li> +</ol> +<h4 id="d-external-ids"><strong>D. External Ids</strong></h4> +<p>For more information on how to add an <strong>External ID</strong> for your component, refer to <a href="1.ProjectPage.md/#e-external-ids">E. External Ids</a>.</p> +<h4 id="e-additional-data"><strong>E. Additional Data</strong></h4> +<p>For more information on how to add an <strong>Additional Data</strong> for your component, refer to <a href="1.ProjectPage.md/#f-additional-data">F. Additional Data</a>.</p> +<p>After all the summary information is filled click on <strong>Create Component</strong>, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:</p> +<ul> +<li><strong>Releases</strong></li> +<li><strong>Attachments</strong></li> +</ul> +<h3 id="2-releases"><strong>2. Releases</strong></h3> +<p>A release is a specific version of a component. To add Release information for your component:</p> +<ol> +<li> +<p>Click on <strong>Releases</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Componentreleases.png" alt=""></p> +</li> +<li> +<p>Then click on <strong>Add Releases</strong>. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information</br></p> +<ul> +<li><strong>Summary</strong></li> +<li><strong>Linked Releases</strong></li> +</ul> +</li> +</ol> +<h4 id="a-summary"><strong>A. Summary</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release1.png" alt=""></p> +<ol> +<li>Click on the field to select the <strong>Vendor</strong> for your component. This opens a dialogue box, search and select the vendor and click on <strong>Select Vendor</strong>.</li> +<li>Enter the <strong>Programming Languages</strong> used for the release.</li> +<li><strong>Name</strong> for the release will be auto generated from the name given to the component.</li> +<li>Enter the <strong>Operating Systems</strong> used for the release.</li> +<li>Enter the <strong>Version</strong> for the release.</li> +<li>Enter the <strong>CPE (Common Platform Enumeration) ID</strong> for the release.</li> +</ol> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release2.png" alt=""></p> +<ol start="7"> +<li> +<p>Enter the <strong>Software Platforms</strong> for the release.</p> +</li> +<li> +<p>Click on the field <strong>Other License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> +</li> +<li> +<p>Set <strong>Release Date</strong>.</p> +</li> +<li> +<p>Enter the <strong>Source Code Download URL</strong>. This is the web address from where source code of the release can be downloaded.</p> +</li> +<li> +<p>Click on the field <strong>Main License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> +</li> +<li> +<p>Enter <strong>Binary Download URL</strong>. This is the web address from where binary of the release can be downloaded.</p> +</li> +<li> +<p><strong>Clearing state</strong> will be set to &ldquo;new&rdquo; by default.</p> +</li> +<li> +<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> +<ul> +<li>Open: No license clearing</li> +<li>Mainline: Permissive license with no specific obligations</li> +<li>Specific: Permissive license with additional obligations with standard obligations</li> +<li>Phaseout: Not used anymore</li> +<li>Denied: Not to be used because of a specific reason</li> +</ul> +</li> +<li> +<p><strong>Created on</strong> is set automatically.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release3.png" alt=""></p> +</li> +<li> +<p><strong>Created by</strong> is set automatically.</p> +</li> +<li> +<p><strong>Modified on</strong> is set automatically.</p> +</li> +<li> +<p>Click on the field to select <strong>Contributors</strong>. This opens a dialogue box, search and select the contributors and click on <strong>Select Users</strong>.</p> +</li> +<li> +<p><strong>Modified by</strong> is set automatically.</p> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the release. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the moderator.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<p><strong>Additional Roles</strong>, refer to <a href="#3-additional-roles">3. Additional Roles</a>.</p> +<p><strong>External Ids</strong>, refer to <a href="#4-external-ids">4. External Ids</a>.</p> +<p><strong>Additional Data</strong>, refer to <a href="#5-additional-data">5. Additional Data</a>.</p> +<p><strong>Release Repository</strong></p> +<p>You can add a release repository URL for your release. To add a release repository:</p> +<ol> +<li> +<p>Select the <strong>Repository Type</strong> from the drop-down list.</p> +</li> +<li> +<p>Enter the <strong>Repository URL</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Releaserepository.png" alt=""></br></p> +</li> +</ol> +<h4 id="b-linked-releases"><strong>B. Linked Releases</strong></h4> +<p>To add linked releases to your release, click on linked releases. For more information, refer to <a href="1.ProjectPage.md/#b-linking-releases">B. Linking Releases</a>.</p> +<p>Click on <strong>Create Release</strong> to add more information for this release.</p> +<h4 id="c-clearing-details"><strong>C. Clearing Details</strong></h4> +<p>Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. +To add clearing information to your release, click on <strong>Clearing Details</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png" alt=""></p> +<ul> +<li>Check the boxes for all applicable clearing details.</li> +<li>Enter the applicable data for <strong>Scanned</strong> and <strong>Clearing Standard</strong>. For e.g., date or specific version of your License Scanner.</li> +<li>Enter <strong>External URL</strong> for the release.</li> +<li>Add <strong>Comments</strong>.</li> +</ul> +<p><strong>Request Information</strong></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png" alt=""></p> +<p>To request more information regarding the release, follow the procedure:</p> +<ul> +<li>Enter <strong>Request ID</strong> and <strong>Additional request Info</strong>.</li> +<li>Set <strong>Evaluation Start</strong> and <strong>Evaluation End</strong> date.</li> +</ul> +<p><strong>Supplemental Information</strong></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png" alt=""></p> +<p>You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.</p> +<ul> +<li>Enter <strong>External Supplier Id</strong> and the count of <strong>Vulnerabilities</strong>.</li> +</ul> +<h4 id="d-ecc-details"><strong>D. ECC Details</strong></h4> +<p><code>NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.</code></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png" alt=""></p> +<p>To enter ECC details for a release click on <strong>ECC Details</strong>.</p> +<ul> +<li>Select the <strong>ECC Status</strong> from the drop-down list. +<ul> +<li>Open</li> +<li>In progress</li> +<li>Approved</li> +<li>Rejected</li> +</ul> +</li> +<li>Add <strong>ECC Comment</strong>, if required.</li> +<li>Enter <strong>Ausfuhrliste</strong>, this is a German ECC number.</li> +<li>Enter <strong>ECCN</strong> and <strong>Material Index Number</strong>.</li> +<li><strong>Assessor Contact Person</strong>, <strong>Assessor Department</strong> and <strong>Assessment date</strong> will be set automatically.</li> +</ul> +<h4 id="e-attachments"><strong>E. Attachments</strong></h4> +<p>You can add or modify the attachments to your release. To add attachments, click on <strong>Attachments</strong> on the left. For more information on how to add attachments to the release, refer to <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</p> +<h2 id="heading"></h2> +<p>After entering all the release information, click on <strong>Update Release</strong>.</p> +<p>To delete the release, click on <strong>Delete Release</strong>.</p> +<p>If you do not want to create a release, click on <strong>Cancel</strong>.</p> +<h2 id="205-edit-component">2.05 Edit Component</h2> +<ol> +<li>Search for the components you want to edit or navigate from the component list.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column. You can also edit a component by clicking on the component and then clicking on <strong>Edit Component</strong>.</li> +<li>You can view summary, releases, and attachment information of the component.</li> +<li>Click on <strong>Summary</strong> to edit component summary information. For more information on the fields to edit, refer to <a href="#1-summary">1. Summary</a>.</li> +<li>Click on <strong>Releases</strong> to view all the releases that are linked to the component. If you want to add more releases to the component click on <strong>Add Releases</strong> at the bottom of the list. For more information on how to add a release, refer to <a href="#2-releases">2. Releases</a>.</li> +<li>Click on <strong>Attachments</strong> to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</li> +<li>To update the new component information, click on <strong>Update Component</strong>.</li> +<li>To delete the component, click on <strong>Delete Component</strong>.</li> +<li>If you do not want to edit the component, click on <strong>Cancel</strong>.</li> +</ol> +<h2 id="206-view-component">2.06 View Component</h2> +<p>To open a view mode for a component:</p> +<ol> +<li>Search for the components you want to edit or navigate from the component list.</li> +<li>Click on the component name.</li> +<li>You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.</li> +<li>You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.</li> +</ol> +<h3 id="a-merge"><strong>A. Merge</strong></h3> +<p>This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. +To merge a component with another, click on <strong>Merge</strong>. This action will redirect you to another page where you can:</p> +<ol> +<li>Choose the from the list of components that should be merged into the current one.</li> +<li>Merge the data from the source into the target component.</li> +<li>Check the merged component and confirm the merge.</li> +</ol> +<h3 id="b-split"><strong>B. Split</strong></h3> +<p>This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.</p> +<p>To Split a component, click on <strong>Split</strong>. This action will redirect you to another page where you can:</p> +<ol> +<li>Choose a target component into which the current component needs to split.</li> +<li>Split the data from current component to the target component.</li> +<li>Check the split version of the component and confirm the split.</li> +</ol> +<h3 id="c-subscribe"><strong>C. Subscribe</strong></h3> +<p>You can <strong>Subscribe</strong> to a component to get notified with emails when any changes are made to the component.</p> +<p>To not get notified for a particular component, click <strong>Unsubscribe</strong>.</p> +<h3 id="d-view-component-information"><strong>D. View Component Information</strong></h3> +<p>You can view component information by navigating the navigation tree.</p> +<ol> +<li>To view component summary, click on <strong>Summary</strong>. To edit summary information for the component, refer to <a href="#205-edit-component">2.05 Edit Component</a>.</li> +<li>Click on <strong>Release Overview</strong> to view all the releases for the component. To edit details for any of the linked releases click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column, this will redirect you to a release view page where you can view the following: -<ul> -<li>Release Summary</li> -<li>Linked Releases</li> -<li>Clearing Details</li> -<li>ECC details</li> -<li>Attachments</li> -<li>Vulnerabilities</li> -<li>Change Log</li> -</ul> -</li> -</ol> -<p>For more information on these sections, refer to <a href="#2-releases">2. Releases</a>.</p> -<h4 id="clearing-details"><strong>Clearing Details</strong></h4> -<p>You can view the following clearing information for the release in view mode:</p> -<ul> -<li>SPDX Attachments</li> -<li>Assessment Summary info</li> -</ul> -<p><strong>SPDX Attachments</strong></p> -<p>SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png" alt=""></p> -<ul> -<li>Click on <strong>Show license info</strong> to view main license Ids and Other license ids.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png" alt=""></p> -<ul> -<li>If you want to add this data to the current release, click on <strong>Add data to this release</strong>.</li> -</ul> -<p><strong>Assessment Summary Info</strong></p> -<p>You can view if the clearing expert has added any summary in the clearing report.</p> -<ul> -<li>To view the summary, click on <strong>Show Assessment Summary info</strong>.</li> -<li>If there are multiple approved releases, this section will display text &ldquo;<strong>multiple approved CLI found in release</strong>&rdquo;.</li> -</ul> -<h4 id="vulnerabilities"><strong>Vulnerabilities</strong></h4> -<p>All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png" alt=""></p> -<ol> -<li>Click on <strong>Vulnerability</strong> on the left to view all the linked vulnerabilities for this release/component.</li> -<li>You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.</li> -<li>To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.</li> -</ol> -<h4 id="change-log"><strong>Change Log</strong></h4> -<p>You can see all the changes that are done for the release/component in change log section.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png" alt=""></p> -<ol> -<li>To view all the changes done for the release click on <strong>Change Log</strong>.</li> -<li>You can now view change date, change log id, change type and user.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog1.png" alt=""> to view all the changes done for a change log id.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog2.png" alt=""> to view the moderation request details for a change log id.</li> -</ol> -<h2 id="207-import-spdx-bom">2.07 Import SPDX BOM</h2> -<p>For more information on importing SBOM, refer to <a href="1.ProjectPage.md/#105-import-sbom">1.05 Import SBOM</a>.</p> -<h2 id="208-export-spreadsheet">2.08 Export Spreadsheet</h2> -<p>For more information on exporting spreadsheet, refer to <a href="1.ProjectPage.md/#113-export-spreadsheet">1.13 Export Spreadsheet</a>.</p> - - - - - - Docs: Licenses - https://www.eclipse.org/sw360/docs/userguide/licenses/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/licenses/ - - - - <h1 id="30-licenses">3.0 Licenses</h1> -<h2 id="31-introduction">3.1 Introduction</h2> -<p>A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.</p> -<p>To open the License page, click on the <strong>License tab</strong> from the main menu bar. You can also add licenses in this page.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/License_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#32-quick-filter">Quick Filter</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#34-add-license">Add License</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="1.%20ProjectPage.pdf">Export Spreadsheet, refer to Project Page</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#33-license-list">License List</a></td> -</tr> -</tbody> -</table> -<h2 id="32-quick-filter">3.2 Quick Filter</h2> -<p>You can use the Quick Filter to search for a License. To search for a particular license, use the type field.</p> -<h2 id="33-license-list">3.3 License List</h2> -<p>On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:</p> -<ul> -<li> -<p><strong>License Shortname</strong>: Short name given for the license.</p> -</li> -<li> -<p><strong>License Fullname</strong>: Full name given for the license.</p> -</li> -<li> -<p><strong>Is checked</strong>: This column indicates if the license is checked or unchecked.</p> -<table> -<thead> -<tr> -<th>Symbol</th> -<th style="text-align:center">Status</th> -<th></th> -</tr> -</thead> -<tbody> -<tr> -<td> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Checked.png"/> -</figure> -</td> -<td style="text-align:center">Checked</td> -<td></td> -</tr> -<tr> -<td> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Unchecked.png"/> -</figure> -</td> -<td style="text-align:center">Unchecked</td> -<td></td> -</tr> -</tbody> -</table> -</li> -<li> -<p><strong>License Type</strong>: Type of the License.</p> -</li> -</ul> -<p><strong>NOTE: CLICK ON <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="34-add-license">3.4 Add License</h2> -<p>To add a new License, click on <strong>Add License</strong> on the license page, which redirects you to another page -where you can add License details.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Create_License.png" alt=""></p> -<ol> -<li>Enter <strong>Full Name</strong> of the license you want to add.</li> -<li>You can select if the license has an OSI (Open Source Initiative) approval. Select the values for <strong>OSI Approved?</strong> from the drop-down list. -<ul> -<li>n/a: Not applicable</li> -<li>Yes</li> -</ul> -</li> -<li>Enter the <strong>License Text</strong>.</li> -<li>Enter <strong>Short Name</strong> for the license.</li> -<li>You can select if the license is an FSF (Free Software Foundation) license. Select the values for <strong>FSF Free/Libre</strong> from the drop-down list. -<ul> -<li>n/a: Not applicable</li> -<li>Yes</li> -</ul> -</li> -<li>Check the box if the license is checked.</li> -<li>Select the <strong>License Type</strong> from the drop-down list.</li> -<li>Click on <strong>Create License</strong> to create a new license</li> -<li>If you do not want to add a license at any point of time, click on <strong>Cancel</strong>.</li> -</ol> -<h2 id="35-view-license">3.5 View License</h2> -<p>To open a view mode for a license:</p> -<ol> -<li> -<p>Search for the License you want to view or navigate from the License list. Click on the License Shortname.</p> -</li> -<li> -<p>You are now in view mode of the license, and you can view all the details of the license like:</p> -<ul> -<li>License Details</li> -<li>License Text</li> -<li>Obligation</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/View_License.png" alt=""></p> -</li> -</ol> -<h2 id="36-edit-license">3.6 Edit License</h2> -<p>The <strong>Edit License</strong> option is used to modify license details for existing licenses. To edit a license, follow the below procedure:</p> -<ol> -<li> -<p>Search for the license you want to view or navigate from the License list. Click on the License Shortname.</p> -</li> -<li> -<p>You are now in view mode of the license, click on <strong>Edit License</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Edit_License.png" alt=""></p> -</li> -<li> -<p>Modify License Details as required. For more information on the fields, refer to <a href="#34-add-license">3.4 Add License</a>.</p> -</li> -<li> -<p>You can also add license obligations in this view. To add License obligations, click on Linked Obligations.</p> -</li> -<li> -<p>Click on <strong>Add Obligation</strong>, a dialogue box will appear with a list of all the obligations that are available in SW360.</p> -</li> -<li> -<p>Use the search field to select the required obligation and click <strong>Add</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png" alt=""></p> -</li> -<li> -<p>To delete an obligation that is already linked, click <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> -</li> -<li> -<p>If you do not want to make changes to the license at any point of time, click on <strong>Cancel</strong>.</p> -</li> -<li> -<p>If you want to delete the license, click on <strong>Delete License</strong>.</p> -</li> -</ol> - - - - - - Docs: Requests - https://www.eclipse.org/sw360/docs/userguide/requests/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/requests/ - - - - <h1 id="6-requests">6. Requests</h1> -<p>Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:</p> -<ol> -<li>Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page. </br> -<ul> -<li>My Task Assignments: Moderation requests that are pending for your approval.</li> -<li>My Task Submissions: Moderation requests that are created by you.</li> -</ul> -</li> -<li>Clearing Request: For more information on clearing requests, refer to <a href="1.%20ProjectPage.pdf">1.12 Clearing Requests, Project Page</a>.</li> -</ol> -<p>To open the Requests page, click on the <strong>Requests tab</strong> from the main menu.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Request_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#61-moderation-requests">Moderation Requests</a> or <a href="#62-clearing-request">Clearing Requests</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#1-search-moderation-requests">Search Moderation Requests</a> or <a href="#2-search-clearing-requests">Search Clearing Request</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#1-moderation-request-list">Moderation Request List</a> or <a href="#1-clearing-requests-list">Clearing Request List</a></td> -</tr> -</tbody> -</table> -<h2 id="61-moderation-requests">6.1 Moderation Requests</h2> -<h3 id="1-moderation-request-list">1. Moderation Request list</h3> -<p>Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. -Moderation requests are further categorized into two types:</p> -<ul> -<li><strong>Open Moderation Requests</strong>: The moderation requests which are pending for approval. To view the list of open requests, click <strong>Open Moderation Requests</strong>.</li> -<li><strong>Closed Moderation Requests</strong>: The moderation requests which are approved. To view the list of closed requests, click <strong>Closed Moderation Requests</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png" alt=""></p> -<p>The moderation requests are listed with the following information:</p> -<ul> -<li><strong>Date</strong>: Date of the creation of the request.</li> -<li><strong>Type</strong>: The document type for the moderation request created.</li> -<li><strong>Document Name</strong>: Name of the document (Project/Component/Release).</li> -<li><strong>Requesting User</strong>: Email Id of the user who created the moderation request.</li> -<li><strong>Department</strong>: Department of the requesting user.</li> -<li><strong>Moderators</strong>: List of the moderators for that project/component/release.</li> -<li><strong>State</strong>: State (In Progress/Pending/Approved/Rejected) of the moderation request.</li> -<li><strong>Actions</strong></li> -</ul> -<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> -<h3 id="1-search-moderation-requests">1. Search Moderation Requests</h3> -<ol> -<li>Search with <strong>Date</strong> the request was created.</li> -<li>Search the request with the document <strong>Type</strong> and select from the drop-down list. -<ul> -<li>OSS</li> -<li>COTS</li> -<li>Internal</li> -<li>Inner Source</li> -<li>Service</li> -<li>Freeware</li> -<li>Code Snippet</li> -</ul> -</li> -<li>Search the request with <strong>Document Name</strong>.</li> -<li>Search the request with <strong>Requesting User</strong>.</li> -<li>Search the request with <strong>Department</strong>.</li> -<li>Search the request with <strong>State</strong> and select from the drop-down list. -<ul> -<li>Approved</li> -<li>Pending</li> -<li>Rejected</li> -<li>In Progress</li> -</ul> -</li> -</ol> -<h3 id="3-edit-moderation-requests">3. Edit Moderation Requests</h3> -<p>To edit a moderation request, click on <strong>Open Moderation Request / Closed Moderation Request</strong> on the request page.</p> -<ol> -<li> -<p>Search for the request you want to edit or navigate from the request list.</p> -</li> -<li> -<p>Click on the request you want to edit. You will now be redirected to another page with details of the request.</p> -</li> -<li> -<p>You can view the following moderation request information:</p> -<ul> -<li>Requesting user</li> -<li>Submitted on</li> -<li>Comment from the requested user</li> -<li>Status of the request</li> -<li>Moderator assigned</li> -<li>Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png" alt=""></p> -</li> -<li> -<p>Click on <strong>Proposed Changes</strong> to view:</p> -<ul> -<li>Field name the changes are requested for</li> -<li>Current Value of the field</li> -<li>Former Value of the field</li> -<li>Suggested Value for the field</li> -<li>Attachments, if added</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png" alt=""></p> -</li> -<li> -<p>To preview the current document, click on <strong>Current Release/Current Project</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png" alt=""></p> -</li> -<li> -<p>To accept the changes of the moderation request, click on <strong>Accept Request</strong>.</p> -</li> -<li> -<p>To reject changes for the moderation request, click on <strong>Decline Request</strong>.</p> -</li> -<li> -<p>To postpone a moderation request, click on <strong>Postpone request</strong>.</p> -</li> -<li> -<p>If you do not want to be a moderator for this request, click on <strong>Remove Me from Moderators</strong>.</p> -</li> -<li> -<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> -</li> -</ol> -<h2 id="62-clearing-request">6.2 Clearing Request</h2> -<h3 id="1-clearing-requests-list">1. Clearing Requests list</h3> -<p>Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.</p> -<ul> -<li><strong>Open Clearing Requests</strong>: The clearing requests which are pending approval. To view the list of open requests, click <strong>Open Clearing Requests</strong>.</li> -<li><strong>Closed Clearing Requests</strong>: The clearing requests which are approved. To view the list of closed requests, click <strong>Closed Clearing Requests</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png" alt=""></p> -<p>The clearing requests are listed with the following information:</p> -<ul> -<li><strong>Request Id</strong>: Request ID number of the clearing request.</li> -<li><strong>BA/BL Group</strong>:</li> -<li><strong>Project</strong>: Name of the project the clearing request belongs to.</li> -<li><strong>Status</strong>: Status of the clearing request, rejected or closed.</li> -<li><strong>Requesting User</strong>: Username of the user who created the clearing request.</li> -<li><strong>Clearing Team</strong>: Person responsible for the approval of the clearing request.</li> -<li><strong>Created on</strong>: Creation date of the clearing request.</li> -<li><strong>Preferred Clearing Date</strong>: The proposed date of completion of clearing request.</li> -<li><strong>Agreed Clearing Date</strong>: The agreed date of completion for clearing request.</li> -<li><strong>Request Closed on</strong>: The actual date the clearing request is closed.</li> -<li><strong>Clearing Progress</strong> (Only applicable for open clearing requests)</li> -<li><strong>Actions</strong>: Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png" alt=""> to edit the clearing request.</li> -</ul> -<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> -<h3 id="2-search-clearing-requests">2. Search Clearing Requests:</h3> -<ol> -<li>Search the request with <strong>Select date type and range</strong>.</li> -<li>Search the request with <strong>Priority</strong> and select from the drop-down list. -<ul> -<li>Low</li> -<li>Medium</li> -<li>High</li> -<li>Critical</li> -</ul> -</li> -<li>Search the request with <strong>BA BL group</strong>.</li> -<li>Search the request with <strong>Status</strong> and select from the drop-down list. -<ul> -<li>New</li> -<li>Accepted</li> -<li>In Queue</li> -<li>In Progress</li> -<li>Awaiting Response</li> -</ul> -</li> -</ol> -<h3 id="3-edit-clearing-requests">3. Edit Clearing Requests</h3> -<p>To edit a clearing request, click on <strong>Open Clearing Request / Closed Clearing Request</strong> on the request page.</p> -<ol> -<li> -<p>Search for the request you want to edit or navigate from the request list.</p> -</li> -<li> -<p>You can also use <strong>Quick Filter</strong> to search for a request.</p> -</li> -<li> -<p>Click on the request you want to edit, this will redirect you to another page with details of the request.</p> -</li> -<li> -<p>To modify the clearing request, click on <strong>Edit Request</strong>.</p> -</li> -<li> -<p>You can view the following <strong>clearing request information for the project</strong>:</p> -<ul> -<li>Requesting User</li> -<li>Created On</li> -<li>Preferred Clearing Date</li> -<li>Business Area/Line</li> -<li>Requester Comment</li> -<li>Clearing</li> -<li>Request Status: You can modify the request status as required. Select the required value from the drop-down list. -<ul> -<li>New</li> -<li>Accepted</li> -<li>Rejected</li> -<li>In Queue</li> -<li>In Progress</li> -<li>Closed</li> -<li>Awaiting Response</li> -</ul> -</li> -<li>Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. -<ul> -<li>Low: Clearing date is greater than 4 weeks</li> -<li>Medium: Clearing time is less than 2-4 weeks</li> -<li>High: Clearing time is less than 2 weeks</li> -<li>Critical: Clearing time is less than 1 week<br> -<code> NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.</code></li> -</ul> -</li> -<li>Clearing team: Click on the field to select the <strong>Clearing Team</strong> for the request. This opens a dialogue box, search and select the clearing expert and click on <strong>Select Users</strong>.</li> -<li>Agreed Clearing Date: Click on the field to set the clearing date</li> -<li>Last Updated on</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png" alt=""></p> -</li> -<li> -<p>Click on <strong>Clearing request comments</strong> to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click <strong>Add Comment</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png" alt=""></p> -</li> -<li> -<p>After making the changes, click on <strong>Update Request</strong>.</p> -</li> -<li> -<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> -</li> -</ol> - - - - - - Docs: Search - https://www.eclipse.org/sw360/docs/userguide/search/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/search/ - - - - <h1 id="7-search">7. Search</h1> -<p>On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Search_Page.png" alt=""></p> -<p>To search for a particular (object), click on Search tab and follow the procedure:</p> -<ol> -<li>Type the <strong>keyword</strong> in the text field.</li> -<li>The checkbox in <strong>Restrict To Type</strong> allows you to further restrict your search to a specific (object), you can choose to restrict the <strong>type</strong> to projects, components, licenses etc.</li> -<li>Click on <strong>Search</strong> to get the search results</li> -<li>Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.</li> -</ol> -<h3 id="wildcards">Wildcards</h3> -<p>The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use &lsquo;?&rsquo; and for multiple character wildcard he can use &lsquo;*&rsquo;. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.</p> - - - - - - Docs: Preferences - https://www.eclipse.org/sw360/docs/userguide/preferrences/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/preferrences/ - - - - <h1 id="8-preferences">8. Preferences</h1> -<p>The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. -To open the Preferences page, click on the <strong>Preference</strong> tab from the main menu.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#82-email-notification-preferences">Email Notification Preferences</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#81-sw360-user-information">SW360 User Information</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#83-rest-api-tokens">REST API Token </a></td> -</tr> -</tbody> -</table> -<h2 id="81-sw360-user-information">8.1 SW360 User Information</h2> -<p>On the <strong>SW360 User</strong> section you can view the following information:</p> -<ul> -<li><strong>Name</strong></li> -<li><strong>E-mail</strong></li> -<li><strong>Primary Department</strong></li> -<li><strong>External ID</strong>: This is your organization ID.</li> -<li><strong>Primary Department Role</strong>: This is the role you are assigned in SW360.</li> -<li><strong>Secondary Departments and Roles</strong>: Any other roles which are assigned.</li> -</ul> -<h2 id="82-email-notification-preferences">8.2 Email Notification preferences</h2> -<p>To modify your email notifications, follow the procedure:</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png" alt=""></p> -<ol> -<li>Check the <strong>Enable E-mail notifications</strong> box which activates Email notifications.</li> -<li>Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the <strong>Project</strong> section. This section will display an expanded view of the available roles.</li> -<li>Select the roles that you want to be notified.</li> -<li>You can repeat the above procedure for other sections, i.e., <strong>Component</strong>, <strong>Release</strong>, <strong>Moderation</strong> and, <strong>Clearing</strong>.</li> -<li>Click on <strong>Update Settings</strong> to update the changes done.</li> -</ol> -<h2 id="83-rest-api-tokens">8.3 REST API Tokens</h2> -<p>REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.</p> -<p>You can generate a REST API token for read access, by following the procedure:</p> -<ol> -<li>Enter a token <strong>Name</strong>.</li> -<li>Check the <strong>Authorities</strong> box if you wish to give read access.</li> -<li>Set an <strong>Expiration Date</strong> for the token.</li> -<li>Click on <strong>Generate Token</strong>.</li> -</ol> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png" alt=""></p> - - - - - - Docs: Administrator Menu - https://www.eclipse.org/sw360/docs/administrationguide/menu/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/menu/ - - - - <p>The <strong>admin menu</strong> consists of the following items:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/admin_menu.png"/> -</figure> - -<ul> -<li> -<p><strong>User</strong>: Displays the list of <strong>Liferay Users</strong>. One can also download or upload new users in this section</p> -</li> -<li> -<p><strong>Vendors</strong>: Displays the list of the <strong>Vendors</strong> that can be managed by the admin</p> -</li> -<li> -<p><strong>Bulk License Edit</strong>: List of licenses can be edited together in this section</p> -</li> -<li> -<p><strong>Licenses</strong>: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section</p> -</li> -<li> -<p><strong>Obligations</strong>: To manage different types of Obligations on the basis of obligation level and obligation type</p> -</li> -<li> -<p><strong>Schedule</strong>: To schedule tasks such as CVE Search</p> -</li> -<li> -<p><strong>Fosology</strong>: Connection to the Fossology server</p> -</li> -<li> -<p><strong>Import and Export</strong>: Can Import and Export <strong>Component</strong>, <strong>Release</strong> and <strong>License</strong> information</p> -</li> -<li> -<p><strong>Attachment Cleanup</strong>: To cleanup attachment database</p> -</li> -<li> -<p><strong>Database Sanitization</strong>: Helps in searching for duplicate identifiers</p> -</li> -</ul> - - - - - - Docs: How to add a backend portlet to sw360 - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ - - - - <p>This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.</p> -<p>This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:</p> -<ol> -<li>Add methods to the thrift idl definition</li> -<li>Add methods to the data handler interface</li> -<li>Add implementation</li> -<li>Add tests</li> -</ol> -<h4 id="thrift">Thrift</h4> -<p>First we add some methods to the thrift files, components.thrift</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//new Methods to ensure uniqueness of Identifiers -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span></code></pre></div><h4 id="datahandler">Datahandler</h4> -<p>then we install lib-datahandler. That way we see which methods we have to implement. -We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="implementation">Implementation</h4> -<p>The methods there are only a reference to the ComponentDatabaseHandler.java. +<ul> +<li>Release Summary</li> +<li>Linked Releases</li> +<li>Clearing Details</li> +<li>ECC details</li> +<li>Attachments</li> +<li>Vulnerabilities</li> +<li>Change Log</li> +</ul> +</li> +</ol> +<p>For more information on these sections, refer to <a href="#2-releases">2. Releases</a>.</p> +<h4 id="clearing-details"><strong>Clearing Details</strong></h4> +<p>You can view the following clearing information for the release in view mode:</p> +<ul> +<li>SPDX Attachments</li> +<li>Assessment Summary info</li> +</ul> +<p><strong>SPDX Attachments</strong></p> +<p>SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png" alt=""></p> +<ul> +<li>Click on <strong>Show license info</strong> to view main license Ids and Other license ids.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png" alt=""></p> +<ul> +<li>If you want to add this data to the current release, click on <strong>Add data to this release</strong>.</li> +</ul> +<p><strong>Assessment Summary Info</strong></p> +<p>You can view if the clearing expert has added any summary in the clearing report.</p> +<ul> +<li>To view the summary, click on <strong>Show Assessment Summary info</strong>.</li> +<li>If there are multiple approved releases, this section will display text &ldquo;<strong>multiple approved CLI found in release</strong>&rdquo;.</li> +</ul> +<h4 id="vulnerabilities"><strong>Vulnerabilities</strong></h4> +<p>All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png" alt=""></p> +<ol> +<li>Click on <strong>Vulnerability</strong> on the left to view all the linked vulnerabilities for this release/component.</li> +<li>You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.</li> +<li>To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.</li> +</ol> +<h4 id="change-log"><strong>Change Log</strong></h4> +<p>You can see all the changes that are done for the release/component in change log section.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png" alt=""></p> +<ol> +<li>To view all the changes done for the release click on <strong>Change Log</strong>.</li> +<li>You can now view change date, change log id, change type and user.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog1.png" alt=""> to view all the changes done for a change log id.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog2.png" alt=""> to view the moderation request details for a change log id.</li> +</ol> +<h2 id="207-import-spdx-bom">2.07 Import SPDX BOM</h2> +<p>For more information on importing SBOM, refer to <a href="1.ProjectPage.md/#105-import-sbom">1.05 Import SBOM</a>.</p> +<h2 id="208-export-spreadsheet">2.08 Export Spreadsheet</h2> +<p>For more information on exporting spreadsheet, refer to <a href="1.ProjectPage.md/#113-export-spreadsheet">1.13 Export Spreadsheet</a>.</p>Docs: Licenseshttps://www.eclipse.org/sw360/docs/userguide/licenses/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/licenses/ +<h1 id="30-licenses">3.0 Licenses</h1> +<h2 id="31-introduction">3.1 Introduction</h2> +<p>A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.</p> +<p>To open the License page, click on the <strong>License tab</strong> from the main menu bar. You can also add licenses in this page.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/License_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#32-quick-filter">Quick Filter</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#34-add-license">Add License</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="1.%20ProjectPage.pdf">Export Spreadsheet, refer to Project Page</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#33-license-list">License List</a></td> +</tr> +</tbody> +</table> +<h2 id="32-quick-filter">3.2 Quick Filter</h2> +<p>You can use the Quick Filter to search for a License. To search for a particular license, use the type field.</p> +<h2 id="33-license-list">3.3 License List</h2> +<p>On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:</p> +<ul> +<li> +<p><strong>License Shortname</strong>: Short name given for the license.</p> +</li> +<li> +<p><strong>License Fullname</strong>: Full name given for the license.</p> +</li> +<li> +<p><strong>Is checked</strong>: This column indicates if the license is checked or unchecked.</p> +<table> +<thead> +<tr> +<th>Symbol</th> +<th style="text-align:center">Status</th> +<th></th> +</tr> +</thead> +<tbody> +<tr> +<td> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Checked.png"/> +</figure> +</td> +<td style="text-align:center">Checked</td> +<td></td> +</tr> +<tr> +<td> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Unchecked.png"/> +</figure> +</td> +<td style="text-align:center">Unchecked</td> +<td></td> +</tr> +</tbody> +</table> +</li> +<li> +<p><strong>License Type</strong>: Type of the License.</p> +</li> +</ul> +<p><strong>NOTE: CLICK ON <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="34-add-license">3.4 Add License</h2> +<p>To add a new License, click on <strong>Add License</strong> on the license page, which redirects you to another page +where you can add License details.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Create_License.png" alt=""></p> +<ol> +<li>Enter <strong>Full Name</strong> of the license you want to add.</li> +<li>You can select if the license has an OSI (Open Source Initiative) approval. Select the values for <strong>OSI Approved?</strong> from the drop-down list. +<ul> +<li>n/a: Not applicable</li> +<li>Yes</li> +</ul> +</li> +<li>Enter the <strong>License Text</strong>.</li> +<li>Enter <strong>Short Name</strong> for the license.</li> +<li>You can select if the license is an FSF (Free Software Foundation) license. Select the values for <strong>FSF Free/Libre</strong> from the drop-down list. +<ul> +<li>n/a: Not applicable</li> +<li>Yes</li> +</ul> +</li> +<li>Check the box if the license is checked.</li> +<li>Select the <strong>License Type</strong> from the drop-down list.</li> +<li>Click on <strong>Create License</strong> to create a new license</li> +<li>If you do not want to add a license at any point of time, click on <strong>Cancel</strong>.</li> +</ol> +<h2 id="35-view-license">3.5 View License</h2> +<p>To open a view mode for a license:</p> +<ol> +<li> +<p>Search for the License you want to view or navigate from the License list. Click on the License Shortname.</p> +</li> +<li> +<p>You are now in view mode of the license, and you can view all the details of the license like:</p> +<ul> +<li>License Details</li> +<li>License Text</li> +<li>Obligation</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/View_License.png" alt=""></p> +</li> +</ol> +<h2 id="36-edit-license">3.6 Edit License</h2> +<p>The <strong>Edit License</strong> option is used to modify license details for existing licenses. To edit a license, follow the below procedure:</p> +<ol> +<li> +<p>Search for the license you want to view or navigate from the License list. Click on the License Shortname.</p> +</li> +<li> +<p>You are now in view mode of the license, click on <strong>Edit License</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Edit_License.png" alt=""></p> +</li> +<li> +<p>Modify License Details as required. For more information on the fields, refer to <a href="#34-add-license">3.4 Add License</a>.</p> +</li> +<li> +<p>You can also add license obligations in this view. To add License obligations, click on Linked Obligations.</p> +</li> +<li> +<p>Click on <strong>Add Obligation</strong>, a dialogue box will appear with a list of all the obligations that are available in SW360.</p> +</li> +<li> +<p>Use the search field to select the required obligation and click <strong>Add</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png" alt=""></p> +</li> +<li> +<p>To delete an obligation that is already linked, click <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> +</li> +<li> +<p>If you do not want to make changes to the license at any point of time, click on <strong>Cancel</strong>.</p> +</li> +<li> +<p>If you want to delete the license, click on <strong>Delete License</strong>.</p> +</li> +</ol>Docs: Requestshttps://www.eclipse.org/sw360/docs/userguide/requests/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/requests/ +<h1 id="6-requests">6. Requests</h1> +<p>Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:</p> +<ol> +<li>Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page. </br> +<ul> +<li>My Task Assignments: Moderation requests that are pending for your approval.</li> +<li>My Task Submissions: Moderation requests that are created by you.</li> +</ul> +</li> +<li>Clearing Request: For more information on clearing requests, refer to <a href="1.%20ProjectPage.pdf">1.12 Clearing Requests, Project Page</a>.</li> +</ol> +<p>To open the Requests page, click on the <strong>Requests tab</strong> from the main menu.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Request_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#61-moderation-requests">Moderation Requests</a> or <a href="#62-clearing-request">Clearing Requests</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#1-search-moderation-requests">Search Moderation Requests</a> or <a href="#2-search-clearing-requests">Search Clearing Request</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#1-moderation-request-list">Moderation Request List</a> or <a href="#1-clearing-requests-list">Clearing Request List</a></td> +</tr> +</tbody> +</table> +<h2 id="61-moderation-requests">6.1 Moderation Requests</h2> +<h3 id="1-moderation-request-list">1. Moderation Request list</h3> +<p>Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. +Moderation requests are further categorized into two types:</p> +<ul> +<li><strong>Open Moderation Requests</strong>: The moderation requests which are pending for approval. To view the list of open requests, click <strong>Open Moderation Requests</strong>.</li> +<li><strong>Closed Moderation Requests</strong>: The moderation requests which are approved. To view the list of closed requests, click <strong>Closed Moderation Requests</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png" alt=""></p> +<p>The moderation requests are listed with the following information:</p> +<ul> +<li><strong>Date</strong>: Date of the creation of the request.</li> +<li><strong>Type</strong>: The document type for the moderation request created.</li> +<li><strong>Document Name</strong>: Name of the document (Project/Component/Release).</li> +<li><strong>Requesting User</strong>: Email Id of the user who created the moderation request.</li> +<li><strong>Department</strong>: Department of the requesting user.</li> +<li><strong>Moderators</strong>: List of the moderators for that project/component/release.</li> +<li><strong>State</strong>: State (In Progress/Pending/Approved/Rejected) of the moderation request.</li> +<li><strong>Actions</strong></li> +</ul> +<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> +<h3 id="1-search-moderation-requests">1. Search Moderation Requests</h3> +<ol> +<li>Search with <strong>Date</strong> the request was created.</li> +<li>Search the request with the document <strong>Type</strong> and select from the drop-down list. +<ul> +<li>OSS</li> +<li>COTS</li> +<li>Internal</li> +<li>Inner Source</li> +<li>Service</li> +<li>Freeware</li> +<li>Code Snippet</li> +</ul> +</li> +<li>Search the request with <strong>Document Name</strong>.</li> +<li>Search the request with <strong>Requesting User</strong>.</li> +<li>Search the request with <strong>Department</strong>.</li> +<li>Search the request with <strong>State</strong> and select from the drop-down list. +<ul> +<li>Approved</li> +<li>Pending</li> +<li>Rejected</li> +<li>In Progress</li> +</ul> +</li> +</ol> +<h3 id="3-edit-moderation-requests">3. Edit Moderation Requests</h3> +<p>To edit a moderation request, click on <strong>Open Moderation Request / Closed Moderation Request</strong> on the request page.</p> +<ol> +<li> +<p>Search for the request you want to edit or navigate from the request list.</p> +</li> +<li> +<p>Click on the request you want to edit. You will now be redirected to another page with details of the request.</p> +</li> +<li> +<p>You can view the following moderation request information:</p> +<ul> +<li>Requesting user</li> +<li>Submitted on</li> +<li>Comment from the requested user</li> +<li>Status of the request</li> +<li>Moderator assigned</li> +<li>Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png" alt=""></p> +</li> +<li> +<p>Click on <strong>Proposed Changes</strong> to view:</p> +<ul> +<li>Field name the changes are requested for</li> +<li>Current Value of the field</li> +<li>Former Value of the field</li> +<li>Suggested Value for the field</li> +<li>Attachments, if added</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png" alt=""></p> +</li> +<li> +<p>To preview the current document, click on <strong>Current Release/Current Project</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png" alt=""></p> +</li> +<li> +<p>To accept the changes of the moderation request, click on <strong>Accept Request</strong>.</p> +</li> +<li> +<p>To reject changes for the moderation request, click on <strong>Decline Request</strong>.</p> +</li> +<li> +<p>To postpone a moderation request, click on <strong>Postpone request</strong>.</p> +</li> +<li> +<p>If you do not want to be a moderator for this request, click on <strong>Remove Me from Moderators</strong>.</p> +</li> +<li> +<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> +</li> +</ol> +<h2 id="62-clearing-request">6.2 Clearing Request</h2> +<h3 id="1-clearing-requests-list">1. Clearing Requests list</h3> +<p>Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.</p> +<ul> +<li><strong>Open Clearing Requests</strong>: The clearing requests which are pending approval. To view the list of open requests, click <strong>Open Clearing Requests</strong>.</li> +<li><strong>Closed Clearing Requests</strong>: The clearing requests which are approved. To view the list of closed requests, click <strong>Closed Clearing Requests</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png" alt=""></p> +<p>The clearing requests are listed with the following information:</p> +<ul> +<li><strong>Request Id</strong>: Request ID number of the clearing request.</li> +<li><strong>BA/BL Group</strong>:</li> +<li><strong>Project</strong>: Name of the project the clearing request belongs to.</li> +<li><strong>Status</strong>: Status of the clearing request, rejected or closed.</li> +<li><strong>Requesting User</strong>: Username of the user who created the clearing request.</li> +<li><strong>Clearing Team</strong>: Person responsible for the approval of the clearing request.</li> +<li><strong>Created on</strong>: Creation date of the clearing request.</li> +<li><strong>Preferred Clearing Date</strong>: The proposed date of completion of clearing request.</li> +<li><strong>Agreed Clearing Date</strong>: The agreed date of completion for clearing request.</li> +<li><strong>Request Closed on</strong>: The actual date the clearing request is closed.</li> +<li><strong>Clearing Progress</strong> (Only applicable for open clearing requests)</li> +<li><strong>Actions</strong>: Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png" alt=""> to edit the clearing request.</li> +</ul> +<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> +<h3 id="2-search-clearing-requests">2. Search Clearing Requests:</h3> +<ol> +<li>Search the request with <strong>Select date type and range</strong>.</li> +<li>Search the request with <strong>Priority</strong> and select from the drop-down list. +<ul> +<li>Low</li> +<li>Medium</li> +<li>High</li> +<li>Critical</li> +</ul> +</li> +<li>Search the request with <strong>BA BL group</strong>.</li> +<li>Search the request with <strong>Status</strong> and select from the drop-down list. +<ul> +<li>New</li> +<li>Accepted</li> +<li>In Queue</li> +<li>In Progress</li> +<li>Awaiting Response</li> +</ul> +</li> +</ol> +<h3 id="3-edit-clearing-requests">3. Edit Clearing Requests</h3> +<p>To edit a clearing request, click on <strong>Open Clearing Request / Closed Clearing Request</strong> on the request page.</p> +<ol> +<li> +<p>Search for the request you want to edit or navigate from the request list.</p> +</li> +<li> +<p>You can also use <strong>Quick Filter</strong> to search for a request.</p> +</li> +<li> +<p>Click on the request you want to edit, this will redirect you to another page with details of the request.</p> +</li> +<li> +<p>To modify the clearing request, click on <strong>Edit Request</strong>.</p> +</li> +<li> +<p>You can view the following <strong>clearing request information for the project</strong>:</p> +<ul> +<li>Requesting User</li> +<li>Created On</li> +<li>Preferred Clearing Date</li> +<li>Business Area/Line</li> +<li>Requester Comment</li> +<li>Clearing</li> +<li>Request Status: You can modify the request status as required. Select the required value from the drop-down list. +<ul> +<li>New</li> +<li>Accepted</li> +<li>Rejected</li> +<li>In Queue</li> +<li>In Progress</li> +<li>Closed</li> +<li>Awaiting Response</li> +</ul> +</li> +<li>Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. +<ul> +<li>Low: Clearing date is greater than 4 weeks</li> +<li>Medium: Clearing time is less than 2-4 weeks</li> +<li>High: Clearing time is less than 2 weeks</li> +<li>Critical: Clearing time is less than 1 week<br> +<code> NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.</code></li> +</ul> +</li> +<li>Clearing team: Click on the field to select the <strong>Clearing Team</strong> for the request. This opens a dialogue box, search and select the clearing expert and click on <strong>Select Users</strong>.</li> +<li>Agreed Clearing Date: Click on the field to set the clearing date</li> +<li>Last Updated on</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png" alt=""></p> +</li> +<li> +<p>Click on <strong>Clearing request comments</strong> to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click <strong>Add Comment</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png" alt=""></p> +</li> +<li> +<p>After making the changes, click on <strong>Update Request</strong>.</p> +</li> +<li> +<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> +</li> +</ol>Docs: Searchhttps://www.eclipse.org/sw360/docs/userguide/search/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/search/ +<h1 id="7-search">7. Search</h1> +<p>On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Search_Page.png" alt=""></p> +<p>To search for a particular (object), click on Search tab and follow the procedure:</p> +<ol> +<li>Type the <strong>keyword</strong> in the text field.</li> +<li>The checkbox in <strong>Restrict To Type</strong> allows you to further restrict your search to a specific (object), you can choose to restrict the <strong>type</strong> to projects, components, licenses etc.</li> +<li>Click on <strong>Search</strong> to get the search results</li> +<li>Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.</li> +</ol> +<h3 id="wildcards">Wildcards</h3> +<p>The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use &lsquo;?&rsquo; and for multiple character wildcard he can use &lsquo;*&rsquo;. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.</p>Docs: Preferenceshttps://www.eclipse.org/sw360/docs/userguide/preferrences/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/preferrences/ +<h1 id="8-preferences">8. Preferences</h1> +<p>The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. +To open the Preferences page, click on the <strong>Preference</strong> tab from the main menu.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#82-email-notification-preferences">Email Notification Preferences</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#81-sw360-user-information">SW360 User Information</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#83-rest-api-tokens">REST API Token </a></td> +</tr> +</tbody> +</table> +<h2 id="81-sw360-user-information">8.1 SW360 User Information</h2> +<p>On the <strong>SW360 User</strong> section you can view the following information:</p> +<ul> +<li><strong>Name</strong></li> +<li><strong>E-mail</strong></li> +<li><strong>Primary Department</strong></li> +<li><strong>External ID</strong>: This is your organization ID.</li> +<li><strong>Primary Department Role</strong>: This is the role you are assigned in SW360.</li> +<li><strong>Secondary Departments and Roles</strong>: Any other roles which are assigned.</li> +</ul> +<h2 id="82-email-notification-preferences">8.2 Email Notification preferences</h2> +<p>To modify your email notifications, follow the procedure:</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png" alt=""></p> +<ol> +<li>Check the <strong>Enable E-mail notifications</strong> box which activates Email notifications.</li> +<li>Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the <strong>Project</strong> section. This section will display an expanded view of the available roles.</li> +<li>Select the roles that you want to be notified.</li> +<li>You can repeat the above procedure for other sections, i.e., <strong>Component</strong>, <strong>Release</strong>, <strong>Moderation</strong> and, <strong>Clearing</strong>.</li> +<li>Click on <strong>Update Settings</strong> to update the changes done.</li> +</ol> +<h2 id="83-rest-api-tokens">8.3 REST API Tokens</h2> +<p>REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.</p> +<p>You can generate a REST API token for read access, by following the procedure:</p> +<ol> +<li>Enter a token <strong>Name</strong>.</li> +<li>Check the <strong>Authorities</strong> box if you wish to give read access.</li> +<li>Set an <strong>Expiration Date</strong> for the token.</li> +<li>Click on <strong>Generate Token</strong>.</li> +</ol> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png" alt=""></p>Docs: Administrator Menuhttps://www.eclipse.org/sw360/docs/administrationguide/menu/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/menu/ +<p>The <strong>admin menu</strong> consists of the following items:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/admin_menu.png"/> +</figure> +<ul> +<li> +<p><strong>User</strong>: Displays the list of <strong>Liferay Users</strong>. One can also download or upload new users in this section</p> +</li> +<li> +<p><strong>Vendors</strong>: Displays the list of the <strong>Vendors</strong> that can be managed by the admin</p> +</li> +<li> +<p><strong>Bulk License Edit</strong>: List of licenses can be edited together in this section</p> +</li> +<li> +<p><strong>Licenses</strong>: Functions such as Download License Archive, Upload License Archive, Import SPDX Information and Delete License Information can be done in this section</p> +</li> +<li> +<p><strong>Obligations</strong>: To manage different types of Obligations on the basis of obligation level and obligation type</p> +</li> +<li> +<p><strong>Schedule</strong>: To schedule tasks such as CVE Search</p> +</li> +<li> +<p><strong>Fosology</strong>: Connection to the Fossology server</p> +</li> +<li> +<p><strong>Import and Export</strong>: Can Import and Export <strong>Component</strong>, <strong>Release</strong> and <strong>License</strong> information</p> +</li> +<li> +<p><strong>Attachment Cleanup</strong>: To cleanup attachment database</p> +</li> +<li> +<p><strong>Database Sanitization</strong>: Helps in searching for duplicate identifiers</p> +</li> +</ul>Docs: How to add a backend portlet to sw360https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ +<p>This page how to add some operations / service calls on the backend for the portlet writing on the page that covers the front end. Note that this page does not create a new (thrift service), but just explains how to add more operations.</p> +<p>This explanation follows bottom up approach where we first add the backend methods and then call them later in the frontend. Quick summary:</p> +<ol> +<li>Add methods to the thrift idl definition</li> +<li>Add methods to the data handler interface</li> +<li>Add implementation</li> +<li>Add tests</li> +</ol> +<h4 id="thrift">Thrift</h4> +<p>First we add some methods to the thrift files, components.thrift</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//new Methods to ensure uniqueness of Identifiers +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span>map <span style="color:#555">&lt;</span>string<span style="color:#555">,</span> list<span style="color:#555">&lt;</span>string<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span></code></pre></div><h4 id="datahandler">Datahandler</h4> +<p>then we install lib-datahandler. That way we see which methods we have to implement. +We have chosen to change the interface of the ComponentService. That means we need to implement them in the ComponentHandler.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> TException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="implementation">Implementation</h4> +<p>The methods there are only a reference to the ComponentDatabaseHandler.java. In the ComponentHandler we only assert that the input is correct. Since we implement methods without parameters, there is nothing else for us to do. -In the ComponentDatabaseHandler.java we actually do some work and implement the methods</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> componentIdentifierToComponentId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Component component <span style="color:#555">:</span> componentRepository<span style="color:#555">.</span><span style="color:#309">getSummaryForExport</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> componentIdentifierToComponentId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>component<span style="color:#555">),</span> component<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>componentIdentifierToComponentId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> releaseIdentifierToReleaseId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Release release <span style="color:#555">:</span> releaseRepository<span style="color:#555">.</span><span style="color:#309">getReleaseSummary</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> releaseIdentifierToReleaseId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>release<span style="color:#555">),</span> release<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>releaseIdentifierToReleaseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="tests">Tests</h4> -<p>We then write some tests in ComponentDatabaseHandlerTest.java</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Test</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateComponentIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String originalComponentId <span style="color:#555">=</span> <span style="color:#c30">&#34;C3&#34;</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Component tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getComponent</span><span style="color:#555">(</span>originalComponentId<span style="color:#555">,</span> user1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> String newComponentId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addComponent</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newComponentId<span style="color:#555">,</span>originalComponentId<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#99f">@Test</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateReleaseIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> String originalReleaseId <span style="color:#555">=</span> <span style="color:#c30">&#34;R1A&#34;</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Release tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getRelease</span><span style="color:#555">(</span>originalReleaseId<span style="color:#555">,</span> user1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> String newReleaseId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addRelease</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newReleaseId<span style="color:#555">,</span>originalReleaseId<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>Then we install the backend to make our methods available.</p> - - - - - - Docs: How to add a frontend portlet to sw360 - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ - - - - <p>We create a class in</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ -</span></span></code></pre></div><p>called</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>DatabaseSanitation.java -</span></span></code></pre></div><p>Here are some code snippets that are important:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">DatabaseSanitation</span> <span style="color:#069;font-weight:bold">extends</span> Sw360Portlet -</span></span></code></pre></div><p>the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">// Proceed with page rendering -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>This method is used to render different pages, a common pattern would be to have if/else tree like</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//! VIEW and helpers -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span><span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String pageName <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>PAGENAME_EDIT<span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>pageName<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> prepareVendorEdit<span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/vendors/edit.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> prepareStandardView<span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span>sw360<span style="color:#555">/</span>src<span style="color:#555">/</span>frontend<span style="color:#555">/</span>sw360<span style="color:#555">-</span>portlets<span style="color:#555">/</span>src<span style="color:#555">/</span>main<span style="color:#555">/</span>webapp<span style="color:#555">/</span>WEB<span style="color:#555">-</span>INF<span style="color:#555">/</span>portlet<span style="color:#555">.</span><span style="color:#309">xml</span> -</span></span></code></pre></div><p>but more on that later.</p> -<p>The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>@Override -</span></span><span style="display:flex;"><span>public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { -</span></span><span style="display:flex;"><span> String action = request.getParameter(PortalConstants.ACTION); -</span></span><span style="display:flex;"><span> if (PortalConstants.DUPLICATES.equals(action)) { -</span></span><span style="display:flex;"><span> serveDuplicates(request, response); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.</p> -<p>Let&rsquo;s have a look at</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">private</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serveDuplicates</span><span style="color:#555">(</span>ResourceRequest request<span style="color:#555">,</span> ResourceResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> ComponentService<span style="color:#555">.</span><span style="color:#309">Iface</span> componentClient <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeComponentClient</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> duplicateComponents <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> duplicateReleases <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error in component client&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">==</span> <span style="color:#069;font-weight:bold">null</span> <span style="color:#555">||</span> duplicateReleases<span style="color:#555">==</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">FAILURE</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> duplicateReleases<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">SUCCESS</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_RELEASES</span><span style="color:#555">,</span> duplicateReleases<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_COMPONENTS</span><span style="color:#555">,</span> duplicateComponents<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/admin/databaseSanitation/duplicatesAjax.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">,</span> PortletRequest<span style="color:#555">.</span><span style="color:#309">RESOURCE_PHASE</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><p>The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. +In the ComponentDatabaseHandler.java we actually do some work and implement the methods</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateComponents</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> componentIdentifierToComponentId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Component component <span style="color:#555">:</span> componentRepository<span style="color:#555">.</span><span style="color:#309">getSummaryForExport</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> componentIdentifierToComponentId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>component<span style="color:#555">),</span> component<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>componentIdentifierToComponentId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> <span style="color:#c0f">getDuplicateReleases</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ListMultimap<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> String<span style="color:#555">&gt;</span> releaseIdentifierToReleaseId <span style="color:#555">=</span> ArrayListMultimap<span style="color:#555">.</span><span style="color:#309">create</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Release release <span style="color:#555">:</span> releaseRepository<span style="color:#555">.</span><span style="color:#309">getReleaseSummary</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> releaseIdentifierToReleaseId<span style="color:#555">.</span><span style="color:#309">put</span><span style="color:#555">(</span>SW360Utils<span style="color:#555">.</span><span style="color:#309">printName</span><span style="color:#555">(</span>release<span style="color:#555">),</span> release<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> CommonUtils<span style="color:#555">.</span><span style="color:#309">getIdentifierToListOfDuplicates</span><span style="color:#555">(</span>releaseIdentifierToReleaseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="tests">Tests</h4> +<p>We then write some tests in ComponentDatabaseHandlerTest.java</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Test</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateComponentIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String originalComponentId <span style="color:#555">=</span> <span style="color:#c30">&#34;C3&#34;</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Component tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getComponent</span><span style="color:#555">(</span>originalComponentId<span style="color:#555">,</span> user1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> String newComponentId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addComponent</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newComponentId<span style="color:#555">,</span>originalComponentId<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#99f">@Test</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">testDuplicateReleaseIsFound</span><span style="color:#555">()</span> <span style="color:#069;font-weight:bold">throws</span> Exception <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> String originalReleaseId <span style="color:#555">=</span> <span style="color:#c30">&#34;R1A&#34;</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Release tmp <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getRelease</span><span style="color:#555">(</span>originalReleaseId<span style="color:#555">,</span> user1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetId</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> tmp<span style="color:#555">.</span><span style="color:#309">unsetRevision</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> String newReleaseId <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">addRelease</span><span style="color:#555">(</span>tmp<span style="color:#555">,</span> email1<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">size</span><span style="color:#555">(),</span> is<span style="color:#555">(</span><span style="color:#f60">1</span><span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> assertThat<span style="color:#555">(</span>duplicateReleases<span style="color:#555">.</span><span style="color:#309">get</span><span style="color:#555">(</span>printName<span style="color:#555">(</span>tmp<span style="color:#555">)),</span> containsInAnyOrder<span style="color:#555">(</span>newReleaseId<span style="color:#555">,</span>originalReleaseId<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>Then we install the backend to make our methods available.</p>Docs: How to add a frontend portlet to sw360https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ +<p>We create a class in</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/java/com/siemens/sw360/portal/portlets/admin/ +</span></span></code></pre></div><p>called</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>DatabaseSanitation.java +</span></span></code></pre></div><p>Here are some code snippets that are important:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">DatabaseSanitation</span> <span style="color:#069;font-weight:bold">extends</span> Sw360Portlet +</span></span></code></pre></div><p>the base class Sw360Portlet adds some convenience methods to render the most common return values of functions into messages.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">// Proceed with page rendering +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>This method is used to render different pages, a common pattern would be to have if/else tree like</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">//! VIEW and helpers +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"></span><span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">doView</span><span style="color:#555">(</span>RenderRequest request<span style="color:#555">,</span> RenderResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String pageName <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>PAGENAME_EDIT<span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>pageName<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> prepareVendorEdit<span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/vendors/edit.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> prepareStandardView<span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">doView</span><span style="color:#555">(</span>request<span style="color:#555">,</span> response<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>but since we only have one page this is all we need. The jsp that is rendered by super.doView is set in</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span>sw360<span style="color:#555">/</span>src<span style="color:#555">/</span>frontend<span style="color:#555">/</span>sw360<span style="color:#555">-</span>portlets<span style="color:#555">/</span>src<span style="color:#555">/</span>main<span style="color:#555">/</span>webapp<span style="color:#555">/</span>WEB<span style="color:#555">-</span>INF<span style="color:#555">/</span>portlet<span style="color:#555">.</span><span style="color:#309">xml</span> +</span></span></code></pre></div><p>but more on that later.</p> +<p>The next method in DatabaseSanitation handles resource requests, which are responses to AJAX calls:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>@Override +</span></span><span style="display:flex;"><span>public void serveResource(ResourceRequest request, ResourceResponse response) throws IOException, PortletException { +</span></span><span style="display:flex;"><span> String action = request.getParameter(PortalConstants.ACTION); +</span></span><span style="display:flex;"><span> if (PortalConstants.DUPLICATES.equals(action)) { +</span></span><span style="display:flex;"><span> serveDuplicates(request, response); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>similar to the PAGENAME tree, here we have an ACTION if/else block. We only have one action, so this is simple.</p> +<p>Let&rsquo;s have a look at</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">private</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serveDuplicates</span><span style="color:#555">(</span>ResourceRequest request<span style="color:#555">,</span> ResourceResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> PortletException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateComponents<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> Map<span style="color:#555">&lt;</span>String<span style="color:#555">,</span> List<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;&gt;</span> duplicateReleases<span style="color:#555">=</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> ComponentService<span style="color:#555">.</span><span style="color:#309">Iface</span> componentClient <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeComponentClient</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> duplicateComponents <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateComponents</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> duplicateReleases <span style="color:#555">=</span> componentClient<span style="color:#555">.</span><span style="color:#309">getDuplicateReleases</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error in component client&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">==</span> <span style="color:#069;font-weight:bold">null</span> <span style="color:#555">||</span> duplicateReleases<span style="color:#555">==</span><span style="color:#069;font-weight:bold">null</span><span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">FAILURE</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(</span>duplicateComponents<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> duplicateReleases<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span> RequestStatus<span style="color:#555">.</span><span style="color:#309">SUCCESS</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_RELEASES</span><span style="color:#555">,</span> duplicateReleases<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> request<span style="color:#555">.</span><span style="color:#309">setAttribute</span><span style="color:#555">(</span>PortalConstants<span style="color:#555">.</span><span style="color:#309">DUPLICATE_COMPONENTS</span><span style="color:#555">,</span> duplicateComponents<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> include<span style="color:#555">(</span><span style="color:#c30">&#34;/html/admin/databaseSanitation/duplicatesAjax.jsp&#34;</span><span style="color:#555">,</span> request<span style="color:#555">,</span> response<span style="color:#555">,</span> PortletRequest<span style="color:#555">.</span><span style="color:#309">RESOURCE_PHASE</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><p>The member variable thriftClients is inherited from the Sw360Portlet. This is how we talk to the backend. We call the methods that we wrote in the first part of the tutorial. The error handling is reported with renderRequestStatus, also from Sw360Portlet. When we have findings then we report them by rendering a jsp in the RESOURCE_PHASE. -This is then some html that our AJAX function gets as data.</p> -<p>Then we have to register the portlets in some xml files:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet</span> <span style="color:#309">id=</span><span style="color:#c30">&#34;databaseSanitation&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;icon&gt;</span>/icon.png<span style="color:#309;font-weight:bold">&lt;/icon&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;instanceable&gt;</span>false<span style="color:#309;font-weight:bold">&lt;/instanceable&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-css&gt;</span>/css/main.css<span style="color:#309;font-weight:bold">&lt;/header-portlet-css&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/main.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/external/jquery-1.11.1.min.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> -</span></span></code></pre></div><p>Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;display-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/display-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-class&gt;</span> -</span></span><span style="display:flex;"><span> com.siemens.sw360.portal.portlets.admin.DatabaseSanitation -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-class&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;init-param&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;name&gt;</span>view-template<span style="color:#309;font-weight:bold">&lt;/name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;value&gt;</span>/html/admin/databaseSanitation/view.jsp<span style="color:#309;font-weight:bold">&lt;/value&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/init-param&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;expiration-cache&gt;</span>0<span style="color:#309;font-weight:bold">&lt;/expiration-cache&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;supports&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;mime-type&gt;</span>text/html<span style="color:#309;font-weight:bold">&lt;/mime-type&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-mode&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/portlet-mode&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/supports&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-info&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/title&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;short-title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/short-title&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;keywords/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-info&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;security-role-ref&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;role-name&gt;</span>administrator<span style="color:#309;font-weight:bold">&lt;/role-name&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/security-role-ref&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> -</span></span></code></pre></div><p>After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. +This is then some html that our AJAX function gets as data.</p> +<p>Then we have to register the portlets in some xml files:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-display.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet</span> <span style="color:#309">id=</span><span style="color:#c30">&#34;databaseSanitation&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/liferay-portlet.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;icon&gt;</span>/icon.png<span style="color:#309;font-weight:bold">&lt;/icon&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;instanceable&gt;</span>false<span style="color:#309;font-weight:bold">&lt;/instanceable&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-css&gt;</span>/css/main.css<span style="color:#309;font-weight:bold">&lt;/header-portlet-css&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/main.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;header-portlet-javascript&gt;</span>/js/external/jquery-1.11.1.min.js<span style="color:#309;font-weight:bold">&lt;/header-portlet-javascript&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> +</span></span></code></pre></div><p>Note that here it is important to include things like jquery in this way so that on multiple portlet pages there are no namespace conflicts.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/frontend/sw360-portlets/src/main/webapp/WEB-INF/portlet.xml +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span>... +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;portlet&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/portlet-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;display-name&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/display-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-class&gt;</span> +</span></span><span style="display:flex;"><span> com.siemens.sw360.portal.portlets.admin.DatabaseSanitation +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-class&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;init-param&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;name&gt;</span>view-template<span style="color:#309;font-weight:bold">&lt;/name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;value&gt;</span>/html/admin/databaseSanitation/view.jsp<span style="color:#309;font-weight:bold">&lt;/value&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/init-param&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;expiration-cache&gt;</span>0<span style="color:#309;font-weight:bold">&lt;/expiration-cache&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;supports&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;mime-type&gt;</span>text/html<span style="color:#309;font-weight:bold">&lt;/mime-type&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-mode&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/portlet-mode&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/supports&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;portlet-info&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/title&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;short-title&gt;</span>databaseSanitation<span style="color:#309;font-weight:bold">&lt;/short-title&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;keywords/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/portlet-info&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;security-role-ref&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;role-name&gt;</span>administrator<span style="color:#309;font-weight:bold">&lt;/role-name&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/security-role-ref&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/portlet&gt;</span> +</span></span></code></pre></div><p>After these changes we compile the frontend and then we have to add new page to the Layout and add it to the lar file. We sign in as admin, -go to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Admin -&gt; Site administration -</span></span><span style="display:flex;"><span>-&gt; Private Pages -</span></span></code></pre></div><p>To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. +go to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>Admin -&gt; Site administration +</span></span><span style="display:flex;"><span>-&gt; Private Pages +</span></span></code></pre></div><p>To add the portlet to the page, we first change the theme of Private Pages to Classic, then select Add Page. We can drag and drop it under the Admin Page. Then we select the Private Pages under My Sites. We can then go to the page we have just created. On the left side there is a plus sign, which opens a side menu with the available portlets that we can add to our page. Under SW360 we find the portlet DatabaseSanitation and we click add. -Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -&gt; No and we save that. -Then we change the theme of Private Pages back to SW360-Theme.</p> -<p>Now we can change the theme back and export a new lar file as described else where.</p> - - - - - - Docs: API Access - https://www.eclipse.org/sw360/docs/development/restapi/access/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/restapi/access/ - - - - <h2 id="how-to-get-access">How to get Access</h2> -<p>There are the following steps</p> -<ol> -<li> -<p>Open a browser with developer tools</p> -</li> -<li> -<p>Go to -<code>https://&lt;my_sw360_server&gt;/authorization/client-management</code></p> -</li> -<li> -<p>To add a new client, enter the following javascript in the dev tools -console</p> -<pre><code> xmlHttpRequest = new XMLHttpRequest(); - xmlHttpRequest.open('POST', '/authorization/client-management', false); - xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); - xmlHttpRequest.setRequestHeader('Accept', 'application/json'); - xmlHttpRequest.send(JSON.stringify( - { - &quot;description&quot; : &quot;my first test client&quot;, - &quot;authorities&quot; : [ &quot;BASIC&quot; ], - &quot;scope&quot; : [ &quot;READ&quot; ], - &quot;access_token_validity&quot; : 3600, - &quot;refresh_token_validity&quot; : 3600 - } - )); - console.log(xmlHttpRequest.responseText); -</code></pre> -</li> -<li> -<p>To manipulate an existing client, do the same but add the clientid to -the data object</p> -<p><code>&quot;client_id&quot; : &quot;9e358ca832ce4ce99a770c7bd0f8e066&quot;</code><br> +Then we can change the option (The cog symbol on the right) Look and Feel to Show Borders -&gt; No and we save that. +Then we change the theme of Private Pages back to SW360-Theme.</p> +<p>Now we can change the theme back and export a new lar file as described else where.</p>Docs: API Accesshttps://www.eclipse.org/sw360/docs/development/restapi/access/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/restapi/access/ +<h2 id="how-to-get-access">How to get Access</h2> +<p>There are the following steps</p> +<ol> +<li> +<p>Open a browser with developer tools</p> +</li> +<li> +<p>Go to +<code>https://&lt;my_sw360_server&gt;/authorization/client-management</code></p> +</li> +<li> +<p>To add a new client, enter the following javascript in the dev tools +console</p> +<pre><code> xmlHttpRequest = new XMLHttpRequest(); +xmlHttpRequest.open('POST', '/authorization/client-management', false); +xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); +xmlHttpRequest.setRequestHeader('Accept', 'application/json'); +xmlHttpRequest.send(JSON.stringify( +{ +&quot;description&quot; : &quot;my first test client&quot;, +&quot;authorities&quot; : [ &quot;BASIC&quot; ], +&quot;scope&quot; : [ &quot;READ&quot; ], +&quot;access_token_validity&quot; : 3600, +&quot;refresh_token_validity&quot; : 3600 +} +)); +console.log(xmlHttpRequest.responseText); +</code></pre> +</li> +<li> +<p>To manipulate an existing client, do the same but add the clientid to +the data object</p> +<p><code>&quot;client_id&quot; : &quot;9e358ca832ce4ce99a770c7bd0f8e066&quot;</code><br> to remove an existing client, enter the following javascript in the -dev tools console</p> -<pre><code> xmlHttpRequest = new XMLHttpRequest(); - xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); - xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); - xmlHttpRequest.setRequestHeader('Accept', 'application/json'); - xmlHttpRequest.send(); - console.log(xmlHttpRequest.responseText); -</code></pre> -</li> -<li> -<p>You receive the token from such request, which looks like</p> -<pre><code> { - &quot;access_token&quot; : &quot;eyJhbGciOiJSUzI...&quot;, - &quot;token_type&quot; : &quot;bearer&quot;, - &quot;refresh_token&quot; : &quot;eyJhbGciOiJSUzI1...&quot;, - &quot;expires_in&quot; : 599, - &quot;scope&quot; : &quot;READ WRITE&quot;, - &quot;jti&quot; : &quot;42539b0d-...&quot; - } -</code></pre> -</li> -<li> -<p>You can try a request which uses for example the tool curl: -<code>curl -X GET -H &quot;Authorization: Bearer [token]&quot; -H &quot;Content-Type: application/json&quot;</code></p> -</li> -<li> -<p>You can get a new token (you must get a new token) after expiration using client id and secret: -<code>https://&lt;my_sw360_server&gt;/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=[refresh_token]</code></p> -</li> -</ol> -<h2 id="deprecated-method-access-tokens-from-the-sw360-ui">Deprecated Method: Access Tokens from the SW360 UI</h2> -<p>Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.</p> -<p>Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:</p> -<ul> -<li>No interaction with authorization service is necessary.</li> -<li>The token needs to be provided as with the JWT.</li> -</ul> -<p>Please find attached, where to obtain the token:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png"/> -</figure> - -<p>And then find the interface for issuing the tokens:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png"/> -</figure> - -<h3 id="token-into-which-header">Token into which Header?</h3> -<p>If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):</p> -<p><code>Authorization: Token &lt;Token-Value&gt;</code></p> -<p>Previously, when you got the authentication info via the authorization service, it was:</p> -<p><code>Authorization: Bearer &lt;JWT-Value&gt;</code></p> -<h3 id="example-powershell-script">Example: PowerShell Script</h3> -<p>This is an example Thomas Graf has sent around one - might be good to see how this works in general:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#033">$baseUri</span> = <span style="color:#c30">&#34;https://&lt;my_sw360_server&gt;/resource/&#34;</span> -</span></span><span style="display:flex;"><span><span style="color:#033">$uri</span> = <span style="color:#033">$baseUri</span> + <span style="color:#c30">&#34;api/projects&#34;</span> <span style="color:#033">$data</span> = <span style="color:#c30">@&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ &#34;name&#34; : &#34;My 5th Dummy Project&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;Read/write test&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;version&#34;: &#34;1.0&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;tag&#34;: &#34;my tag&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;ownerGroup&#34;: &#34;GROUP&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;projectType&#34;: &#34;PRODUCT&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedProjects&#34;: {}, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedReleases&#34;: {} -</span></span></span><span style="display:flex;"><span><span style="color:#c30">} &#34;@ -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30"> = New-Object &#34;System.Collections.Generic.Dictionary[[String],[String]]&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Content-Type&#39;, &#39;application/hal+json&#39;) -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Authorization&#39;, &#39;Token &#39; + </span><span style="color:#033">$env:SW360StageToken</span><span style="color:#c30">) -</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Accept&#39;, &#39;application/hal+json&#39;) -</span></span></span><span style="display:flex;"><span><span style="color:#c30">Invoke-WebRequest </span><span style="color:#033">$uri</span><span style="color:#c30"> -Method POST -Body </span><span style="color:#033">$data</span><span style="color:#c30"> -Headers </span><span style="color:#033">$headers</span><span style="color:#c30"> -</span></span></span></code></pre></div><h2 id="deprecated-method-authentication-with-username-and-password">Deprecated Method: Authentication with Username and Password</h2> -<h3 id="if-i-am-not-using-token-but-sw360-elsewhere-how-do-i-obtain-tokens">If I am not using token, but SW360 elsewhere: how do I obtain tokens?</h3> -<p>There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span><span style="color:#f60">12345</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k -</span></span></code></pre></div><p>Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.</p> -<p>Second you need to parameterize your request with this token. Pls. see the link at the very top &lsquo;Technical Information&rsquo;: <a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a> for more information.</p> -<h3 id="faq">FAQ</h3> -<ul> -<li> -<p>When I use the JWT approach I used curl to retrieve the token and get</p> -<p>{&ldquo;error&rdquo;:&ldquo;unauthorized&rdquo;,&ldquo;error_description&rdquo;:&ldquo;No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken&rdquo;}</p> -</li> -<li> -<p>Your password seems to be wrong.</p> -<p>Note, that with curl - you have to escape special characters in your password. E.g. password +dev tools console</p> +<pre><code> xmlHttpRequest = new XMLHttpRequest(); +xmlHttpRequest.open('DELETE', '/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066', false); +xmlHttpRequest.setRequestHeader('Content-Type', 'application/json'); +xmlHttpRequest.setRequestHeader('Accept', 'application/json'); +xmlHttpRequest.send(); +console.log(xmlHttpRequest.responseText); +</code></pre> +</li> +<li> +<p>You receive the token from such request, which looks like</p> +<pre><code> { +&quot;access_token&quot; : &quot;eyJhbGciOiJSUzI...&quot;, +&quot;token_type&quot; : &quot;bearer&quot;, +&quot;refresh_token&quot; : &quot;eyJhbGciOiJSUzI1...&quot;, +&quot;expires_in&quot; : 599, +&quot;scope&quot; : &quot;READ WRITE&quot;, +&quot;jti&quot; : &quot;42539b0d-...&quot; +} +</code></pre> +</li> +<li> +<p>You can try a request which uses for example the tool curl: +<code>curl -X GET -H &quot;Authorization: Bearer [token]&quot; -H &quot;Content-Type: application/json&quot;</code></p> +</li> +<li> +<p>You can get a new token (you must get a new token) after expiration using client id and secret: +<code>https://&lt;my_sw360_server&gt;/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=[refresh_token]</code></p> +</li> +</ol> +<h2 id="deprecated-method-access-tokens-from-the-sw360-ui">Deprecated Method: Access Tokens from the SW360 UI</h2> +<p>Recently SW360 has changed, username/password authentication is not possible anymore. So after successful entitlement login, the user is able to obtain a token with limited validity of time.</p> +<p>Our tests have confirmed that, if you have used the JWT authentication workflow, the change means for you:</p> +<ul> +<li>No interaction with authorization service is necessary.</li> +<li>The token needs to be provided as with the JWT.</li> +</ul> +<p>Please find attached, where to obtain the token:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke.png"/> +</figure> +<p>And then find the interface for issuing the tokens:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/SW360RESTfulAPIImages/Preferences-AccessToke1.png"/> +</figure> +<h3 id="token-into-which-header">Token into which Header?</h3> +<p>If you are used to REST clients, you might know that you need some kind of authentication info. Below are the previous and current ways of adding the authentication info to the HTTP header. Now you should add to the header the token value that you can obtain from the sw360 UI (see above):</p> +<p><code>Authorization: Token &lt;Token-Value&gt;</code></p> +<p>Previously, when you got the authentication info via the authorization service, it was:</p> +<p><code>Authorization: Bearer &lt;JWT-Value&gt;</code></p> +<h3 id="example-powershell-script">Example: PowerShell Script</h3> +<p>This is an example Thomas Graf has sent around one - might be good to see how this works in general:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-powershell" data-lang="powershell"><span style="display:flex;"><span><span style="color:#033">$baseUri</span> = <span style="color:#c30">&#34;https://&lt;my_sw360_server&gt;/resource/&#34;</span> +</span></span><span style="display:flex;"><span><span style="color:#033">$uri</span> = <span style="color:#033">$baseUri</span> + <span style="color:#c30">&#34;api/projects&#34;</span> <span style="color:#033">$data</span> = <span style="color:#c30">@&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ &#34;name&#34; : &#34;My 5th Dummy Project&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;Read/write test&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;version&#34;: &#34;1.0&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;tag&#34;: &#34;my tag&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;ownerGroup&#34;: &#34;GROUP&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;projectType&#34;: &#34;PRODUCT&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedProjects&#34;: {}, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;linkedReleases&#34;: {} +</span></span></span><span style="display:flex;"><span><span style="color:#c30">} &#34;@ +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30"> = New-Object &#34;System.Collections.Generic.Dictionary[[String],[String]]&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Content-Type&#39;, &#39;application/hal+json&#39;) +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Authorization&#39;, &#39;Token &#39; + </span><span style="color:#033">$env:SW360StageToken</span><span style="color:#c30">) +</span></span></span><span style="display:flex;"><span><span style="color:#c30"></span><span style="color:#033">$headers</span><span style="color:#c30">.Add(&#39;Accept&#39;, &#39;application/hal+json&#39;) +</span></span></span><span style="display:flex;"><span><span style="color:#c30">Invoke-WebRequest </span><span style="color:#033">$uri</span><span style="color:#c30"> -Method POST -Body </span><span style="color:#033">$data</span><span style="color:#c30"> -Headers </span><span style="color:#033">$headers</span><span style="color:#c30"> +</span></span></span></code></pre></div><h2 id="deprecated-method-authentication-with-username-and-password">Deprecated Method: Authentication with Username and Password</h2> +<h3 id="if-i-am-not-using-token-but-sw360-elsewhere-how-do-i-obtain-tokens">If I am not using token, but SW360 elsewhere: how do I obtain tokens?</h3> +<p>There are two steps you need to do with your client. First, Obtain an authorization token. This can be done by executing on the development instance for example be:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span><span style="color:#f60">12345</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k +</span></span></code></pre></div><p>Of course, for the staging instance, the user must be your user credentials and the trusted client secret looks different.</p> +<p>Second you need to parameterize your request with this token. Pls. see the link at the very top &lsquo;Technical Information&rsquo;: <a href="https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/" title="Rest API">Rest API</a> for more information.</p> +<h3 id="faq">FAQ</h3> +<ul> +<li> +<p>When I use the JWT approach I used curl to retrieve the token and get</p> +<p>{&ldquo;error&rdquo;:&ldquo;unauthorized&rdquo;,&ldquo;error_description&rdquo;:&ldquo;No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken&rdquo;}</p> +</li> +<li> +<p>Your password seems to be wrong.</p> +<p>Note, that with curl - you have to escape special characters in your password. E.g. password 123$abc -results in the following request</p> -</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span>123<span style="color:#c30;font-weight:bold">\$</span>abc <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k -</span></span></code></pre></div> - - - - - Docs: SW360 Development Branches - https://www.eclipse.org/sw360/docs/development/dev-branches/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-branches/ - - - - <h2 id="branches-structure">Branches structure</h2> -<p><code>&lt;github-nickname&gt;/&lt;issue&gt;/&lt;description&gt;</code></p> -<h3 id="examples">Examples:</h3> -<ul> -<li>maierthomas/#1/fix-dowload-bundle</li> -<li>maierthomas/#3/sw360portal-specific-links</li> -</ul> - - - - - - Docs: How to add fields to an existing class - https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ - - - - <p>The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. -We will add the license text to licenses in the thrift file:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-thrift" data-lang="thrift"><span style="display:flex;"><span><span style="color:#f60">13</span>:<span style="color:#bbb"> </span><span style="color:#069;font-weight:bold">optional</span><span style="color:#bbb"> </span><span style="color:#078;font-weight:bold">string</span><span style="color:#bbb"> </span>text;<span style="color:#bbb"> -</span></span></span></code></pre></div><p>To update the text we write a liferay Action in the LicensesPortlet:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#99f">@UsedAsLiferayAction</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">changeText</span><span style="color:#555">(</span>ActionRequest request<span style="color:#555">,</span> ActionResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> PortletException<span style="color:#555">,</span> IOException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> String licenseId <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> String text <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>License<span style="color:#555">.</span><span style="color:#309">_Fields</span><span style="color:#555">.</span><span style="color:#309">TEXT</span><span style="color:#555">.</span><span style="color:#309">name</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(!</span>Strings<span style="color:#555">.</span><span style="color:#309">isNullOrEmpty</span><span style="color:#555">(</span>licenseId<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> User user <span style="color:#555">=</span> UserCacheHolder<span style="color:#555">.</span><span style="color:#309">getUserFromRequest</span><span style="color:#555">(</span>request<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> LicenseService<span style="color:#555">.</span><span style="color:#309">Iface</span> client <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeLicenseClient</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> License license <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">getFromID</span><span style="color:#555">(</span>licenseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> license<span style="color:#555">.</span><span style="color:#309">setText</span><span style="color:#555">(</span>CommonUtils<span style="color:#555">.</span><span style="color:#309">nullToEmptyString</span><span style="color:#555">(</span>text<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> RequestStatus requestStatus <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">updateLicense</span><span style="color:#555">(</span>license<span style="color:#555">,</span> user<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span>requestStatus<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error updating license&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">,</span> licenseId<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">,</span> PAGENAME_DETAIL<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>SELECTED_TAB<span style="color:#555">,</span> <span style="color:#c30">&#34;LicenseText&#34;</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span></code></pre></div><p>To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span>&lt;<span style="color:#309;font-weight:bold">portlet:actionURL</span> <span style="color:#309">var</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeLicenseTextURL&#34;</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeText&#34;</span>&gt; -</span></span><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">portlet:param</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;%=PortalConstants.LICENSE_ID%&gt;&#34;</span> <span style="color:#309">value</span><span style="color:#555">=</span><span style="color:#c30">&#34;${licenseDetail.id}&#34;</span> /&gt; -</span></span><span style="display:flex;"><span>&lt;/<span style="color:#309;font-weight:bold">portlet:actionURL</span>&gt; -</span></span></code></pre></div><p>A good practice to name fields in jsps is to use the thrift field names:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">textarea</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> <span style="color:#309">rows</span><span style="color:#555">=</span><span style="color:#c30">&#34;5&#34;</span> <span style="color:#309">style</span><span style="color:#555">=</span><span style="color:#c30">&#34;width: 100%&#34;</span> <span style="color:#309">id</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309">placeholder</span><span style="color:#555">=</span><span style="color:#c30">&#34;Enter the License-Text here...&#34;</span> -</span></span><span style="display:flex;"><span> &gt;${licenseDetail.text}&lt;/<span style="color:#309;font-weight:bold">textarea</span>&gt; -</span></span></code></pre></div> - - - - - Docs: Component / Release - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ - - - - <h2 id="tc01-add-a-component-and-release-with-vendor-present">TC01: Add a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Component</em> button</td> -<td style="text-align:left">- <em>New Component</em> page is displayed with mandatory fields marked with red star: Name, Categories, Component Type. <br>- A message <em>Success:New Component</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a component <em>Name</em>, <em>Categories</em> and <em>Component Type</em> fields. <br><em>Eg:</em><br>- Name: Component 1@1<br>- Categories: Categories_1@1<br>- Component Type: OSS</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Create Component</em> button</td> -<td style="text-align:left">- Create component successfully. <br>- Redirect to the edit component page.<br>-Show message: <em>Success:You are editing the original document.</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Release</em> button</td> -<td style="text-align:left">Redirect to Add Release page</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> -<td style="text-align:left">Values are entered in the fields:<br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Create Release</em> button</td> -<td style="text-align:left">- Create a release successfully.<br>- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click <em>Add Vendor</em> button</td> -<td style="text-align:left"><em>Create new Vendor</em> dialog display</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Input data in fields<br>- Full Name: add vendor 01<br>-Short Name: add vendor01<br>-URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> -<td style="text-align:left">Values are entered in the fields.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Add Vendor</em> button</td> -<td style="text-align:left">The vendor is added in Vendor field of the release with full name is <em>add vendor 01</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left"><em>Attachments</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click <em>Add Attachment</em> button</td> -<td style="text-align:left"><em>Upload Attachment</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Click <em>Browse</em> and select the attachment.<br>Eg: attachment1.xlsx</td> -<td style="text-align:left">File name is displayed in the dialog</td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the <em>Attachment</em> page</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Change the attachment <em>Type</em> to real type.<br>Eg: Component license information (Combined)</td> -<td style="text-align:left">Type changed successfully</td> -</tr> -<tr> -<td style="text-align:right">18</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Message: <em>Success:Release {name} ({version}) updated successfully!</em> is displayed</td> -</tr> -</tbody> -</table> -<h2 id="tc02-verify-data-after-add-a-component-and-release-with-vendor-present">TC02: Verify data after add a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for the component is created in TC01:<br>- Click <em>Components</em> portlet<br>- At Advanced Search area, input <em>Component 1@1</em> in the <em>Component Name</em> textbox.<br>- Click <em>Search</em> button</td> -<td style="text-align:left">The new component display in the table with:<br>- Vendor: add vendor01<br>- Component Name: <em>Component 1@1</em> is displayed with hyper link.<br>- Main licenses: blank<br>- Component Type: OSS</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click hyper link of name <em>Component 1@1</em></td> -<td style="text-align:left">Redirect to view component <em>Component 1@1</em> page</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">The release display with:<br>- Name: Component 1@1<br>- Version displays with hyper link: version1.0.0.x<br>- Clearing State: New<br>- Clearing Report: no report<br>- Release Mainline State: Open</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click hyper link <em>version1.0.0.x</em></td> -<td style="text-align:left">Redirect to view screen of release <em>Component 1@1 version1.0.0.x</em><br>Data of the release:<br>- Summary tab:<br>+ display text with: COMPONENT 1@1 VERSION1.0.0.X<br>+ CPE ID: UUID_1002<br>+ Created on: date of created.<br>+ Created by: user created.<br>+ Modified On: date of modified.<br>+ Modified By: user modified.<br>+ Clearing State: New<br>+ Release Mainline State: Open<br>+ Release Vendor with:<br>   Full Name: add vendor 01<br>   Short Name: add vendor01<br>   URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left">Display file name <em>attachment1.xlsx</em> in the table.</td> -</tr> -</tbody> -</table> -<h2 id="tc03-modify-a-component-and-release-with-vendor-present">TC03: Modify a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component (e.g. created in TC01: <em>Component 1@1</em>) and click <em>Edit</em> icon</td> -<td style="text-align:left"><em>Success:You are editing the original document</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Releases</em> tab</td> -<td style="text-align:left">Release list is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Release</em> button</td> -<td style="text-align:left">Redirect to Add Release page</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> -<td style="text-align:left">Values are entered in the fields:<br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Create Release</em> button</td> -<td style="text-align:left">- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search</em> button.<br>Select a vendor (eg: select vendor with full name <em>VendorUp</em>) <br>Click <em>Select Vendor</em> button.</td> -<td style="text-align:left">Dialog is closed and selected Vendor is added under <em>Vendor</em> field: VendorUp</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. Eg: attachment2.img<br>Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Message <em>Success:Release Component 1@1 (v1.0.0.1) updated successfully!</em> is displayed</td> -</tr> -</tbody> -</table> -<h2 id="tc04-verify-data-after--modify-a-component-and-release-with-vendor-present">TC04: Verify data after modify a component and release with vendor present</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Continue TC03</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Summary</em> tab</td> -<td style="text-align:left">Data in the tab:<br>- Modified On: date of modified.<br>- Modified By: user modified.<br>Data of other fields in the tab is same data before updated.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">New release with version <em>v1.0.0.1</em> is added in the release table.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>v1.0.0.1</em> hyper link</td> -<td style="text-align:left">Text display with: <em>COMPONENT 1@1 V1.0.0.1</em> at the right corner.<br>- At Summary tab: <br> + CPE ID: cpe:id:123456<br> + Release Vendor: display with Full Name, Short Name and URL correctly with vendor <em>VendorUp</em> <br>- At Attachments tab: attachment <em>attachment2.img</em> display in the attachment table with correct information.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Component 1@1</em> hyper link</td> -<td style="text-align:left">Redirect to view screen of <em>Component 1@1</em> component.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left">Data in the tab is same data before updated.</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Vulnerabilities</em> tab</td> -<td style="text-align:left">Data in the tab is same data before updated.</td> -</tr> -</tbody> -</table> -<h2 id="tc05-add-and-modify-a-component-and-release-with-all-fields-filled-in">TC05: Add and modify a component and release with all fields filled in</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab<br>Click <em>Add Component</em> button<br>Fill in all editable fields<br>Click <em>Create Component</em> button</td> -<td style="text-align:left">- Redirect to edit component screen with the message <em>Success:You are editing the original document.</em> is displayed in the left corner.<br>- Create component successfully. Data match with input data.</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Releases</em> tab.<br>Click <em>Add Releases</em> button.<br>At <em>Summary</em> tab, fill in all editable fields under <em>Release Summary</em> and <em>Release Repository</em>.<br>Click <em>Create Release</em> button.<br></td> -<td style="text-align:left">Redirect to edit release screen.<br>Created release successfully. Data match with input data.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Linked Releases</em> tab<br>Click <em>Click to add Releases</em> button</td> -<td style="text-align:left">The dialog <em>Link Releases</em> is displayed.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Input search name into textbox<br>Click <em>Search</em> button<br>Select 3 releases.<br>Click <em>Link Releases</em> button</td> -<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Linked Packages</em> tab<br>Click <em>Add Packages</em> button</td> -<td style="text-align:left">The dialog <em>Link Packages</em> is displayed.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Input an exist orphan package name into textbox.<br>Click <em>Search</em> button.<br>Select a package.<br>Click <em>Link Packages</em> button.</td> -<td style="text-align:left">Dialog is closed and selected package is displayed under <em>Linked Packages</em> table</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Clearing Details</em> tab<br>Fill in all editable fields</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>ECC Details</em> tab<br>Fill in all editable fields</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. <em>Eg</em>: attachment3.xlsx<br>Click <em>Upload</em> button</td> -<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">- <em>Success:Release {componentName} ({version}) updated successfully!</em> message is displayed.<br>- Redirect to the view release screen.</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Check all fields of the release by click tabs: <em>Summary, Linked Releases, Linked Packages, Clearing Details and Attachments</em>.</td> -<td style="text-align:left">Values are filled in correctly, match with input data.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Edit Release</em> button, modify some fields.<br>Eg: <br>- <em>Version</em> field ( in <em>Summary</em> tab): rename version name_updated<br> - <em>ECC Status</em> field (in <em>ECC Details</em> tab): Approved.<br>Click <em>Update Release</em> button.</td> -<td style="text-align:left">Values are updated successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc06-delete-a-component-that-is-first-linked-to-a-project-and-then-not-and-a-project">TC06: Delete a component that is first linked to a project and then not, and a project</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Create a new component<br><em>Eg:</em> component with name <em>Component @1234</em></td> -<td style="text-align:left">Component is created successfully</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Add a new release to this component<br><em>Eg:</em> release <em>Rel1</em></td> -<td style="text-align:left">Release is added successfully</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Create a new project <em>P1</em></td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Add the linked release <em>Rel1</em> to project <em>P1</em>.</td> -<td style="text-align:left">Release linked successfully</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Components</em> portlet.<br>Search component <em>Component @1234</em> by name at advanced search.</td> -<td style="text-align:left">Component <em>Component @1234</em> display on the result table.</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click delete icon of component <em>Component @1234</em></td> -<td style="text-align:left">A warning <em>The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.</em></td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>OK</em> button in the warning dialog.</td> -<td style="text-align:left">The dialog is closed, component is not deleted</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Components</em> portlet.<br>Search for the component <em>Component @1234</em> and click hyper link of component <em>Component @1234</em>.</td> -<td style="text-align:left">View screen of <em>Component @1234</em> component is display</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Release</em> Overview.<br>Click Delete icon button of release <em>Rel1</em>.<br>Click <em>Delete Release</em> button in the dialog.</td> -<td style="text-align:left">- Dialog <em>Delete Releases</em> is displayed.<br>- Delete the release is failure.<br>- The message: <em>I could not delete the release, since it is used by another component (release) or project</em> display.</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Go to project <em>P1</em>, delete project <em>P1</em>.</td> -<td style="text-align:left">The project is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Go to component <em>Component @1234</em>, at <em>Release Overview</em> tab, click Delete icon button of release <em>Rel1</em>.</td> -<td style="text-align:left">Show message: <em>Do you really want to delete the release {componentName} ({version}) ?</em></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Delete Release</em> button</td> -<td style="text-align:left">Release is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click <em>Edit Component</em> button.<br>Click <em>Delete Component</em> button.</td> -<td style="text-align:left">The dialog is displayed with message: <em>Do you really want to delete the component {componentName} ?</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click <em>Delete Component</em> button</td> -<td style="text-align:left">Component is deleted successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc07-add-new-attachments-to-an-existing-release-and-delete-attachments">TC07: Add new attachments to an existing release and delete attachments</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component (e.g. created in TC01) and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click edit icon in the Action column of release version that needs a new attachment. <em>Eg:</em> release <em>Rel1</em>.</td> -<td style="text-align:left">Edit release <em>Rel1</em> page is displayed.</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select several attachments.<br><em>Eg:</em> 5 attachment files (att1, att2, att3, att4, att5)</td> -<td style="text-align:left">File names are displayed in the dialog</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Delete</em> button near some files not to be added.<br><em>Eg:</em> delete 2 attachment files (att1, att3)</td> -<td style="text-align:left">File names are removed from the list</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Upload</em> button for the remaining files.</td> -<td style="text-align:left">The attached file are listed in the <em>Attachment</em> page: att2, att4, att5</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Change some <em>Attachment type</em> to real type, e.g. <em>source file, clearing report, CLI,&hellip;</em></td> -<td style="text-align:left">Type changed successfully</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Release <em>Ree1</em> is updated correctly.</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Edit Release</em> button</td> -<td style="text-align:left"><em>Success:You are editing the original document.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Attachments</em> tab</td> -<td style="text-align:left"><em>Attachments</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click delete icon to delete an attachment</td> -<td style="text-align:left">Show message: <em>Do you really want to delete attachment {attachmentName}({attachmentId})?</em></td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Click <em>Delete Attachment button</em></td> -<td style="text-align:left">Attachment is deleted successfully, data of attachment is removed from attachment table.</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">Release Ree1 is updated correctly with message <em>Success: Release {componentName}({version}) updated successfully!</em></td> -</tr> -</tbody> -</table> -<h2 id="tc08-duplicate-an-existing-release">TC08: Duplicate an existing release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release with all fields filled in (Eg: created in TC05) and click <em>Release Overview</em></td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Duplicate</em> button under Action column</td> -<td style="text-align:left">The page changes to create duplicate release screen</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Check all fields from copied release</td> -<td style="text-align:left">- <em>Summary</em> tab:<br> + <em>CPE ID</em> field: blank<br> + Remain fields are unchanged (exclude disable fields).<br>- <em>Linked Releases</em> tab: there is no linked release.</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Change the <em>Version</em> field and fill in a <em>CPE ID</em>.<br><em>Eg:</em>  Version: ver_duplicate<br> CPE ID: CPE ID_duplicate<br>Click <em>Create Release</em> button</td> -<td style="text-align:left">- Redirect to edit release screen.<br>- Create duplicate release is success with message: <em>Success:You are editing the original document.</em><br>- Data of duplicate release is correct.</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Modify some other fields.<br><em>Eg:</em> Release Date: 2023-06-12. <br>Click <em>Clearing Details</em> tab</td> -<td style="text-align:left"><em>Clearing Details</em> page is displayed and does not contain any field from copied release</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">The release is updated successfully with data correctly</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click component name link on top of the page</td> -<td style="text-align:left">Summary page for the component is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Release Overview</em> tab</td> -<td style="text-align:left">The new copied release is listed among previous releases</td> -</tr> -</tbody> -</table> -<h2 id="tc09-search-for-and-create-a-new-vendor-for-a-new-release">TC09: Search for and create a new vendor for a new release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> portlet<br>At advanced Search, search for an existing component.<br><em>Eg:</em> input <em>Comp1</em> in the Component Name text box.<br>Click <em>Search</em> button.</td> -<td style="text-align:left">Component <em>Comp1</em> display in the result table.</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click edit icon in Actions column of component <em>Comp1</em>.</td> -<td style="text-align:left">Edit screen of component <em>Comp1</em> is displayed with message: <em>Success:You are editing the original document</em></td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Releases</em> button</td> -<td style="text-align:left">The page changes to <em>New Release Edit</em> page</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br> + Version: @1.0.2<br> + CPE ID: moshiano_002</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Vendor</em> field</td> -<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Add Vendor</em></td> -<td style="text-align:left"><em>Create New Vendor</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Fill in <em>Full name</em>, <em>Short name</em> and <em>URL</em><br><em>Eg:</em><br>Full Name: Fullvendor_0909<br>Short Name: Short_ven090<br>URL: <a href="https://github.com/">https://github.com/</a></td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Add Vendor</em></td> -<td style="text-align:left">Dialog closes and the new vendor is displayed in release <em>Vendor</em> field with full name <em>Fullvendor_0909</em></td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Create Release</em></td> -<td style="text-align:left">Redirect to edit release page with the message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click component name link on top of the page</td> -<td style="text-align:left">Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under <em>Vendors</em> field for the component</td> -</tr> -</tbody> -</table> -<h2 id="tc10-link-a-release-to-the-project-in-view-component-page-and-check-used-by-projects">TC10: Link a release to the project in view component page and check used by projects</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Link Project</em> button under Action column</td> -<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> -<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> -<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Re-open the release at view page and click <em>Summary</em> tab</td> -<td style="text-align:left">Used by project information is updated correspondingly</td> -</tr> -</tbody> -</table> -<h2 id="tc11-link-a-release-to-a-project-in-the-view-release-page">TC11: Link a release to a project in the view release page</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>a release name</em> hyperlink. Eg: release R1</td> -<td style="text-align:left">Redirect to the <em>view release</em> page</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> -<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Link to Project</em> button</td> -<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> -<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> -</tr> -</tbody> -</table> -<h2 id="tc12-import-a-new-component-by-spdxxml-rdf-file">TC12: Import a new component by .spdx/.xml/ .rdf file</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Import SBOM</em> button</td> -<td style="text-align:left">A dialog <em>Upload SBOM</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Choose a <strong><em>.spdx</em></strong> or <strong><em>.xml</em></strong> or <strong><em>.rdf</em></strong> file by clicking on the <em>Browse</em> button or drop/draft a file into the dialog</td> -<td style="text-align:left">The message is displayed in the dialog: <br> <em>The new Component and new Release will be created, do you want to import? <br> New Component: {new component names} <br> New Release: {new release names}</em></td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Import</em> button</td> -<td style="text-align:left">The dialog is closed. New releases and new components are imported successfully</td> -</tr> -</tbody> -</table> -<h2 id="tc13-export-components-without-releases">TC13: Export components without releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components only</em> option</td> -<td style="text-align:left">- A new file with name&rsquo;s format <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded<br>- The content of the downloaded file includes information of all components in the system</td> -</tr> -</tbody> -</table> -<h2 id="tc14-export-components-with-releases">TC14: Export components with releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click <em>Components</em> tab</td> -<td style="text-align:left"><em>Components</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components with releases</em> option</td> -<td style="text-align:left">- New file with name <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded.<br>- The content of the downloaded file includes information of all components and releases in the system</td> -</tr> -</tbody> -</table> -<h2 id="tc15-create-a-clearing-request-for-a-release">TC15: Create a clearing request for a release</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing component with releases and click <em>Release Overview</em> tab</td> -<td style="text-align:left">The list of releases are displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Edit</em> button under <em>Action</em> column. Eg: edit release R1</td> -<td style="text-align:left">Redirect to <em>view release</em> page and the message <em>Success:You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Attachments</em> tab, then add a source file (Eg: .rdf file) with <em>Type</em> is <em>Source file</em></td> -<td style="text-align:left">The data is updated correspondingly</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Update Release</em> button</td> -<td style="text-align:left">The message <em>Success:Release {release name} updated successfully!</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Clearing details</em> tab, then click <em>Fossology Process</em> icon beside <em>Clearing State</em> field and wait for the process to finish</td> -<td style="text-align:left">The message <em>The FOSSology process already finished. You should find the resulting report as attachment at this release.</em> is displayed in the <em>Fossology Process</em> dialog</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Close</em> button in the dialog</td> -<td style="text-align:left">The dialog is closed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Reload this page, then click <em>Attachments</em> tab</td> -<td style="text-align:left">A new file is listed in <em>Attachments</em> page with name&rsquo;s format <em>{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf</em></td> -</tr> -</tbody> -</table> - - - - - - Docs: CouchDB External Documents - https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ - - - - <h2 id="motivation">Motivation</h2> -<p>In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. +results in the following request</p> +</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;trusted-sw360-client:sw360-secret&#39;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>-d <span style="color:#033">grant_type</span><span style="color:#555">=</span>password&amp;<span style="color:#033">username</span><span style="color:#555">=</span>user@sw360.org&amp;<span style="color:#033">password</span><span style="color:#555">=</span>123<span style="color:#c30;font-weight:bold">\$</span>abc <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span>https://&lt;my_sw360_server&gt;/authorization/oauth/token -k +</span></span></code></pre></div>Docs: SW360 Development Brancheshttps://www.eclipse.org/sw360/docs/development/dev-branches/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-branches/ +<h2 id="branches-structure">Branches structure</h2> +<p><code>&lt;github-nickname&gt;/&lt;issue&gt;/&lt;description&gt;</code></p> +<h3 id="examples">Examples:</h3> +<ul> +<li>maierthomas/#1/fix-dowload-bundle</li> +<li>maierthomas/#3/sw360portal-specific-links</li> +</ul>Docs: How to add fields to an existing classhttps://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ +<p>The license portlet is different from the other portlets as there is no Details/Edit page for each element. There is only a combined edit/view page. +We will add the license text to licenses in the thrift file:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-thrift" data-lang="thrift"><span style="display:flex;"><span><span style="color:#f60">13</span>:<span style="color:#bbb"> </span><span style="color:#069;font-weight:bold">optional</span><span style="color:#bbb"> </span><span style="color:#078;font-weight:bold">string</span><span style="color:#bbb"> </span>text;<span style="color:#bbb"> +</span></span></span></code></pre></div><p>To update the text we write a liferay Action in the LicensesPortlet:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#99f">@UsedAsLiferayAction</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">changeText</span><span style="color:#555">(</span>ActionRequest request<span style="color:#555">,</span> ActionResponse response<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> PortletException<span style="color:#555">,</span> IOException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> String licenseId <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> String text <span style="color:#555">=</span> request<span style="color:#555">.</span><span style="color:#309">getParameter</span><span style="color:#555">(</span>License<span style="color:#555">.</span><span style="color:#309">_Fields</span><span style="color:#555">.</span><span style="color:#309">TEXT</span><span style="color:#555">.</span><span style="color:#309">name</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span><span style="color:#555">(!</span>Strings<span style="color:#555">.</span><span style="color:#309">isNullOrEmpty</span><span style="color:#555">(</span>licenseId<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> User user <span style="color:#555">=</span> UserCacheHolder<span style="color:#555">.</span><span style="color:#309">getUserFromRequest</span><span style="color:#555">(</span>request<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> LicenseService<span style="color:#555">.</span><span style="color:#309">Iface</span> client <span style="color:#555">=</span> thriftClients<span style="color:#555">.</span><span style="color:#309">makeLicenseClient</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> License license <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">getFromID</span><span style="color:#555">(</span>licenseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> license<span style="color:#555">.</span><span style="color:#309">setText</span><span style="color:#555">(</span>CommonUtils<span style="color:#555">.</span><span style="color:#309">nullToEmptyString</span><span style="color:#555">(</span>text<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">final</span> RequestStatus requestStatus <span style="color:#555">=</span> client<span style="color:#555">.</span><span style="color:#309">updateLicense</span><span style="color:#555">(</span>license<span style="color:#555">,</span> user<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> renderRequestStatus<span style="color:#555">(</span>request<span style="color:#555">,</span>response<span style="color:#555">,</span>requestStatus<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>TException e<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> log<span style="color:#555">.</span><span style="color:#309">error</span><span style="color:#555">(</span><span style="color:#c30">&#34;Error updating license&#34;</span><span style="color:#555">,</span> e<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>LICENSE_ID<span style="color:#555">,</span> licenseId<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>PAGENAME<span style="color:#555">,</span> PAGENAME_DETAIL<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> response<span style="color:#555">.</span><span style="color:#309">setRenderParameter</span><span style="color:#555">(</span>SELECTED_TAB<span style="color:#555">,</span> <span style="color:#c30">&#34;LicenseText&#34;</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span></code></pre></div><p>To integrate it in the jsp we make the according changes, important to note is the ActionUrl that we define:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span>&lt;<span style="color:#309;font-weight:bold">portlet:actionURL</span> <span style="color:#309">var</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeLicenseTextURL&#34;</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;changeText&#34;</span>&gt; +</span></span><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">portlet:param</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;%=PortalConstants.LICENSE_ID%&gt;&#34;</span> <span style="color:#309">value</span><span style="color:#555">=</span><span style="color:#c30">&#34;${licenseDetail.id}&#34;</span> /&gt; +</span></span><span style="display:flex;"><span>&lt;/<span style="color:#309;font-weight:bold">portlet:actionURL</span>&gt; +</span></span></code></pre></div><p>A good practice to name fields in jsps is to use the thrift field names:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-html" data-lang="html"><span style="display:flex;"><span> &lt;<span style="color:#309;font-weight:bold">textarea</span> <span style="color:#309">name</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> <span style="color:#309">rows</span><span style="color:#555">=</span><span style="color:#c30">&#34;5&#34;</span> <span style="color:#309">style</span><span style="color:#555">=</span><span style="color:#c30">&#34;width: 100%&#34;</span> <span style="color:#309">id</span><span style="color:#555">=</span><span style="color:#c30">&#34;&lt;portlet:namespace/&gt;&lt;%=License._Fields.TEXT%&gt;&#34;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309">placeholder</span><span style="color:#555">=</span><span style="color:#c30">&#34;Enter the License-Text here...&#34;</span> +</span></span><span style="display:flex;"><span> &gt;${licenseDetail.text}&lt;/<span style="color:#309;font-weight:bold">textarea</span>&gt; +</span></span></code></pre></div>Docs: Component / Releasehttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ +<h2 id="tc01-add-a-component-and-release-with-vendor-present">TC01: Add a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Component</em> button</td> +<td style="text-align:left">- <em>New Component</em> page is displayed with mandatory fields marked with red star: Name, Categories, Component Type. <br>- A message <em>Success:New Component</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a component <em>Name</em>, <em>Categories</em> and <em>Component Type</em> fields. <br><em>Eg:</em><br>- Name: Component 1@1<br>- Categories: Categories_1@1<br>- Component Type: OSS</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Create Component</em> button</td> +<td style="text-align:left">- Create component successfully. <br>- Redirect to the edit component page.<br>-Show message: <em>Success:You are editing the original document.</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Release</em> button</td> +<td style="text-align:left">Redirect to Add Release page</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> +<td style="text-align:left">Values are entered in the fields:<br>- Version: version1.0.0.x<br>- CPE ID: UUID_1002</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Create Release</em> button</td> +<td style="text-align:left">- Create a release successfully.<br>- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click <em>Add Vendor</em> button</td> +<td style="text-align:left"><em>Create new Vendor</em> dialog display</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Input data in fields<br>- Full Name: add vendor 01<br>-Short Name: add vendor01<br>-URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> +<td style="text-align:left">Values are entered in the fields.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Add Vendor</em> button</td> +<td style="text-align:left">The vendor is added in Vendor field of the release with full name is <em>add vendor 01</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left"><em>Attachments</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click <em>Add Attachment</em> button</td> +<td style="text-align:left"><em>Upload Attachment</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Click <em>Browse</em> and select the attachment.<br>Eg: attachment1.xlsx</td> +<td style="text-align:left">File name is displayed in the dialog</td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the <em>Attachment</em> page</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Change the attachment <em>Type</em> to real type.<br>Eg: Component license information (Combined)</td> +<td style="text-align:left">Type changed successfully</td> +</tr> +<tr> +<td style="text-align:right">18</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Message: <em>Success:Release {name} ({version}) updated successfully!</em> is displayed</td> +</tr> +</tbody> +</table> +<h2 id="tc02-verify-data-after-add-a-component-and-release-with-vendor-present">TC02: Verify data after add a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for the component is created in TC01:<br>- Click <em>Components</em> portlet<br>- At Advanced Search area, input <em>Component 1@1</em> in the <em>Component Name</em> textbox.<br>- Click <em>Search</em> button</td> +<td style="text-align:left">The new component display in the table with:<br>- Vendor: add vendor01<br>- Component Name: <em>Component 1@1</em> is displayed with hyper link.<br>- Main licenses: blank<br>- Component Type: OSS</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click hyper link of name <em>Component 1@1</em></td> +<td style="text-align:left">Redirect to view component <em>Component 1@1</em> page</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">The release display with:<br>- Name: Component 1@1<br>- Version displays with hyper link: version1.0.0.x<br>- Clearing State: New<br>- Clearing Report: no report<br>- Release Mainline State: Open</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click hyper link <em>version1.0.0.x</em></td> +<td style="text-align:left">Redirect to view screen of release <em>Component 1@1 version1.0.0.x</em><br>Data of the release:<br>- Summary tab:<br>+ display text with: COMPONENT 1@1 VERSION1.0.0.X<br>+ CPE ID: UUID_1002<br>+ Created on: date of created.<br>+ Created by: user created.<br>+ Modified On: date of modified.<br>+ Modified By: user modified.<br>+ Clearing State: New<br>+ Release Mainline State: Open<br>+ Release Vendor with:<br>   Full Name: add vendor 01<br>   Short Name: add vendor01<br>   URL: <a href="https://github.com/eclipse-sw360/sw360">https://github.com/eclipse-sw360/sw360</a></td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left">Display file name <em>attachment1.xlsx</em> in the table.</td> +</tr> +</tbody> +</table> +<h2 id="tc03-modify-a-component-and-release-with-vendor-present">TC03: Modify a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component (e.g. created in TC01: <em>Component 1@1</em>) and click <em>Edit</em> icon</td> +<td style="text-align:left"><em>Success:You are editing the original document</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Releases</em> tab</td> +<td style="text-align:left">Release list is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Release</em> button</td> +<td style="text-align:left">Redirect to Add Release page</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> +<td style="text-align:left">Values are entered in the fields:<br>- Version: v1.0.0.1<br>- CPE ID: cpe:id:123456</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Create Release</em> button</td> +<td style="text-align:left">- Redirect to the edit new release page.<br>- The message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search</em> button.<br>Select a vendor (eg: select vendor with full name <em>VendorUp</em>) <br>Click <em>Select Vendor</em> button.</td> +<td style="text-align:left">Dialog is closed and selected Vendor is added under <em>Vendor</em> field: VendorUp</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. Eg: attachment2.img<br>Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Message <em>Success:Release Component 1@1 (v1.0.0.1) updated successfully!</em> is displayed</td> +</tr> +</tbody> +</table> +<h2 id="tc04-verify-data-after--modify-a-component-and-release-with-vendor-present">TC04: Verify data after modify a component and release with vendor present</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Continue TC03</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Summary</em> tab</td> +<td style="text-align:left">Data in the tab:<br>- Modified On: date of modified.<br>- Modified By: user modified.<br>Data of other fields in the tab is same data before updated.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">New release with version <em>v1.0.0.1</em> is added in the release table.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>v1.0.0.1</em> hyper link</td> +<td style="text-align:left">Text display with: <em>COMPONENT 1@1 V1.0.0.1</em> at the right corner.<br>- At Summary tab: <br> + CPE ID: cpe:id:123456<br> + Release Vendor: display with Full Name, Short Name and URL correctly with vendor <em>VendorUp</em> <br>- At Attachments tab: attachment <em>attachment2.img</em> display in the attachment table with correct information.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Component 1@1</em> hyper link</td> +<td style="text-align:left">Redirect to view screen of <em>Component 1@1</em> component.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left">Data in the tab is same data before updated.</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Vulnerabilities</em> tab</td> +<td style="text-align:left">Data in the tab is same data before updated.</td> +</tr> +</tbody> +</table> +<h2 id="tc05-add-and-modify-a-component-and-release-with-all-fields-filled-in">TC05: Add and modify a component and release with all fields filled in</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab<br>Click <em>Add Component</em> button<br>Fill in all editable fields<br>Click <em>Create Component</em> button</td> +<td style="text-align:left">- Redirect to edit component screen with the message <em>Success:You are editing the original document.</em> is displayed in the left corner.<br>- Create component successfully. Data match with input data.</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Releases</em> tab.<br>Click <em>Add Releases</em> button.<br>At <em>Summary</em> tab, fill in all editable fields under <em>Release Summary</em> and <em>Release Repository</em>.<br>Click <em>Create Release</em> button.<br></td> +<td style="text-align:left">Redirect to edit release screen.<br>Created release successfully. Data match with input data.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Linked Releases</em> tab<br>Click <em>Click to add Releases</em> button</td> +<td style="text-align:left">The dialog <em>Link Releases</em> is displayed.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Input search name into textbox<br>Click <em>Search</em> button<br>Select 3 releases.<br>Click <em>Link Releases</em> button</td> +<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Linked Packages</em> tab<br>Click <em>Add Packages</em> button</td> +<td style="text-align:left">The dialog <em>Link Packages</em> is displayed.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Input an exist orphan package name into textbox.<br>Click <em>Search</em> button.<br>Select a package.<br>Click <em>Link Packages</em> button.</td> +<td style="text-align:left">Dialog is closed and selected package is displayed under <em>Linked Packages</em> table</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Clearing Details</em> tab<br>Fill in all editable fields</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>ECC Details</em> tab<br>Fill in all editable fields</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select the attachment. <em>Eg</em>: attachment3.xlsx<br>Click <em>Upload</em> button</td> +<td style="text-align:left">The file is uploaded and dialog is closed. Also the attached file is listed in the Attachment page</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">- <em>Success:Release {componentName} ({version}) updated successfully!</em> message is displayed.<br>- Redirect to the view release screen.</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Check all fields of the release by click tabs: <em>Summary, Linked Releases, Linked Packages, Clearing Details and Attachments</em>.</td> +<td style="text-align:left">Values are filled in correctly, match with input data.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Edit Release</em> button, modify some fields.<br>Eg: <br>- <em>Version</em> field ( in <em>Summary</em> tab): rename version name_updated<br> - <em>ECC Status</em> field (in <em>ECC Details</em> tab): Approved.<br>Click <em>Update Release</em> button.</td> +<td style="text-align:left">Values are updated successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc06-delete-a-component-that-is-first-linked-to-a-project-and-then-not-and-a-project">TC06: Delete a component that is first linked to a project and then not, and a project</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Create a new component<br><em>Eg:</em> component with name <em>Component @1234</em></td> +<td style="text-align:left">Component is created successfully</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Add a new release to this component<br><em>Eg:</em> release <em>Rel1</em></td> +<td style="text-align:left">Release is added successfully</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Create a new project <em>P1</em></td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Add the linked release <em>Rel1</em> to project <em>P1</em>.</td> +<td style="text-align:left">Release linked successfully</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Components</em> portlet.<br>Search component <em>Component @1234</em> by name at advanced search.</td> +<td style="text-align:left">Component <em>Component @1234</em> display on the result table.</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click delete icon of component <em>Component @1234</em></td> +<td style="text-align:left">A warning <em>The component Component @1234 cannot be deleted, since it contains 1 releases. Please delete the releases first.</em></td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>OK</em> button in the warning dialog.</td> +<td style="text-align:left">The dialog is closed, component is not deleted</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Components</em> portlet.<br>Search for the component <em>Component @1234</em> and click hyper link of component <em>Component @1234</em>.</td> +<td style="text-align:left">View screen of <em>Component @1234</em> component is display</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Release</em> Overview.<br>Click Delete icon button of release <em>Rel1</em>.<br>Click <em>Delete Release</em> button in the dialog.</td> +<td style="text-align:left">- Dialog <em>Delete Releases</em> is displayed.<br>- Delete the release is failure.<br>- The message: <em>I could not delete the release, since it is used by another component (release) or project</em> display.</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Go to project <em>P1</em>, delete project <em>P1</em>.</td> +<td style="text-align:left">The project is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Go to component <em>Component @1234</em>, at <em>Release Overview</em> tab, click Delete icon button of release <em>Rel1</em>.</td> +<td style="text-align:left">Show message: <em>Do you really want to delete the release {componentName} ({version}) ?</em></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Delete Release</em> button</td> +<td style="text-align:left">Release is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click <em>Edit Component</em> button.<br>Click <em>Delete Component</em> button.</td> +<td style="text-align:left">The dialog is displayed with message: <em>Do you really want to delete the component {componentName} ?</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click <em>Delete Component</em> button</td> +<td style="text-align:left">Component is deleted successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc07-add-new-attachments-to-an-existing-release-and-delete-attachments">TC07: Add new attachments to an existing release and delete attachments</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component (e.g. created in TC01) and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click edit icon in the Action column of release version that needs a new attachment. <em>Eg:</em> release <em>Rel1</em>.</td> +<td style="text-align:left">Edit release <em>Rel1</em> page is displayed.</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Attachments</em> tab<br>Click <em>Add Attachment</em> button<br>Click <em>Browse</em> and select several attachments.<br><em>Eg:</em> 5 attachment files (att1, att2, att3, att4, att5)</td> +<td style="text-align:left">File names are displayed in the dialog</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Delete</em> button near some files not to be added.<br><em>Eg:</em> delete 2 attachment files (att1, att3)</td> +<td style="text-align:left">File names are removed from the list</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Upload</em> button for the remaining files.</td> +<td style="text-align:left">The attached file are listed in the <em>Attachment</em> page: att2, att4, att5</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Change some <em>Attachment type</em> to real type, e.g. <em>source file, clearing report, CLI,&hellip;</em></td> +<td style="text-align:left">Type changed successfully</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Release <em>Ree1</em> is updated correctly.</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Edit Release</em> button</td> +<td style="text-align:left"><em>Success:You are editing the original document.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Attachments</em> tab</td> +<td style="text-align:left"><em>Attachments</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click delete icon to delete an attachment</td> +<td style="text-align:left">Show message: <em>Do you really want to delete attachment {attachmentName}({attachmentId})?</em></td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Click <em>Delete Attachment button</em></td> +<td style="text-align:left">Attachment is deleted successfully, data of attachment is removed from attachment table.</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">Release Ree1 is updated correctly with message <em>Success: Release {componentName}({version}) updated successfully!</em></td> +</tr> +</tbody> +</table> +<h2 id="tc08-duplicate-an-existing-release">TC08: Duplicate an existing release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release with all fields filled in (Eg: created in TC05) and click <em>Release Overview</em></td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Duplicate</em> button under Action column</td> +<td style="text-align:left">The page changes to create duplicate release screen</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Check all fields from copied release</td> +<td style="text-align:left">- <em>Summary</em> tab:<br> + <em>CPE ID</em> field: blank<br> + Remain fields are unchanged (exclude disable fields).<br>- <em>Linked Releases</em> tab: there is no linked release.</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Change the <em>Version</em> field and fill in a <em>CPE ID</em>.<br><em>Eg:</em>  Version: ver_duplicate<br> CPE ID: CPE ID_duplicate<br>Click <em>Create Release</em> button</td> +<td style="text-align:left">- Redirect to edit release screen.<br>- Create duplicate release is success with message: <em>Success:You are editing the original document.</em><br>- Data of duplicate release is correct.</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Modify some other fields.<br><em>Eg:</em> Release Date: 2023-06-12. <br>Click <em>Clearing Details</em> tab</td> +<td style="text-align:left"><em>Clearing Details</em> page is displayed and does not contain any field from copied release</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">The release is updated successfully with data correctly</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click component name link on top of the page</td> +<td style="text-align:left">Summary page for the component is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Release Overview</em> tab</td> +<td style="text-align:left">The new copied release is listed among previous releases</td> +</tr> +</tbody> +</table> +<h2 id="tc09-search-for-and-create-a-new-vendor-for-a-new-release">TC09: Search for and create a new vendor for a new release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> portlet<br>At advanced Search, search for an existing component.<br><em>Eg:</em> input <em>Comp1</em> in the Component Name text box.<br>Click <em>Search</em> button.</td> +<td style="text-align:left">Component <em>Comp1</em> display in the result table.</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click edit icon in Actions column of component <em>Comp1</em>.</td> +<td style="text-align:left">Edit screen of component <em>Comp1</em> is displayed with message: <em>Success:You are editing the original document</em></td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Releases</em> tab<br>Click <em>Add Releases</em> button</td> +<td style="text-align:left">The page changes to <em>New Release Edit</em> page</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in a release <em>Version</em> and <em>CPE ID</em><br><em>Eg:</em><br> + Version: @1.0.2<br> + CPE ID: moshiano_002</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Vendor</em> field</td> +<td style="text-align:left"><em>Search Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Add Vendor</em></td> +<td style="text-align:left"><em>Create New Vendor</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Fill in <em>Full name</em>, <em>Short name</em> and <em>URL</em><br><em>Eg:</em><br>Full Name: Fullvendor_0909<br>Short Name: Short_ven090<br>URL: <a href="https://github.com/">https://github.com/</a></td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Add Vendor</em></td> +<td style="text-align:left">Dialog closes and the new vendor is displayed in release <em>Vendor</em> field with full name <em>Fullvendor_0909</em></td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Create Release</em></td> +<td style="text-align:left">Redirect to edit release page with the message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click component name link on top of the page</td> +<td style="text-align:left">Summary page for the component is displayed. The new vendor for the new release, as well as existing vendors from previous releases are listed under <em>Vendors</em> field for the component</td> +</tr> +</tbody> +</table> +<h2 id="tc10-link-a-release-to-the-project-in-view-component-page-and-check-used-by-projects">TC10: Link a release to the project in view component page and check used by projects</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Link Project</em> button under Action column</td> +<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> +<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> +<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Re-open the release at view page and click <em>Summary</em> tab</td> +<td style="text-align:left">Used by project information is updated correspondingly</td> +</tr> +</tbody> +</table> +<h2 id="tc11-link-a-release-to-a-project-in-the-view-release-page">TC11: Link a release to a project in the view release page</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with release and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>a release name</em> hyperlink. Eg: release R1</td> +<td style="text-align:left">Redirect to the <em>view release</em> page</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left">The dialog <em>Link Release to Project</em> is displayed with <em>Link to Project</em> button is disabled</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Search</em> button then choose a project to link</td> +<td style="text-align:left"><em>Link to Project</em> button on the dialog is enabled</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Link to Project</em> button</td> +<td style="text-align:left"><em>The release {component name} ({version}) has been successfully linked to project {project name}</em><br><em>Click <ins>here<ins></em> <em>to edit the release relation as well as the project mainline state in the project.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>here</em> hyperlink in the dialog</td> +<td style="text-align:left">Redirect to the <em>edit project</em> page with the release was linked (displayed on <em>License Clearing</em> page)</td> +</tr> +</tbody> +</table> +<h2 id="tc12-import-a-new-component-by-spdxxml-rdf-file">TC12: Import a new component by .spdx/.xml/ .rdf file</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Import SBOM</em> button</td> +<td style="text-align:left">A dialog <em>Upload SBOM</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Choose a <strong><em>.spdx</em></strong> or <strong><em>.xml</em></strong> or <strong><em>.rdf</em></strong> file by clicking on the <em>Browse</em> button or drop/draft a file into the dialog</td> +<td style="text-align:left">The message is displayed in the dialog: <br> <em>The new Component and new Release will be created, do you want to import? <br> New Component: {new component names} <br> New Release: {new release names}</em></td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Import</em> button</td> +<td style="text-align:left">The dialog is closed. New releases and new components are imported successfully</td> +</tr> +</tbody> +</table> +<h2 id="tc13-export-components-without-releases">TC13: Export components without releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components only</em> option</td> +<td style="text-align:left">- A new file with name&rsquo;s format <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded<br>- The content of the downloaded file includes information of all components in the system</td> +</tr> +</tbody> +</table> +<h2 id="tc14-export-components-with-releases">TC14: Export components with releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click <em>Components</em> tab</td> +<td style="text-align:left"><em>Components</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Export Spreadsheet</em> button and choose <em>Components with releases</em> option</td> +<td style="text-align:left">- New file with name <em>components-{yyyy}-{mm}-{dd}.xlsx</em> is downloaded.<br>- The content of the downloaded file includes information of all components and releases in the system</td> +</tr> +</tbody> +</table> +<h2 id="tc15-create-a-clearing-request-for-a-release">TC15: Create a clearing request for a release</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing component with releases and click <em>Release Overview</em> tab</td> +<td style="text-align:left">The list of releases are displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Edit</em> button under <em>Action</em> column. Eg: edit release R1</td> +<td style="text-align:left">Redirect to <em>view release</em> page and the message <em>Success:You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Attachments</em> tab, then add a source file (Eg: .rdf file) with <em>Type</em> is <em>Source file</em></td> +<td style="text-align:left">The data is updated correspondingly</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Update Release</em> button</td> +<td style="text-align:left">The message <em>Success:Release {release name} updated successfully!</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Clearing details</em> tab, then click <em>Fossology Process</em> icon beside <em>Clearing State</em> field and wait for the process to finish</td> +<td style="text-align:left">The message <em>The FOSSology process already finished. You should find the resulting report as attachment at this release.</em> is displayed in the <em>Fossology Process</em> dialog</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Close</em> button in the dialog</td> +<td style="text-align:left">The dialog is closed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Reload this page, then click <em>Attachments</em> tab</td> +<td style="text-align:left">A new file is listed in <em>Attachments</em> page with name&rsquo;s format <em>{component name}-{version}-{yyyymmdd}-{hhmm}-SPDX.rdf</em></td> +</tr> +</tbody> +</table>Docs: CouchDB External Documentshttps://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ +<h2 id="motivation">Motivation</h2> +<p>In some cases inline documents are not sufficient for storing extended information to a document. This is especially the case if these information might be relevant from outside as well. Projects, components and releases contain attachments. The metadata of these attachments are stored as inline documents inside its parent document (which is the project, component or release). However these attachments may be used by other documents as well, e.g. license info files which are attached to releases are used by projects to generate the overall license information for that project. -In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.</p> -<h2 id="advantages-of-external-documents">Advantages of external documents</h2> -<ul> -<li>single documents with a clear separation to other documents</li> -<li>easy identification</li> -<li>might be loaded and updated standalone</li> -</ul> -<h2 id="advantages-of-internal-documents">Advantages of internal documents</h2> -<ul> -<li>Very fast loading along with the owner</li> -<li>Easy handling since only the owner must be loaded or updated</li> -</ul> -<p>In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.</p> -<h2 id="possible-implementations-for-linked-documents">Possible implementations for linked documents</h2> -<h3 id="special-responsehandler-with-special-views-from-couchdb">Special ResponseHandler with special views from CouchDB</h3> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:star::star: Middle, special views have to be created, fields of data objects has to be annotated.</td> -<td>:star::star::star: Very good, fetching of multiple documents with a single request.</td> -<td>:star: High, since existing code has to be changed</td> -</tr> -</tbody> -</table> -<h4 id="couch-db-theory">Couch-DB theory</h4> -<p>At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>project <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;project&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;Testproject&#34;</span>, -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">:</span> [ -</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span> }, -</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;z2&#34;</span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span><span style="display:flex;"><span>attachment1 <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, -</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;abc1234&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span><span style="display:flex;"><span>attachment2 <span style="color:#555">=</span> { -</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a2&#34;</span>, -</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, -</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;fed9876&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">===</span> <span style="color:#c30">&#34;attachment&#34;</span>) { -</span></span><span style="display:flex;"><span> emit(doc._id, <span style="color:#069;font-weight:bold">null</span>); -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span>(<span style="color:#069;font-weight:bold">var</span> <span style="color:#069;font-weight:bold">in</span> <span style="color:#069;font-weight:bold">in</span> doc.attachments) { -</span></span><span style="display:flex;"><span> emit(doc._id, { _id<span style="color:#555">:</span> doc.attachments[i]._id }); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;total_rows&#34;</span><span style="color:#555">:</span><span style="color:#f60">5</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;offset&#34;</span><span style="color:#555">:</span><span style="color:#f60">0</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;rows&#34;</span><span style="color:#555">:</span>[{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;attachments&#34;</span><span style="color:#555">:</span>[ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;a1&#34;</span>, <span style="color:#c30">&#34;a2&#34;</span> -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;name&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;Testproject&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, { -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a1&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, { -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;value&#34;</span><span style="color:#555">:</span><span style="color:#069;font-weight:bold">null</span>, -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a2&#34;</span>, -</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> ... -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>Note</strong> is will only work if you query the view with <code>include_docs</code> set to <code>true</code>. -<strong>Note</strong> include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:</p> -<ul> -<li>null: if the value is null, the document which is identified by the key is included</li> -<li>{ _id: &ldquo;&hellip;&rdquo; }: the document identified by the given id is included. +In such cases an external document might be the better model. For example the attachment usage can be stored along the metadata without touching the owner document on update.</p> +<h2 id="advantages-of-external-documents">Advantages of external documents</h2> +<ul> +<li>single documents with a clear separation to other documents</li> +<li>easy identification</li> +<li>might be loaded and updated standalone</li> +</ul> +<h2 id="advantages-of-internal-documents">Advantages of internal documents</h2> +<ul> +<li>Very fast loading along with the owner</li> +<li>Easy handling since only the owner must be loaded or updated</li> +</ul> +<p>In any case it is highly dependent on the use case whether external documents are to be favored over internal documents.</p> +<h2 id="possible-implementations-for-linked-documents">Possible implementations for linked documents</h2> +<h3 id="special-responsehandler-with-special-views-from-couchdb">Special ResponseHandler with special views from CouchDB</h3> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:star::star: Middle, special views have to be created, fields of data objects has to be annotated.</td> +<td>:star::star::star: Very good, fetching of multiple documents with a single request.</td> +<td>:star: High, since existing code has to be changed</td> +</tr> +</tbody> +</table> +<h4 id="couch-db-theory">Couch-DB theory</h4> +<p>At the time of writing, support of external (or linked) documents in Couch-DB is limited. Consider the following documents:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>project <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;project&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;Testproject&#34;</span>, +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">:</span> [ +</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span> }, +</span></span><span style="display:flex;"><span> { _id<span style="color:#555">:</span> <span style="color:#c30">&#34;z2&#34;</span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span><span style="display:flex;"><span>attachment1 <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a1&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, +</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;abc1234&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span><span style="display:flex;"><span>attachment2 <span style="color:#555">=</span> { +</span></span><span style="display:flex;"><span> _id<span style="color:#555">:</span> <span style="color:#c30">&#34;a2&#34;</span>, +</span></span><span style="display:flex;"><span> type<span style="color:#555">:</span> <span style="color:#c30">&#34;attachment&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, +</span></span><span style="display:flex;"><span> sha1<span style="color:#555">:</span> <span style="color:#c30">&#34;fed9876&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>Unfortunately there is no way to get the project document with the attachments directly included. With the correct view you are able to retrieve all these documents in a single request:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">===</span> <span style="color:#c30">&#34;attachment&#34;</span>) { +</span></span><span style="display:flex;"><span> emit(doc._id, <span style="color:#069;font-weight:bold">null</span>); +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span>(<span style="color:#069;font-weight:bold">var</span> <span style="color:#069;font-weight:bold">in</span> <span style="color:#069;font-weight:bold">in</span> doc.attachments) { +</span></span><span style="display:flex;"><span> emit(doc._id, { _id<span style="color:#555">:</span> doc.attachments[i]._id }); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>You might see the trick: the project document as well as the attachment documents are indexed with the id of the project. This way you get all three documents when querying the view with the id of the project:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-javascript" data-lang="javascript"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;total_rows&#34;</span><span style="color:#555">:</span><span style="color:#f60">5</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;offset&#34;</span><span style="color:#555">:</span><span style="color:#f60">0</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;rows&#34;</span><span style="color:#555">:</span>[{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;attachments&#34;</span><span style="color:#555">:</span>[ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;a1&#34;</span>, <span style="color:#c30">&#34;a2&#34;</span> +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;name&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;Testproject&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, { +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a1&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;SourceFile&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, { +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;key&#34;</span><span style="color:#555">:</span> <span style="color:#c30">&#34;p1&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;value&#34;</span><span style="color:#555">:</span><span style="color:#069;font-weight:bold">null</span>, +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;doc&#34;</span><span style="color:#555">:</span>{ +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">:</span><span style="color:#c30">&#34;a2&#34;</span>, +</span></span><span style="display:flex;"><span> name<span style="color:#555">:</span> <span style="color:#c30">&#34;LicenseFile&#34;</span>, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> ... +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>Note</strong> is will only work if you query the view with <code>include_docs</code> set to <code>true</code>. +<strong>Note</strong> include_docs will only work at the top level of a value. In other words it will only recognize the following to situations:</p> +<ul> +<li>null: if the value is null, the document which is identified by the key is included</li> +<li>{ _id: &ldquo;&hellip;&rdquo; }: the document identified by the given id is included. To be clear: transitive inclusions will not work! -<strong>Note</strong> See also <a href="https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents">https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents</a>.</li> -</ul> -<h3 id="implementation-with-ektorp">Implementation with Ektorp</h3> -<p><a href="https://github.com/eclipse/sw360/pull/596">https://github.com/eclipse/sw360/pull/596</a> show an implementation to transparently read such results from Couch-DB. It consists of:</p> -<ul> -<li>new methods in the database connector which are aware of loading linked documents</li> -<li>a response handler used for parsing the results when requesting linked documents</li> -<li>two annotation classes to mark fields which contain ids for linked documents -After the branch was merged, the new feature can be used in only three steps. You need:</li> -</ul> -<ol> -<li>A view that loads the &ldquo;main&rdquo; documents along with there linked documents</li> -<li>A special method in your database handler / database repository which calls the new method from the connector</li> -<li>A mixin for your data object which annotates the fields which contain ids to linked documents</li> -</ol> -<h4 id="notes-for-1">Notes for 1.</h4> -<p>Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. -You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.</p> -<h4 id="notes-for-2">Notes for 2.</h4> -<p>You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.</p> -<h4 id="notes-for-3">Notes for 3.</h4> -<p>Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.</p> -<h2 id="usage-with-ektorp">Usage with Ektorp</h2> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:no_entry: does not work</td> -<td>:no_entry:</td> -<td>:no_entry:</td> -</tr> -</tbody> -</table> -<p>Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. -However Ektorp has a linking feature as well: You may annotate fields with the <code>@DocumentReference</code>-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type <code>Set</code> at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the <code>@DocumentReference</code>-annotation to work was not possible with a reasonable effort.</p> -<p>Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.</p> -<h3 id="own-serializerdeserzialer">Own serializer/deserzialer</h3> -<table> -<thead> -<tr> -<th>Easy to use?</th> -<th>Performance?</th> -<th>Effort to use in existing code</th> -</tr> -</thead> -<tbody> -<tr> -<td>:star::star::star: Quite easy, just some Jackson configuration necessary</td> -<td>:star::star: Good, but every type of linked objects needs an additional request</td> -<td>:star::star::star: Low, existing code does not have to be changed</td> -</tr> -</tbody> -</table> -<p>This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. -The following classes are needed:</p> -<ol> -<li>Repository for the new external documents</li> -<li>DatabaseHandler for the new external documents</li> -<li>Mixin-Class to add annotations to the field with external documents</li> -<li>A new mapper factory to properly configure the custom serializer</li> -<li>Custom serializers/deserializer</li> -</ol> -<h4 id="example-for-externalizing-attachments">Example for externalizing attachments</h4> -<h5 id="mixin-class">Mixin-Class</h5> -<p>This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMixin</span> <span style="color:#069;font-weight:bold">extends</span> DatabaseMixIn <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonSerialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetSerializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonDeserialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetDeserializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">setAttachments</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h5 id="mapper-factory">Mapper factory</h5> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMapperFactory</span> <span style="color:#069;font-weight:bold">extends</span> MapperFactory <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentHandlerInstantiator handlerInitiator<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">SplitAttachmentsMapperFactory</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> handlerInitiator <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentHandlerInstantiator<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> ObjectMapper <span style="color:#c0f">createObjectMapper</span><span style="color:#555">()</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> ObjectMapper objectMapper <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">createObjectMapper</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">addMixInAnnotations</span><span style="color:#555">(</span>Project<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">,</span> SplitAttachmentsMixin<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">setHandlerInstantiator</span><span style="color:#555">(</span>handlerInitiator<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> objectMapper<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">static</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentHandlerInstantiator</span> <span style="color:#069;font-weight:bold">extends</span> HandlerInstantiator <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetSerializer attachmentSetSerializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetDeserializer attachmentSetDeserializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentHandlerInstantiator</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachmentSetSerializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetSerializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> attachmentSetDeserializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetDeserializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> JsonDeserializer<span style="color:#555">&lt;?&gt;</span> deserializerInstance<span style="color:#555">(</span>DeserializationConfig config<span style="color:#555">,</span> Annotated annotated<span style="color:#555">,</span> Class<span style="color:#555">&lt;?&gt;</span> deserClass<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>deserClass<span style="color:#555">.</span><span style="color:#309">isInstance</span><span style="color:#555">(</span>attachmentSetDeserializer<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachmentSetDeserializer<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> <span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">...</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h5 id="serializer">Serializer</h5> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetSerializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonSerializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetSerializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serialize</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">,</span> JsonGenerator jsonGenerator<span style="color:#555">,</span> SerializerProvider provider<span style="color:#555">)</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> List<span style="color:#555">&lt;</span>DocumentOperationResult<span style="color:#555">&gt;</span> results <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">bulkCreateOrUpdateAttachments</span><span style="color:#555">(</span>attachments<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>results<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments. Some failed: &#34;</span> <span style="color:#555">+</span> results<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments.&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartArray</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Attachment attachment <span style="color:#555">:</span> attachments<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartObject</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStringField</span><span style="color:#555">(</span><span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">,</span> attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndObject</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndArray</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div><h4 id="deserializer">Deserializer</h4> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetDeserializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonDeserializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetDeserializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> <span style="color:#c0f">deserialize</span><span style="color:#555">(</span>JsonParser jsonParser<span style="color:#555">,</span> DeserializationContext context<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>jsonParser<span style="color:#555">.</span><span style="color:#309">isExpectedStartArrayToken</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span><span style="color:#c30">&#34;Expected array token but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;</span> attachmentIds <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> JsonToken token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">while</span> <span style="color:#555">(!</span>JsonToken<span style="color:#555">.</span><span style="color:#309">END_ARRAY</span><span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>token<span style="color:#555">))</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">switch</span> <span style="color:#555">(</span>token<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">case</span> START_OBJECT<span style="color:#555">:</span> -</span></span><span style="display:flex;"><span> Attachment attachment <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">readValueAs</span><span style="color:#555">(</span>Attachment<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetId</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> <span style="color:#555">!</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetRevision</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachmentIds<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">break</span><span style="color:#555">;</span> -</span></span><span style="display:flex;"><span><span style="color:#99f"> -</span></span></span><span style="display:flex;"><span><span style="color:#99f"> default:</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span> -</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;Unexpected token. Expected object or string but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>attachmentIds<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">addAll</span><span style="color:#555">(</span>handler<span style="color:#555">.</span><span style="color:#309">retrieveAttachments</span><span style="color:#555">(</span>attachmentIds<span style="color:#555">));</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot load attachments (&#34;</span> <span style="color:#555">+</span> attachmentIds <span style="color:#555">+</span> <span style="color:#c30">&#34;)&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachments<span style="color:#555">;</span> -</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span><span style="color:#555">}</span> -</span></span></code></pre></div> - - - - - Docs: Database migration using Costco - https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ - - - - <h3 id="praeamble">Praeamble</h3> -<p>Please note that database migrations are done now in python scripts at</p> -<blockquote> -<p><a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> -</blockquote> -<p>keeping the following page because Costco might be useful for development / testing / quick adaptations.</p> -<h3 id="problem">Problem</h3> -<p>The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.</p> -<h3 id="solution">Solution</h3> -<p>Use costco, an open source project that</p> -<ul> -<li>is a couchapp (right, this implies that you install the couchapp environment)</li> -<li>offers a Web interface as sub path of the couchdb database</li> -<li>allows to iterate through the documents of a database and then apply modifications on a particular document</li> -<li>allows to perform modifications on documents using Java script</li> -</ul> -<p>More information</p> -<ul> -<li>Project website: <a href="https://github.com/harthur/costco">https://github.com/harthur/costco</a></li> -<li>Useful examples: <a href="http://harthur.github.io/costco/">http://harthur.github.io/costco/</a></li> -</ul> -<p>Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document &lsquo;schema&rsquo; (not in the classic sense as there is no schema in couchdb).</p> -<h3 id="troubleshooting">Troubleshooting</h3> -<p>If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a &rsquo;not-so-obvious&rsquo; python error during install of couchapp. The following line could be th dependencies that you might need:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>sudo apt-get install python-dev libxml2-dev libxslt-dev -</span></span></code></pre></div><h3 id="cheat-sheet-installing-costco-inside-an-sw360vagrant-deployment">Cheat Sheet: Installing costco inside an sw360vagrant deployment</h3> -<p>OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ sudo apt-get install python-dev libxml2-dev libxslt-dev -</span></span><span style="display:flex;"><span>$ sudo pip install couchapp -</span></span><span style="display:flex;"><span>$ git clone http://github.com/harthur/costco.git -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> costco -</span></span><span style="display:flex;"><span>$ couchapp push . http://localhost:5984/sw360db -</span></span></code></pre></div><h3 id="examples-in-sw360">Examples in sw360</h3> -<p>The following examples show some costco code from the use with sw360.</p> -<h4 id="renaming-a-key">Renaming a key</h4> -<p>In order to rename a field&rsquo;s key, the following code might be helpful. In the following example, the field&rsquo;s key <code>developement</code> into <code>development</code> (correcting a typo in the datamodel).</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;todo&#39;</span>) { -</span></span><span style="display:flex;"><span> doc.development <span style="color:#555">=</span> doc.developement; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.developement; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h4 id="renaming-a-key-in-a-subdocument">Renaming a key in a subdocument</h4> -<p>Similar thing as above, rename a key from <code>comment</code> to <code>createdcomment</code>, but this time inside a nested list of documents.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> f <span style="color:#555">=</span> <span style="color:#f60">0</span>, len <span style="color:#555">=</span> doc.attachments.length; f <span style="color:#555">&lt;</span> len; f <span style="color:#555">+=</span><span style="color:#f60">1</span> ) { -</span></span><span style="display:flex;"><span> doc.attachments[f].createdComment <span style="color:#555">=</span> doc.attachments[f].comment; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.attachments[f].comment; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h3 id="more-javascript-examples-with-couchdb">More JavaScript Examples with CouchDB</h3> -<p>In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.</p> -<p>The following example searched for attachments of type <code>SOURCE</code> at releases, which do not have the <code>createdBy</code> set:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> ((doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) -</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.attachments)) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> attachment <span style="color:#069;font-weight:bold">in</span> doc.attachments) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (<span style="color:#555">!</span>doc.attachments[attachment].createdBy) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.attachments[attachment].attachmentType<span style="color:#555">==</span> <span style="color:#c30">&#39;SOURCE&#39;</span>) { -</span></span><span style="display:flex;"><span> emit(doc._id, doc.attachments[attachment].filename); -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>The following example looks into date fields, in this case <code>createdOn</code>, and checks if it uses dots (for changing them into dashes).</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>( -</span></span><span style="display:flex;"><span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) -</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.createdOn.indexOf(<span style="color:#c30">&#39;.&#39;</span>) <span style="color:#555">!==</span> <span style="color:#555">-</span><span style="color:#f60">1</span>) -</span></span><span style="display:flex;"><span> ) -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> emit(doc.name, doc) -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div> - - - - - Docs: Definition of Done - https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ - - - - <h3 id="policy">Policy</h3> -<ul> -<li>Review points should involve one person from another angle (not just the person you were sitting together with anyways)</li> -<li>Limit items in review to 5, try to coordinate</li> -<li>Using Github assignments to issues or pull requests</li> -<li>Open review items require conversation</li> -</ul> -<h1 id="definition-of-done">Definition of Done</h1> -<ul> -<li> -<p>File headers in file OK</p> -<ul> -<li>EPL-2.0 license header</li> -<li>Or, if the file is too small, configuration file: license note (see code style)</li> -<li>Copyright and author</li> -</ul> -</li> -<li> -<p>Create Branches for sw360</p> -<ul> -<li>Please use conventional branch names for sw360 <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-branches/">Dev-Branches</a></li> -</ul> -</li> -<li> -<p>Avoid (serious) compiler warnings</p> -<ul> -<li>Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please</li> -<li>Rebase onto current master so that a fast forward merge is possible</li> -<li>That means that merge to master is prepared</li> -</ul> -</li> -<li> -<p>No breaking test</p> -<ul> -<li>Unit testing as it is already present</li> -<li>You have more - use them!</li> -</ul> -</li> -<li> -<p>New test</p> -<ul> -<li>For new / added functionality</li> -</ul> -</li> -<li> -<p>Documentation</p> -<ul> -<li>in the Githuib Wiki-Section, if you have done something new</li> -<li>At least a technical note for newly added functionality</li> -</ul> -</li> -<li> -<p>Commit style</p> -<ul> -<li>try to squash commits. In the ideal case, a feature is contained in one commit.</li> -<li>try to use conventional changelog for commit messages. <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-semantic-commits/">Dev-Semantic-Commits</a></li> -</ul> -</li> -</ul> -<h1 id="review">Review</h1> -<p>Review basically checks for the D-o-D items, in particular</p> -<ul> -<li>Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful</li> -<li>Design / architecture issues</li> -<li>Community contribution suitability</li> -<li>Issue coverage (does it actually solve the problem?)</li> -<li>Add to commit message of merge commit explicitly:</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>review-by:email@domain.com -</span></span></code></pre></div><p>and</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>tested-by:email@domain.com -</span></span></code></pre></div><h1 id="licensing-and-file-header">Licensing and File Header</h1> -<p>All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.</p> -<p>If a file has relevant functionality, note that we should move to Eclipse 2.0</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Java" data-lang="Java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">/* -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright COPYRIGHT HOLDER, 2017. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright NEXT COPYRIGHT HOLDER, 2017. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Part of the SW360 Portal Project. -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * SPDX-License-Identifier: EPL-1.0 -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * All rights reserved. This program and the accompanying materials -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * are made available under the terms of the Eclipse Public License v1.0 -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * which accompanies this distribution, and is available at -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * http://www.eclipse.org/legal/epl-v10.html -</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> */</span> -</span></span></code></pre></div><p>(please adapt comment characters usage)</p> -<p>For small files such as property files, configuration files or standard XML files:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Copyright &lt;COPYRIGHT_HOLDER&gt;, &lt;YEAR&gt;. Part of the SW360 Portal Project.</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">#</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># All rights reserved. This configuration file is provided to you under the</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># terms and conditions of the Eclipse Distribution License v1.0 which</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># accompanies this distribution, and is available at</span> -</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># http://www.eclipse.org/org/documents/edl-v10.php</span> -</span></span></code></pre></div><h1 id="code-style">Code style</h1> -<p>Just use the standard Java formatting rules of your IDE and <strong>do not reformat</strong> code from others, because you like to correct formatting of other&rsquo;s code.</p> - - - - - - Docs: Filtering in Portlets - https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ - - - - <p>For the filters that are shown for components and listings, there are some options:</p> -<ol> -<li> -<p>The <strong>Keyword search</strong> works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.</p> -</li> -<li> -<p>The <strong>filters</strong> actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, <code>ProjectPortlet</code> calls the thrift service <code>refineSearch()</code>, which is handled in <code>ProjectHandler</code>. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in <code>ProjectSearchHandler.java</code>. This is called with the <code>LuceneAwareDatabaseConnector.java</code>. After filtering, the visibility constraints for the requesting user are applied.</p> -</li> -<li> -<p>Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).</p> -</li> -</ol> - - - - - - Docs: Fossology Integration - https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ - - - - <p>Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.</p> -<p>The commands that are executed are the bash scripts found inside <code>src-fossology/src/main/resources/scripts/</code>, they are copied into the home directory of the ssh user (either manually or through the admin portlet). -See <a href="Fossology-Setup">Setup of connection with Fossology</a> for configuration details.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>\- src-fossology/src/main/resources/ -</span></span><span style="display:flex;"><span> \- scripts/ -</span></span><span style="display:flex;"><span> |- duplicateUpload -</span></span><span style="display:flex;"><span> |- folderManager -</span></span><span style="display:flex;"><span> |- getStatusOfUpload -</span></span><span style="display:flex;"><span> |- uploadFromSW360 -</span></span><span style="display:flex;"><span> \- utilsSW360 -</span></span></code></pre></div><p>These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as <code>cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...</code>).</p> -<ul> -<li><code>utilsSW360</code> contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes</li> -<li><code>folderManager</code> (uses FO:<code>fo_folder</code>): get information about the folder structure of FOSSology to allow sharing of uploads between groups</li> -<li><code>getStatusOfUpload</code> (uses FO:<code>fossupload_status</code>): to get the clearing status given an uploadId and a group</li> -<li><code>uploadFromSW360</code> (uses FO:<code>cp2foss fossjobs</code>): to create a new upload from the standard input and schedule scanners</li> -<li><code>duplicateUpload</code> (uses FO:<code>fo_chmod</code> SW:<code>folderManager</code>): to make a previously uploaded file available for another group</li> -</ul> -<h3 id="java-libraries-and-settings">Java libraries and settings</h3> -<p>The java code utilizes the package <code>com.jcraft.jsch</code> to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.</p> -<h3 id="conventions">Conventions</h3> -<p>the sw360 user in FOSSology (the actual name is configured in <code>utilsSW360</code>) <strong>must be a member of every group</strong> to which it should be able to send Releases to be cleared. -File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).</p> -<h3 id="datamodel-and-thrift-service">Datamodel and thrift service</h3> -<ul> -<li> -<p>each Release object in SW360 can have only one attachment of type SOURCE.</p> -</li> -<li> -<p>when a Release is sent <em>for the first time</em> to FOSSology through the Thrift method <code>sendToFossology(1: string releaseId, 2: string clearingTeam )</code> its SOURCE attachement is sent as stdin to the script <code>uploadFromSW360</code>.</p> -<p>The field <code>map&lt;string, FossologyStatus&gt; clearingTeamToFossologyStatus</code> is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).</p> -</li> -<li> -<p>when the same Release is <em>sent again for another team</em> a new <em>link</em> in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:<code>fo_chmod</code>).</p> -<p>At the moment this gives access only to the files, not to the relative clearing decision. -In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]</p> -</li> -<li> -<p>when the current status is requested using the Thrift method <code>Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )</code> the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam</p> -</li> -</ul> -<h3 id="notes">Notes</h3> -<ul> -<li>Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.</li> -<li>Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.</li> -</ul> - - - - - - Docs: Licenses - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ - - - - <h2 id="create-edit-and-delete-license">Create, edit and delete license</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Licenses</em> tab</td> -<td style="text-align:left"><em>Licenses</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Add License</em></td> -<td style="text-align:left"><em>New License</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill in <em>Fullname</em> and <em>Shortname</em> fields and press <em>Add License</em></td> -<td style="text-align:left"><em>License added successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Write the license or part of newly created license name in <em>Keyword Search</em> field</td> -<td style="text-align:left">License is filtered successfully</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click on license name and then on <em>Edit License Details and Text</em></td> -<td style="text-align:left">License page is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Modify some fields and click <em>Update License</em></td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Check all fields on <em>Details</em> and <em>Text</em> pages</td> -<td style="text-align:left">Values are filled in correctly</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click on <em>Edit License Details and Text</em></td> -<td style="text-align:left">License page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click o <em>Delete</em> license name</td> -<td style="text-align:left"><em>License removed successfully!</em> message is displayed</td> -</tr> -</tbody> -</table> -<h2 id="edit-license-todos-and-obligations">Edit license TODOs and Obligations</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on previously created license name</td> -<td style="text-align:left"><em>License Details</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Add a Todo</em></td> -<td style="text-align:left">Todo page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Enter a Todo text (e.g. &ldquo;First todo text&rdquo;), click <em>Applies to development</em>, and click <em>Submit</em></td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>TODOs and Obligations</em></td> -<td style="text-align:left">The previously entered Todo is listed on the page with <em>No obligations</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click on <em>Add a Todo</em></td> -<td style="text-align:left">Todo page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Enter a Todo text (e.g. &ldquo;Second todo text&rdquo;), click on some Obligations and click Submit</td> -<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click TODOs and Obligations</td> -<td style="text-align:left">The previously entered Todo is listed on the page together with chosen obligations</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click on <em>Edit WhiteList</em>, deselect first Todo and click <em>Submit</em></td> -<td style="text-align:left">The deselected Todo is not displayed anymore on <em>TODOs and Obligations</em> page</td> -</tr> -</tbody> -</table> -<h2 id="check-export-licenses">Check Export Licenses</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Licenses</em> tab</td> -<td style="text-align:left"><em>Licenses</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click on <em>Export Licenses</em></td> -<td style="text-align:left">A dialog for opening <em>Licenses.xlsx</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Open the xlsx file and compare the number of rows with total number of entries from <em>Licenses</em> tab</td> -<td style="text-align:left">All licenses names are exported successfully.</td> -</tr> -</tbody> -</table> - - - - - - Docs: Liferay Friendly - https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ - - - - <p>The normal generated portlet URLs containing a set of internal Liferay request parameters. <br> -These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.</p> -<p>General Liferay portlet URL: <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&amp;p_p_lifecycle=1&amp;p_p_state=normal&amp;p_p_mode=view&amp;p_p_col_id=column-1&amp;p_p_col_count=1&amp;_example_WAR_ExamplePortlet_javax.portlet.action=new -</span></span></code></pre></div><p>Explanation of the Liferay request parameters: <br> -<strong>p_p_id:</strong> The portlet ID (example_WAR_ExamplePortlet)<br> -<strong>p_p_state:</strong> Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize) <br> -<strong>p_p_mode</strong>: Mode of the portlet look like - (view) (edit) (help) <br> -<strong>p_p_lifecycle:</strong> This is life cycle of portlet - 0 (render) 1 (action) 2 (server) <br> -<strong>p_p_col_id:</strong> The reference ID of the column in Liferay template <br> -<strong>p_p_col_pos:</strong> Specifiy the column position if the the layout having more than one columns <br> -<strong>p_p_col_count:</strong> Shows the no of columns in the current layout</p> -<h3 id="friendly-url-mapper-configuration">Friendly URL Mapper configuration</h3> -<p>Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature. <br> <br> -How to configure the friendly URL Mapper in Liferay? <br> <br> -<strong>Configuration of URL routes in XML files</strong> <br></p> -<p><em>CREATE example-friendly-url-routes.xml</em> <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#099">&lt;?xml version=&#34;1.0&#34;?&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#099">&lt;!DOCTYPE routes PUBLIC &#34;-//Liferay//DTD Friendly URL Routes 6.2.2//EN&#34; -</span></span></span><span style="display:flex;"><span><span style="color:#099">&#34;http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd&#34;&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;routes&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;route&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;pattern&gt;</span>/action/{actionName}<span style="color:#309;font-weight:bold">&lt;/pattern&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;generated-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;javax.portlet.action&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>{actionName}<span style="color:#309;font-weight:bold">&lt;/generated-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_auth&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_id&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_lifecycle&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>1<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_state&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>normal<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_mode&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/route&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/routes&gt;</span> -</span></span></code></pre></div><p>Explanation of the Liferay Friendly Mapper route parameters: <br> -<strong>routes:</strong> Routes element which contains all route entries <br> -<strong>route:</strong> Single route element entry <br> -<strong>pattern:</strong> Pattern of the mapped friendly URL (visible in address bar) <br> -<strong>generated-parameter:</strong> These parameters will be generated from parameters in the request URL <br> -<strong>ignored-parameter:</strong> These parameters will be igored and not included in generated URLs <br> -<strong>implicit-parameter:</strong> Used for static attributes which can be ignored by recognition <br> -<strong>overridden-parameter:</strong> Parameter that should be set to a certain value when a URL is recognized <br> -<br> -It is necessary to order the parameters as described above. <br> -These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay. <br> -<br> -<strong>Configuration of friendly URL Java class</strong> <br> -<br> -<em>MODIFY liferay-portlet.xml</em> -<br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapper-class&gt;</span>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapper-class&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapping&gt;</span>example<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapping&gt;</span> -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-routes&gt;</span>com/.../example-friendly-url-routes.xml<span style="color:#309;font-weight:bold">&lt;/friendly-url-routes&gt;</span> -</span></span></code></pre></div><br> -In the next step we need one java implementation class to generate the Liferay friendly URLs. <br> -<p>Liferay provides the <em>DefaultFriendlyURLMapper</em> class to create the URLs based on our rules. <br></p> -<p>The Liferay Friendly URL Mapper configuration is placed after <code>&lt;icon/&gt;</code> and before <code>&lt;instanceable&gt;</code> -tag.</p> -<h3 id="friendly-url-mapper-outcome">Friendly URL Mapper outcome</h3> -<p><strong>Liferay will generate the following friendly URL</strong> <br></p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples/-/example/action/new -</span></span></code></pre></div><br> -<ol> -<li>The liferay framework will add &ldquo;-&rdquo; (dash)</li> -<li>Friendly URL mapper name which is configured in <code>&lt;friendly-url-mapping&gt;</code> (liferay-portlet.xml) element</li> -<li>Pattern name with generated parameters which is same as in <code>&lt;pattern&gt;</code> (example-friendly-url-routes.xml) defined.</li> -</ol> -<h3 id="additional">Additional</h3> -<p>Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript. <br> -It is helpful to generate <code>&lt;portlet:renderURL&gt;</code> placeholder and replace them by using dummy values.</p> - - - - - - Docs: Moderation - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ - - - - <h2 id="accept-moderation-request-for-visible-projects-by-other-users">Accept moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Open first browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile1&rdquo; -no-remote&rdquo;) and sign in with a known <em>First</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Open a second browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile2&rdquo; -no-remote&rdquo;) and sign in with a known <em>Second</em> user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Create a new project visible for <em>Second</em> user (e.g. <em>Me and Moderators</em>, <em>Group and Moderators</em>, <em>Everyone</em>)</td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Search for the above created project and click <em>Edit</em></td> -<td style="text-align:left"><em>You will create a moderation request if you update.</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Edit Description field or other fields and click <em>Update Project</em></td> -<td style="text-align:left"><em>Moderation request was sent to update the Project name!</em> message is displayed.</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">The above project that needs moderation is displayed with status <em>PENDING</em></td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click on <em>Moderation</em> page</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Click on moderation request</td> -<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Accept Request</em></td> -<td style="text-align:left"><em>You have accepted the previous moderation request.</em> message is displayed, and State changes to <em>Approved</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>APPROVED</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>APPROVED</em></td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> -<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Check the moderation requested changes</td> -<td style="text-align:left">Changes are visible in the corresponding fields</td> -</tr> -</tbody> -</table> -<h2 id="decline-moderation-request-for-visible-projects-by-other-users">Decline moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-11</td> -<td style="text-align:left">Same as in TC01</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Decline Request</em></td> -<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>REJECTED</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> -<td style="text-align:left">Status is <em>REJECTED</em></td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> -<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Check the moderation requested changes</td> -<td style="text-align:left">Changes are not visible in the corresponding fields</td> -</tr> -</tbody> -</table> -<h2 id="remove-me-from-moderators-for-moderation-request-for-visible-projects-by-other-users">Remove Me from Moderators for moderation request, for visible projects by other users</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-11</td> -<td style="text-align:left">Same as in TC01</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> -<td style="text-align:left"><em>You are the last moderator for this request - you are not allowed to unsubscribe.</em> message is displayed (assuming only <em>First</em> user was listed under <em>Moderators</em> column in step 10)</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Click on <em>Decline Request</em></td> -<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Edit the project and add a new moderator (e.g. <em>Third</em> user) under <em>Moderators</em> field</td> -<td style="text-align:left">Project updated successfully.</td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Activate <em>Second</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">16</td> -<td style="text-align:left">Edit the project and create a new moderation request</td> -<td style="text-align:left">Moderation request was sent</td> -</tr> -<tr> -<td style="text-align:right">17</td> -<td style="text-align:left">Activate <em>First</em> browser instance</td> -<td style="text-align:left">Instance is active</td> -</tr> -<tr> -<td style="text-align:right">18</td> -<td style="text-align:left">Click on <em>Moderation</em> page</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -<tr> -<td style="text-align:right">19</td> -<td style="text-align:left">Click on moderation request</td> -<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> -</tr> -<tr> -<td style="text-align:right">20</td> -<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> -<td style="text-align:left"><em>You are removed from the list of moderators for the previous moderation request. You have no open Requests.</em> message is displayed. Also the document is deleted from moderation list.</td> -</tr> -<tr> -<td style="text-align:right">21</td> -<td style="text-align:left">Login with the <em>Third</em> user and check the <em>Moderation</em> tab</td> -<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> -</tr> -</tbody> -</table> - - - - - - Docs: Moderation Requests - https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ - - - - <p>The concept of moderation is good for two things:</p> -<ul> -<li>to cope with a large number of potential edits on documents.</li> -<li>to allow every user to propose edits.</li> -</ul> -<p>Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.</p> -<h2 id="application-flow">Application Flow</h2> -<p>A user changes a moderated document, which are component, release, project and todo&rsquo;s of licenses (and the white list):</p> -<ul> -<li> -<p>The user switches in edit mode and applies a change.</p> -</li> -<li> -<p>The user submits the change by clicking &ldquo;Update &hellip;&rdquo;</p> -</li> -<li> -<p>The application checks, if the permissions are sufficient</p> -</li> -<li> -<p>For sufficient permissions, see here: <a href="https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model">https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model</a></p> -</li> -<li> -<p>If the permissions do not allow the edit right away, a moderation request is created.</p> -</li> -<li> -<p>Moderators can see the moderation request in the moderation portlet</p> -</li> -<li> -<p>Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators</p> -</li> -</ul> -<h2 id="technical-description">Technical Description</h2> -<h3 id="checking-document-permissions">Checking Document Permissions</h3> -<p>If a moderation requests needs to be created, because the user does not have sufficient permissions:</p> -<ul> -<li>The request goes through the stack, for example: project portlet, project handler, project database handler.</li> -<li>Then the project database handler checks for permissions using <code>makePermission()</code> (<code>DocumentPermission</code> is the base class, then <code>ProjectPermissions</code> is the referring here for projects) and <code>isActionAllowed()</code>.</li> -<li>For moderation requests, we assume that this action is not allowed. Then, the <code>ProjectModerator</code> is called (see package <code>...sw360.datahandler.entitlement</code>).</li> -<li>This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.</li> -</ul> -<p>Every moderation request is created using the thrift-based API.</p> -<h3 id="writing-a-moderation-request-to-the-database">Writing a Moderation Request to the Database</h3> -<p>The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:</p> -<ul> -<li>The requests arrives in the <code>ModerationDatabaseHandler</code>.</li> -<li>This handler writes the request to the database.</li> -</ul> -<h3 id="creation-details-in-the-service">Creation Details in the Service</h3> -<p>The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.</p> -<p>Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the <code>ModerationDatabaseHandler</code> class. At the same location the check for deletion is performed.</p> -<h3 id="what-is-in-the-database">What is in the Database?</h3> -<p>The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.</p> -<p>The following screen shot shows an example for a moderation request for a project.</p> -<p><img src="https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png" alt="Example Moderation Request in Database"></p> -<h3 id="evaluating-the-moderation-request">Evaluating the Moderation Request</h3> -<p>On the moderation portlet all moderations will be shown, for which the user is a moderator. +<strong>Note</strong> See also <a href="https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents">https://wiki.apache.org/couchdb/Introduction_to_CouchDB_views#Linked_documents</a>.</li> +</ul> +<h3 id="implementation-with-ektorp">Implementation with Ektorp</h3> +<p><a href="https://github.com/eclipse/sw360/pull/596">https://github.com/eclipse/sw360/pull/596</a> show an implementation to transparently read such results from Couch-DB. It consists of:</p> +<ul> +<li>new methods in the database connector which are aware of loading linked documents</li> +<li>a response handler used for parsing the results when requesting linked documents</li> +<li>two annotation classes to mark fields which contain ids for linked documents +After the branch was merged, the new feature can be used in only three steps. You need:</li> +</ul> +<ol> +<li>A view that loads the &ldquo;main&rdquo; documents along with there linked documents</li> +<li>A special method in your database handler / database repository which calls the new method from the connector</li> +<li>A mixin for your data object which annotates the fields which contain ids to linked documents</li> +</ol> +<h4 id="notes-for-1">Notes for 1.</h4> +<p>Have a look at mapping function above in the theory section. Of course you may add more than one type of linked documents, e.g. not only attachments but releases as well. +You may also emit whole objects instead of ids only. This way Couch-DB does not have to lookup each entry. However including ids over objects is an own topic.</p> +<h4 id="notes-for-2">Notes for 2.</h4> +<p>You should write methods in your repository as well as in your database handler that uses the new methods from the database connector.</p> +<h4 id="notes-for-3">Notes for 3.</h4> +<p>Be sure that the used object mapper in your database handler is aware of the mixin. Of course you can annotate more than one field. All annotated fields will be respected on loading. However, if the view does not contain an object that should be resolved, it will be replaced by null. The LinkedDocuments-annotation even allows you to name a different destination field for the resolved objects for easier integration into the existing code.</p> +<h2 id="usage-with-ektorp">Usage with Ektorp</h2> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:no_entry: does not work</td> +<td>:no_entry:</td> +<td>:no_entry:</td> +</tr> +</tbody> +</table> +<p>Since SW360 is using Ektorp as Objectmapper, a response like above is not suitable. Ektorp is just not able to parse the above response correctly. +However Ektorp has a linking feature as well: You may annotate fields with the <code>@DocumentReference</code>-Annotation to tell Ektorp to store the content within external documents. This only works with fields of type <code>Set</code> at the moment of writing. Since SW360 data objects are generated using Thrift, directly annotating the field is not possible. Due to the mixin feature of Ektorp this is not a big issue. Unfortunately making the <code>@DocumentReference</code>-annotation to work was not possible with a reasonable effort.</p> +<p>Internally Ektorp is also using special views for getting linked documents to work. A quick look into the source codes suggests that this feature is implemented using special serializers which would lead to additional requests on loading and storing as well. Therefore the same performance issues might be come across if the annotation would work.</p> +<h3 id="own-serializerdeserzialer">Own serializer/deserzialer</h3> +<table> +<thead> +<tr> +<th>Easy to use?</th> +<th>Performance?</th> +<th>Effort to use in existing code</th> +</tr> +</thead> +<tbody> +<tr> +<td>:star::star::star: Quite easy, just some Jackson configuration necessary</td> +<td>:star::star: Good, but every type of linked objects needs an additional request</td> +<td>:star::star::star: Low, existing code does not have to be changed</td> +</tr> +</tbody> +</table> +<p>This method works just like the Ektorp way. In addition a slow transition from internal to external documents is possible, since the custom serialization methods will handle both cases directly. Any embedded documents will be externalized on first update of the owner object. +The following classes are needed:</p> +<ol> +<li>Repository for the new external documents</li> +<li>DatabaseHandler for the new external documents</li> +<li>Mixin-Class to add annotations to the field with external documents</li> +<li>A new mapper factory to properly configure the custom serializer</li> +<li>Custom serializers/deserializer</li> +</ol> +<h4 id="example-for-externalizing-attachments">Example for externalizing attachments</h4> +<h5 id="mixin-class">Mixin-Class</h5> +<p>This will configure Ektorp to use a special class for this field. We use a special serializer for the field instead of for the type (in this case Attachment), so we can do serialization/deserialization for all attachments at once. If we would use a special serializer, every</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMixin</span> <span style="color:#069;font-weight:bold">extends</span> DatabaseMixIn <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonSerialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetSerializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@JsonDeserialize</span><span style="color:#555">(</span>using <span style="color:#555">=</span> AttachmentSetDeserializer<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">abstract</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">setAttachments</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h5 id="mapper-factory">Mapper factory</h5> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">SplitAttachmentsMapperFactory</span> <span style="color:#069;font-weight:bold">extends</span> MapperFactory <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentHandlerInstantiator handlerInitiator<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">SplitAttachmentsMapperFactory</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> handlerInitiator <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentHandlerInstantiator<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> ObjectMapper <span style="color:#c0f">createObjectMapper</span><span style="color:#555">()</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> ObjectMapper objectMapper <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">super</span><span style="color:#555">.</span><span style="color:#309">createObjectMapper</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">addMixInAnnotations</span><span style="color:#555">(</span>Project<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">,</span> SplitAttachmentsMixin<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> objectMapper<span style="color:#555">.</span><span style="color:#309">setHandlerInstantiator</span><span style="color:#555">(</span>handlerInitiator<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> objectMapper<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">static</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentHandlerInstantiator</span> <span style="color:#069;font-weight:bold">extends</span> HandlerInstantiator <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetSerializer attachmentSetSerializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentSetDeserializer attachmentSetDeserializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentHandlerInstantiator</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachmentSetSerializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetSerializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> attachmentSetDeserializer <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentSetDeserializer<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> JsonDeserializer<span style="color:#555">&lt;?&gt;</span> deserializerInstance<span style="color:#555">(</span>DeserializationConfig config<span style="color:#555">,</span> Annotated annotated<span style="color:#555">,</span> Class<span style="color:#555">&lt;?&gt;</span> deserClass<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>deserClass<span style="color:#555">.</span><span style="color:#309">isInstance</span><span style="color:#555">(</span>attachmentSetDeserializer<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachmentSetDeserializer<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> <span style="color:#069;font-weight:bold">null</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">...</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h5 id="serializer">Serializer</h5> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetSerializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonSerializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetSerializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#078;font-weight:bold">void</span> <span style="color:#c0f">serialize</span><span style="color:#555">(</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments<span style="color:#555">,</span> JsonGenerator jsonGenerator<span style="color:#555">,</span> SerializerProvider provider<span style="color:#555">)</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> List<span style="color:#555">&lt;</span>DocumentOperationResult<span style="color:#555">&gt;</span> results <span style="color:#555">=</span> handler<span style="color:#555">.</span><span style="color:#309">bulkCreateOrUpdateAttachments</span><span style="color:#555">(</span>attachments<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>results<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments. Some failed: &#34;</span> <span style="color:#555">+</span> results<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot create or update attachments.&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartArray</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> <span style="color:#555">(</span>Attachment attachment <span style="color:#555">:</span> attachments<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStartObject</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeStringField</span><span style="color:#555">(</span><span style="color:#c30">&#34;_id&#34;</span><span style="color:#555">,</span> attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndObject</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> jsonGenerator<span style="color:#555">.</span><span style="color:#309">writeEndArray</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div><h4 id="deserializer">Deserializer</h4> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">public</span> <span style="color:#069;font-weight:bold">class</span> <span style="color:#0a8;font-weight:bold">AttachmentSetDeserializer</span> <span style="color:#069;font-weight:bold">extends</span> JsonDeserializer<span style="color:#555">&lt;</span>Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;&gt;</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">private</span> <span style="color:#069;font-weight:bold">final</span> AttachmentDatabaseHandler handler<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> <span style="color:#c0f">AttachmentSetDeserializer</span><span style="color:#555">(</span>Supplier<span style="color:#555">&lt;</span>HttpClient<span style="color:#555">&gt;</span> httpClient<span style="color:#555">,</span> String dbName<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> MalformedURLException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">this</span><span style="color:#555">.</span><span style="color:#309">handler</span> <span style="color:#555">=</span> <span style="color:#069;font-weight:bold">new</span> AttachmentDatabaseHandler<span style="color:#555">(</span>httpClient<span style="color:#555">,</span> dbName<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#99f">@Override</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">public</span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> <span style="color:#c0f">deserialize</span><span style="color:#555">(</span>JsonParser jsonParser<span style="color:#555">,</span> DeserializationContext context<span style="color:#555">)</span> <span style="color:#069;font-weight:bold">throws</span> IOException<span style="color:#555">,</span> JsonProcessingException <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>Attachment<span style="color:#555">&gt;</span> attachments <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>jsonParser<span style="color:#555">.</span><span style="color:#309">isExpectedStartArrayToken</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span><span style="color:#c30">&#34;Expected array token but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> Set<span style="color:#555">&lt;</span>String<span style="color:#555">&gt;</span> attachmentIds <span style="color:#555">=</span> Sets<span style="color:#555">.</span><span style="color:#309">newHashSet</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> JsonToken token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">while</span> <span style="color:#555">(!</span>JsonToken<span style="color:#555">.</span><span style="color:#309">END_ARRAY</span><span style="color:#555">.</span><span style="color:#309">equals</span><span style="color:#555">(</span>token<span style="color:#555">))</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">switch</span> <span style="color:#555">(</span>token<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">case</span> START_OBJECT<span style="color:#555">:</span> +</span></span><span style="display:flex;"><span> Attachment attachment <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">readValueAs</span><span style="color:#555">(</span>Attachment<span style="color:#555">.</span><span style="color:#309">class</span><span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetId</span><span style="color:#555">()</span> <span style="color:#555">&amp;&amp;</span> <span style="color:#555">!</span>attachment<span style="color:#555">.</span><span style="color:#309">isSetRevision</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachmentIds<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">.</span><span style="color:#309">getId</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">else</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">add</span><span style="color:#555">(</span>attachment<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">break</span><span style="color:#555">;</span> +</span></span><span style="display:flex;"><span><span style="color:#99f"> +</span></span></span><span style="display:flex;"><span><span style="color:#99f"> default:</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IllegalStateException<span style="color:#555">(</span> +</span></span><span style="display:flex;"><span> <span style="color:#c30">&#34;Unexpected token. Expected object or string but found: &#34;</span> <span style="color:#555">+</span> jsonParser<span style="color:#555">.</span><span style="color:#309">getCurrentToken</span><span style="color:#555">().</span><span style="color:#309">asString</span><span style="color:#555">());</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> token <span style="color:#555">=</span> jsonParser<span style="color:#555">.</span><span style="color:#309">nextToken</span><span style="color:#555">();</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> <span style="color:#555">(!</span>attachmentIds<span style="color:#555">.</span><span style="color:#309">isEmpty</span><span style="color:#555">())</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">try</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> attachments<span style="color:#555">.</span><span style="color:#309">addAll</span><span style="color:#555">(</span>handler<span style="color:#555">.</span><span style="color:#309">retrieveAttachments</span><span style="color:#555">(</span>attachmentIds<span style="color:#555">));</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> <span style="color:#069;font-weight:bold">catch</span> <span style="color:#555">(</span>SW360Exception exception<span style="color:#555">)</span> <span style="color:#555">{</span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">throw</span> <span style="color:#069;font-weight:bold">new</span> IOException<span style="color:#555">(</span><span style="color:#c30">&#34;Cannot load attachments (&#34;</span> <span style="color:#555">+</span> attachmentIds <span style="color:#555">+</span> <span style="color:#c30">&#34;)&#34;</span><span style="color:#555">,</span> exception<span style="color:#555">);</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> attachments<span style="color:#555">;</span> +</span></span><span style="display:flex;"><span> <span style="color:#555">}</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span><span style="color:#555">}</span> +</span></span></code></pre></div>Docs: Database migration using Costcohttps://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ +<h3 id="praeamble">Praeamble</h3> +<p>Please note that database migrations are done now in python scripts at</p> +<blockquote> +<p><a href="https://github.com/eclipse/sw360/tree/master/scripts/migrations">https://github.com/eclipse/sw360/tree/master/scripts/migrations</a></p> +</blockquote> +<p>keeping the following page because Costco might be useful for development / testing / quick adaptations.</p> +<h3 id="problem">Problem</h3> +<p>The main problem with changing field names in thrift is that existing documents in the couchdb need adjustments. Unfortunately, the futon interface of the couchdb does not offer bulk edits. As a consequence, looking into every document is tedious, for more than 100 documents, maybe unfeasible.</p> +<h3 id="solution">Solution</h3> +<p>Use costco, an open source project that</p> +<ul> +<li>is a couchapp (right, this implies that you install the couchapp environment)</li> +<li>offers a Web interface as sub path of the couchdb database</li> +<li>allows to iterate through the documents of a database and then apply modifications on a particular document</li> +<li>allows to perform modifications on documents using Java script</li> +</ul> +<p>More information</p> +<ul> +<li>Project website: <a href="https://github.com/harthur/costco">https://github.com/harthur/costco</a></li> +<li>Useful examples: <a href="http://harthur.github.io/costco/">http://harthur.github.io/costco/</a></li> +</ul> +<p>Note that costco does not allow to perform operations involving several documents at once, for example, setting values in one document that results from querying from several other documents. Costco is perfect for corrections on the couchdb document &lsquo;schema&rsquo; (not in the classic sense as there is no schema in couchdb).</p> +<h3 id="troubleshooting">Troubleshooting</h3> +<p>If you try to install costco, you try to install couchapp mst likely. However, it might be that some python packages are missing which results in a &rsquo;not-so-obvious&rsquo; python error during install of couchapp. The following line could be th dependencies that you might need:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>sudo apt-get install python-dev libxml2-dev libxslt-dev +</span></span></code></pre></div><h3 id="cheat-sheet-installing-costco-inside-an-sw360vagrant-deployment">Cheat Sheet: Installing costco inside an sw360vagrant deployment</h3> +<p>OK, if you read until here, to make it easy for you just the few lines to have executed to install costco when youi have a machine that is deployed with our vagrant:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ sudo apt-get install python-dev libxml2-dev libxslt-dev +</span></span><span style="display:flex;"><span>$ sudo pip install couchapp +</span></span><span style="display:flex;"><span>$ git clone http://github.com/harthur/costco.git +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> costco +</span></span><span style="display:flex;"><span>$ couchapp push . http://localhost:5984/sw360db +</span></span></code></pre></div><h3 id="examples-in-sw360">Examples in sw360</h3> +<p>The following examples show some costco code from the use with sw360.</p> +<h4 id="renaming-a-key">Renaming a key</h4> +<p>In order to rename a field&rsquo;s key, the following code might be helpful. In the following example, the field&rsquo;s key <code>developement</code> into <code>development</code> (correcting a typo in the datamodel).</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>(doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;todo&#39;</span>) { +</span></span><span style="display:flex;"><span> doc.development <span style="color:#555">=</span> doc.developement; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.developement; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h4 id="renaming-a-key-in-a-subdocument">Renaming a key in a subdocument</h4> +<p>Similar thing as above, rename a key from <code>comment</code> to <code>createdcomment</code>, but this time inside a nested list of documents.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> f <span style="color:#555">=</span> <span style="color:#f60">0</span>, len <span style="color:#555">=</span> doc.attachments.length; f <span style="color:#555">&lt;</span> len; f <span style="color:#555">+=</span><span style="color:#f60">1</span> ) { +</span></span><span style="display:flex;"><span> doc.attachments[f].createdComment <span style="color:#555">=</span> doc.attachments[f].comment; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">delete</span> doc.attachments[f].comment; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">return</span> doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h3 id="more-javascript-examples-with-couchdb">More JavaScript Examples with CouchDB</h3> +<p>In addition to costco, also the couchdb map-reduce functions can help to track down issues in the data sets.</p> +<p>The following example searched for attachments of type <code>SOURCE</code> at releases, which do not have the <code>createdBy</code> set:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> ((doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) +</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.attachments)) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">for</span> (<span style="color:#069;font-weight:bold">var</span> attachment <span style="color:#069;font-weight:bold">in</span> doc.attachments) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (<span style="color:#555">!</span>doc.attachments[attachment].createdBy) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span> (doc.attachments[attachment].attachmentType<span style="color:#555">==</span> <span style="color:#c30">&#39;SOURCE&#39;</span>) { +</span></span><span style="display:flex;"><span> emit(doc._id, doc.attachments[attachment].filename); +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>The following example looks into date fields, in this case <code>createdOn</code>, and checks if it uses dots (for changing them into dashes).</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-JavaScript" data-lang="JavaScript"><span style="display:flex;"><span><span style="color:#069;font-weight:bold">function</span>(doc) { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">if</span>( +</span></span><span style="display:flex;"><span> (doc.type <span style="color:#555">==</span> <span style="color:#c30">&#39;release&#39;</span>) +</span></span><span style="display:flex;"><span> <span style="color:#555">&amp;&amp;</span> (doc.createdOn.indexOf(<span style="color:#c30">&#39;.&#39;</span>) <span style="color:#555">!==</span> <span style="color:#555">-</span><span style="color:#f60">1</span>) +</span></span><span style="display:flex;"><span> ) +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> emit(doc.name, doc) +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div>Docs: Definition of Donehttps://www.eclipse.org/sw360/docs/development/dev-dod-and-style/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ +<h3 id="policy">Policy</h3> +<ul> +<li>Review points should involve one person from another angle (not just the person you were sitting together with anyways)</li> +<li>Limit items in review to 5, try to coordinate</li> +<li>Using Github assignments to issues or pull requests</li> +<li>Open review items require conversation</li> +</ul> +<h1 id="definition-of-done">Definition of Done</h1> +<ul> +<li> +<p>File headers in file OK</p> +<ul> +<li>EPL-2.0 license header</li> +<li>Or, if the file is too small, configuration file: license note (see code style)</li> +<li>Copyright and author</li> +</ul> +</li> +<li> +<p>Create Branches for sw360</p> +<ul> +<li>Please use conventional branch names for sw360 <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-branches/">Dev-Branches</a></li> +</ul> +</li> +<li> +<p>Avoid (serious) compiler warnings</p> +<ul> +<li>Squash your commits into one or more logical units of work. No dozens of hourly/daily commits in your pull request, please</li> +<li>Rebase onto current master so that a fast forward merge is possible</li> +<li>That means that merge to master is prepared</li> +</ul> +</li> +<li> +<p>No breaking test</p> +<ul> +<li>Unit testing as it is already present</li> +<li>You have more - use them!</li> +</ul> +</li> +<li> +<p>New test</p> +<ul> +<li>For new / added functionality</li> +</ul> +</li> +<li> +<p>Documentation</p> +<ul> +<li>in the Githuib Wiki-Section, if you have done something new</li> +<li>At least a technical note for newly added functionality</li> +</ul> +</li> +<li> +<p>Commit style</p> +<ul> +<li>try to squash commits. In the ideal case, a feature is contained in one commit.</li> +<li>try to use conventional changelog for commit messages. <a href="https://www.eclipse.org/sw360/sw360/docs/development/dev-semantic-commits/">Dev-Semantic-Commits</a></li> +</ul> +</li> +</ul> +<h1 id="review">Review</h1> +<p>Review basically checks for the D-o-D items, in particular</p> +<ul> +<li>Code style, not really formatting, but issues like style attributes in HTML tags or exception handling useful</li> +<li>Design / architecture issues</li> +<li>Community contribution suitability</li> +<li>Issue coverage (does it actually solve the problem?)</li> +<li>Add to commit message of merge commit explicitly:</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>review-by:email@domain.com +</span></span></code></pre></div><p>and</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>tested-by:email@domain.com +</span></span></code></pre></div><h1 id="licensing-and-file-header">Licensing and File Header</h1> +<p>All files contributed require headers - this will ensure the license and copyright clearing at the end. Also, all contributions must have the same license as the original source.</p> +<p>If a file has relevant functionality, note that we should move to Eclipse 2.0</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Java" data-lang="Java"><span style="display:flex;"><span><span style="color:#09f;font-style:italic">/* +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright COPYRIGHT HOLDER, 2017. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Copyright NEXT COPYRIGHT HOLDER, 2017. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * Part of the SW360 Portal Project. +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * SPDX-License-Identifier: EPL-1.0 +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * All rights reserved. This program and the accompanying materials +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * are made available under the terms of the Eclipse Public License v1.0 +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * which accompanies this distribution, and is available at +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> * http://www.eclipse.org/legal/epl-v10.html +</span></span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"> */</span> +</span></span></code></pre></div><p>(please adapt comment characters usage)</p> +<p>For small files such as property files, configuration files or standard XML files:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># Copyright &lt;COPYRIGHT_HOLDER&gt;, &lt;YEAR&gt;. Part of the SW360 Portal Project.</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic">#</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># All rights reserved. This configuration file is provided to you under the</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># terms and conditions of the Eclipse Distribution License v1.0 which</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># accompanies this distribution, and is available at</span> +</span></span><span style="display:flex;"><span><span style="color:#09f;font-style:italic"># http://www.eclipse.org/org/documents/edl-v10.php</span> +</span></span></code></pre></div><h1 id="code-style">Code style</h1> +<p>Just use the standard Java formatting rules of your IDE and <strong>do not reformat</strong> code from others, because you like to correct formatting of other&rsquo;s code.</p>Docs: Filtering in Portletshttps://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ +<p>For the filters that are shown for components and listings, there are some options:</p> +<ol> +<li> +<p>The <strong>Keyword search</strong> works directly on the table shown on the main right area. For example in the components portlet, this is in components/view.jsp.</p> +</li> +<li> +<p>The <strong>filters</strong> actually result in a new search request, when hitting apply filters button. The project portlet reads the fields and creates a map. Then, <code>ProjectPortlet</code> calls the thrift service <code>refineSearch()</code>, which is handled in <code>ProjectHandler</code>. This method takes the map and the user as input. The search service has a server-side JavaScript function (LuceneSearchView) defined for this particular filter in <code>ProjectSearchHandler.java</code>. This is called with the <code>LuceneAwareDatabaseConnector.java</code>. After filtering, the visibility constraints for the requesting user are applied.</p> +</li> +<li> +<p>Then for each release table, there is a search field in the upper right corner. This again works on the data of the Release summary object and then filters what is on the client (web browser).</p> +</li> +</ol>Docs: Fossology Integrationhttps://www.eclipse.org/sw360/docs/development/dev-fossology-integration/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ +<p>Basic communication with the FOSSology server is done over an SSH connection: the fossology service of SW360 executes remote commands on the FOSSology server.</p> +<p>The commands that are executed are the bash scripts found inside <code>src-fossology/src/main/resources/scripts/</code>, they are copied into the home directory of the ssh user (either manually or through the admin portlet). +See <a href="Fossology-Setup">Setup of connection with Fossology</a> for configuration details.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>\- src-fossology/src/main/resources/ +</span></span><span style="display:flex;"><span> \- scripts/ +</span></span><span style="display:flex;"><span> |- duplicateUpload +</span></span><span style="display:flex;"><span> |- folderManager +</span></span><span style="display:flex;"><span> |- getStatusOfUpload +</span></span><span style="display:flex;"><span> |- uploadFromSW360 +</span></span><span style="display:flex;"><span> \- utilsSW360 +</span></span></code></pre></div><p>These scripts utilize the standard command line tools to interact natively with FOSSology (these are the tools found in the src/cli folder of FOSSology, such as <code>cp2foss fossjobs fossupload_status fo_usergroup fo_chmod fo_folder ...</code>).</p> +<ul> +<li><code>utilsSW360</code> contains common functions used by the other scripts and some FOSSology configuration such as the user/password pair used to run the cli utils and the UNIX group of the FOSSology processes</li> +<li><code>folderManager</code> (uses FO:<code>fo_folder</code>): get information about the folder structure of FOSSology to allow sharing of uploads between groups</li> +<li><code>getStatusOfUpload</code> (uses FO:<code>fossupload_status</code>): to get the clearing status given an uploadId and a group</li> +<li><code>uploadFromSW360</code> (uses FO:<code>cp2foss fossjobs</code>): to create a new upload from the standard input and schedule scanners</li> +<li><code>duplicateUpload</code> (uses FO:<code>fo_chmod</code> SW:<code>folderManager</code>): to make a previously uploaded file available for another group</li> +</ul> +<h3 id="java-libraries-and-settings">Java libraries and settings</h3> +<p>The java code utilizes the package <code>com.jcraft.jsch</code> to connect to the SSH server. It is set to strictly check the fingerprint of the remote server against the accepted which are stored in couchDB.</p> +<h3 id="conventions">Conventions</h3> +<p>the sw360 user in FOSSology (the actual name is configured in <code>utilsSW360</code>) <strong>must be a member of every group</strong> to which it should be able to send Releases to be cleared. +File uploaded from SW360 are placed inside a folder with the same name as the group and permission will be set at the group level (default of cp2foss).</p> +<h3 id="datamodel-and-thrift-service">Datamodel and thrift service</h3> +<ul> +<li> +<p>each Release object in SW360 can have only one attachment of type SOURCE.</p> +</li> +<li> +<p>when a Release is sent <em>for the first time</em> to FOSSology through the Thrift method <code>sendToFossology(1: string releaseId, 2: string clearingTeam )</code> its SOURCE attachement is sent as stdin to the script <code>uploadFromSW360</code>.</p> +<p>The field <code>map&lt;string, FossologyStatus&gt; clearingTeamToFossologyStatus</code> is then updated to contain the corresponding entry for the chosen Clearing Team (aka. the name of the FOSSology group which will receives the upload for clearing).</p> +</li> +<li> +<p>when the same Release is <em>sent again for another team</em> a new <em>link</em> in the corresponding group folder is created and the old upload is made available for the new group (as in giving permission using FO:<code>fo_chmod</code>).</p> +<p>At the moment this gives access only to the files, not to the relative clearing decision. +In order to make the clearing decisions available a reuser needs to be scheduled from the Jobs menu. [ it could be possible to schedule the job from SW360: its user is member of all the groups; but it is not currently implemented since there is no cli interface for reuser yet ]</p> +</li> +<li> +<p>when the current status is requested using the Thrift method <code>Release getStatusInFossology(1: string releaseId, 2: string clearingTeam )</code> the newest status is fetched from FOSSology and it is stored in the map for the relative clearingTeam</p> +</li> +</ul> +<h3 id="notes">Notes</h3> +<ul> +<li>Releases have a ClearingState field, but this is ignored by the Thrift service and used only in the SW360 user interface.</li> +<li>Projects link to Releases and the summary of their FOSSology status can be monitored. This is also ignored by the FOSSology Thrift service and handled by the Component service: the FOSSology service just updates the status of the Release objects.</li> +</ul>Docs: Licenseshttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ +<h2 id="create-edit-and-delete-license">Create, edit and delete license</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Licenses</em> tab</td> +<td style="text-align:left"><em>Licenses</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Add License</em></td> +<td style="text-align:left"><em>New License</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill in <em>Fullname</em> and <em>Shortname</em> fields and press <em>Add License</em></td> +<td style="text-align:left"><em>License added successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Write the license or part of newly created license name in <em>Keyword Search</em> field</td> +<td style="text-align:left">License is filtered successfully</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click on license name and then on <em>Edit License Details and Text</em></td> +<td style="text-align:left">License page is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Modify some fields and click <em>Update License</em></td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Check all fields on <em>Details</em> and <em>Text</em> pages</td> +<td style="text-align:left">Values are filled in correctly</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click on <em>Edit License Details and Text</em></td> +<td style="text-align:left">License page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click o <em>Delete</em> license name</td> +<td style="text-align:left"><em>License removed successfully!</em> message is displayed</td> +</tr> +</tbody> +</table> +<h2 id="edit-license-todos-and-obligations">Edit license TODOs and Obligations</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known <em>clearing admin</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on previously created license name</td> +<td style="text-align:left"><em>License Details</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Add a Todo</em></td> +<td style="text-align:left">Todo page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Enter a Todo text (e.g. &ldquo;First todo text&rdquo;), click <em>Applies to development</em>, and click <em>Submit</em></td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>TODOs and Obligations</em></td> +<td style="text-align:left">The previously entered Todo is listed on the page with <em>No obligations</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click on <em>Add a Todo</em></td> +<td style="text-align:left">Todo page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Enter a Todo text (e.g. &ldquo;Second todo text&rdquo;), click on some Obligations and click Submit</td> +<td style="text-align:left"><em>License updated successfully!</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click TODOs and Obligations</td> +<td style="text-align:left">The previously entered Todo is listed on the page together with chosen obligations</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click on <em>Edit WhiteList</em>, deselect first Todo and click <em>Submit</em></td> +<td style="text-align:left">The deselected Todo is not displayed anymore on <em>TODOs and Obligations</em> page</td> +</tr> +</tbody> +</table> +<h2 id="check-export-licenses">Check Export Licenses</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Licenses</em> tab</td> +<td style="text-align:left"><em>Licenses</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click on <em>Export Licenses</em></td> +<td style="text-align:left">A dialog for opening <em>Licenses.xlsx</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Open the xlsx file and compare the number of rows with total number of entries from <em>Licenses</em> tab</td> +<td style="text-align:left">All licenses names are exported successfully.</td> +</tr> +</tbody> +</table>Docs: Liferay Friendlyhttps://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ +<p>The normal generated portlet URLs containing a set of internal Liferay request parameters. <br> +These long URLs of links or forms are mostly not readable and its not easy to share it somewhere else.</p> +<p>General Liferay portlet URL: <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples?p_p_id=example_WAR_ExamplePortlet&amp;p_p_lifecycle=1&amp;p_p_state=normal&amp;p_p_mode=view&amp;p_p_col_id=column-1&amp;p_p_col_count=1&amp;_example_WAR_ExamplePortlet_javax.portlet.action=new +</span></span></code></pre></div><p>Explanation of the Liferay request parameters: <br> +<strong>p_p_id:</strong> The portlet ID (example_WAR_ExamplePortlet)<br> +<strong>p_p_state:</strong> Liferay windows pages state - 1 (normal) 2 (maximize) 3 (minimize) <br> +<strong>p_p_mode</strong>: Mode of the portlet look like - (view) (edit) (help) <br> +<strong>p_p_lifecycle:</strong> This is life cycle of portlet - 0 (render) 1 (action) 2 (server) <br> +<strong>p_p_col_id:</strong> The reference ID of the column in Liferay template <br> +<strong>p_p_col_pos:</strong> Specifiy the column position if the the layout having more than one columns <br> +<strong>p_p_col_count:</strong> Shows the no of columns in the current layout</p> +<h3 id="friendly-url-mapper-configuration">Friendly URL Mapper configuration</h3> +<p>Liferay provides a mechanism to shorten the generated URLs by using the Friendly URL Mapper feature. <br> <br> +How to configure the friendly URL Mapper in Liferay? <br> <br> +<strong>Configuration of URL routes in XML files</strong> <br></p> +<p><em>CREATE example-friendly-url-routes.xml</em> <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#099">&lt;?xml version=&#34;1.0&#34;?&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#099">&lt;!DOCTYPE routes PUBLIC &#34;-//Liferay//DTD Friendly URL Routes 6.2.2//EN&#34; +</span></span></span><span style="display:flex;"><span><span style="color:#099">&#34;http://www.liferay.com/dtd/liferay-friendly-url-routes_6_0_0.dtd&#34;&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;routes&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;route&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;pattern&gt;</span>/action/{actionName}<span style="color:#309;font-weight:bold">&lt;/pattern&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;generated-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;javax.portlet.action&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>{actionName}<span style="color:#309;font-weight:bold">&lt;/generated-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_auth&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;ignored-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_id&#34;</span><span style="color:#309;font-weight:bold">/&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_lifecycle&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>1<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_state&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>normal<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;implicit-parameter</span> <span style="color:#309">name=</span><span style="color:#c30">&#34;p_p_mode&#34;</span><span style="color:#309;font-weight:bold">&gt;</span>view<span style="color:#309;font-weight:bold">&lt;/implicit-parameter&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/route&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/routes&gt;</span> +</span></span></code></pre></div><p>Explanation of the Liferay Friendly Mapper route parameters: <br> +<strong>routes:</strong> Routes element which contains all route entries <br> +<strong>route:</strong> Single route element entry <br> +<strong>pattern:</strong> Pattern of the mapped friendly URL (visible in address bar) <br> +<strong>generated-parameter:</strong> These parameters will be generated from parameters in the request URL <br> +<strong>ignored-parameter:</strong> These parameters will be igored and not included in generated URLs <br> +<strong>implicit-parameter:</strong> Used for static attributes which can be ignored by recognition <br> +<strong>overridden-parameter:</strong> Parameter that should be set to a certain value when a URL is recognized <br> +<br> +It is necessary to order the parameters as described above. <br> +These files should located in the resources folder otherwise they will not be available on Apache Tomcat and cannot be initialized by Liferay. <br> +<br> +<strong>Configuration of friendly URL Java class</strong> <br> +<br> +<em>MODIFY liferay-portlet.xml</em> +<br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Xml" data-lang="Xml"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapper-class&gt;</span>com.liferay.portal.kernel.portlet.DefaultFriendlyURLMapper<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapper-class&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-mapping&gt;</span>example<span style="color:#309;font-weight:bold">&lt;/friendly-url-mapping&gt;</span> +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;friendly-url-routes&gt;</span>com/.../example-friendly-url-routes.xml<span style="color:#309;font-weight:bold">&lt;/friendly-url-routes&gt;</span> +</span></span></code></pre></div><br> +In the next step we need one java implementation class to generate the Liferay friendly URLs. <br> +<p>Liferay provides the <em>DefaultFriendlyURLMapper</em> class to create the URLs based on our rules. <br></p> +<p>The Liferay Friendly URL Mapper configuration is placed after <code>&lt;icon/&gt;</code> and before <code>&lt;instanceable&gt;</code> +tag.</p> +<h3 id="friendly-url-mapper-outcome">Friendly URL Mapper outcome</h3> +<p><strong>Liferay will generate the following friendly URL</strong> <br></p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>http://localhost:8080/web/guest/examples/-/example/action/new +</span></span></code></pre></div><br> +<ol> +<li>The liferay framework will add &ldquo;-&rdquo; (dash)</li> +<li>Friendly URL mapper name which is configured in <code>&lt;friendly-url-mapping&gt;</code> (liferay-portlet.xml) element</li> +<li>Pattern name with generated parameters which is same as in <code>&lt;pattern&gt;</code> (example-friendly-url-routes.xml) defined.</li> +</ol> +<h3 id="additional">Additional</h3> +<p>Friendly URL Mapper functionality is not working if the portletURL API is used to generate the Liferay URL in local Javascript. <br> +It is helpful to generate <code>&lt;portlet:renderURL&gt;</code> placeholder and replace them by using dummy values.</p>Docs: Moderationhttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ +<h2 id="accept-moderation-request-for-visible-projects-by-other-users">Accept moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Open first browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile1&rdquo; -no-remote&rdquo;) and sign in with a known <em>First</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Open a second browser instance ((e.g. &ldquo;firefox.exe -p &ldquo;profile2&rdquo; -no-remote&rdquo;) and sign in with a known <em>Second</em> user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Create a new project visible for <em>Second</em> user (e.g. <em>Me and Moderators</em>, <em>Group and Moderators</em>, <em>Everyone</em>)</td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Search for the above created project and click <em>Edit</em></td> +<td style="text-align:left"><em>You will create a moderation request if you update.</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Edit Description field or other fields and click <em>Update Project</em></td> +<td style="text-align:left"><em>Moderation request was sent to update the Project name!</em> message is displayed.</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">The above project that needs moderation is displayed with status <em>PENDING</em></td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click on <em>Moderation</em> page</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Click on moderation request</td> +<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Accept Request</em></td> +<td style="text-align:left"><em>You have accepted the previous moderation request.</em> message is displayed, and State changes to <em>Approved</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>APPROVED</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>APPROVED</em></td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> +<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Check the moderation requested changes</td> +<td style="text-align:left">Changes are visible in the corresponding fields</td> +</tr> +</tbody> +</table> +<h2 id="decline-moderation-request-for-visible-projects-by-other-users">Decline moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-11</td> +<td style="text-align:left">Same as in TC01</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Decline Request</em></td> +<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Check <em>My Task Assignments</em> on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>REJECTED</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Check _My Task Submissions on <em>Home</em> page</td> +<td style="text-align:left">Status is <em>REJECTED</em></td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Open the <em>Projects</em> tab and click on previously modified project on step 7</td> +<td style="text-align:left">Project <em>Summary</em> page displayed successfully</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Check the moderation requested changes</td> +<td style="text-align:left">Changes are not visible in the corresponding fields</td> +</tr> +</tbody> +</table> +<h2 id="remove-me-from-moderators-for-moderation-request-for-visible-projects-by-other-users">Remove Me from Moderators for moderation request, for visible projects by other users</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-11</td> +<td style="text-align:left">Same as in TC01</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> +<td style="text-align:left"><em>You are the last moderator for this request - you are not allowed to unsubscribe.</em> message is displayed (assuming only <em>First</em> user was listed under <em>Moderators</em> column in step 10)</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Click on <em>Decline Request</em></td> +<td style="text-align:left"><em>You have declined the previous moderation request</em> message is displayed, and State changes to <em>Rejected</em></td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Edit the project and add a new moderator (e.g. <em>Third</em> user) under <em>Moderators</em> field</td> +<td style="text-align:left">Project updated successfully.</td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Activate <em>Second</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">16</td> +<td style="text-align:left">Edit the project and create a new moderation request</td> +<td style="text-align:left">Moderation request was sent</td> +</tr> +<tr> +<td style="text-align:right">17</td> +<td style="text-align:left">Activate <em>First</em> browser instance</td> +<td style="text-align:left">Instance is active</td> +</tr> +<tr> +<td style="text-align:right">18</td> +<td style="text-align:left">Click on <em>Moderation</em> page</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +<tr> +<td style="text-align:right">19</td> +<td style="text-align:left">Click on moderation request</td> +<td style="text-align:left"><em>Moderation Change Project</em> page is displayed, with proposed changes from step 7 listed</td> +</tr> +<tr> +<td style="text-align:right">20</td> +<td style="text-align:left">Click on <em>Remove Me from Moderators</em></td> +<td style="text-align:left"><em>You are removed from the list of moderators for the previous moderation request. You have no open Requests.</em> message is displayed. Also the document is deleted from moderation list.</td> +</tr> +<tr> +<td style="text-align:right">21</td> +<td style="text-align:left">Login with the <em>Third</em> user and check the <em>Moderation</em> tab</td> +<td style="text-align:left">The moderation request of <em>Second</em> user is displayed with state <em>Pending</em></td> +</tr> +</tbody> +</table>Docs: Moderation Requestshttps://www.eclipse.org/sw360/docs/development/dev-moderation-requests/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ +<p>The concept of moderation is good for two things:</p> +<ul> +<li>to cope with a large number of potential edits on documents.</li> +<li>to allow every user to propose edits.</li> +</ul> +<p>Allowing every user to edit opposed to propose edits would lad to a large number of changes, potentially, not making everyone happy. As such, the changes should be reviewed by an experienced person and can be then approved.</p> +<h2 id="application-flow">Application Flow</h2> +<p>A user changes a moderated document, which are component, release, project and todo&rsquo;s of licenses (and the white list):</p> +<ul> +<li> +<p>The user switches in edit mode and applies a change.</p> +</li> +<li> +<p>The user submits the change by clicking &ldquo;Update &hellip;&rdquo;</p> +</li> +<li> +<p>The application checks, if the permissions are sufficient</p> +</li> +<li> +<p>For sufficient permissions, see here: <a href="https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model">https://github.com/siemens/sw360portal/wiki/Dev-Role-Authorisation-Model</a></p> +</li> +<li> +<p>If the permissions do not allow the edit right away, a moderation request is created.</p> +</li> +<li> +<p>Moderators can see the moderation request in the moderation portlet</p> +</li> +<li> +<p>Having selected the moderation request, the moderator can accept the request, decline, postpone or remove himself from the list of moderators</p> +</li> +</ul> +<h2 id="technical-description">Technical Description</h2> +<h3 id="checking-document-permissions">Checking Document Permissions</h3> +<p>If a moderation requests needs to be created, because the user does not have sufficient permissions:</p> +<ul> +<li>The request goes through the stack, for example: project portlet, project handler, project database handler.</li> +<li>Then the project database handler checks for permissions using <code>makePermission()</code> (<code>DocumentPermission</code> is the base class, then <code>ProjectPermissions</code> is the referring here for projects) and <code>isActionAllowed()</code>.</li> +<li>For moderation requests, we assume that this action is not allowed. Then, the <code>ProjectModerator</code> is called (see package <code>...sw360.datahandler.entitlement</code>).</li> +<li>This class (which is part of the project service) creates a thrift client to the moderation service (also on the backend) and creates a moderation request using this client.</li> +</ul> +<p>Every moderation request is created using the thrift-based API.</p> +<h3 id="writing-a-moderation-request-to-the-database">Writing a Moderation Request to the Database</h3> +<p>The generation of moderation request is performed by the moderation service. The moderation service handles incoming request in the following way:</p> +<ul> +<li>The requests arrives in the <code>ModerationDatabaseHandler</code>.</li> +<li>This handler writes the request to the database.</li> +</ul> +<h3 id="creation-details-in-the-service">Creation Details in the Service</h3> +<p>The handler writes one moderation request per user and document. If a moderation request from the same user for the same document exists, added moderation requests are merged. Or, the request is new either with a new user, new document or both, then the moderation request is created.</p> +<p>Each moderation requests has recipients, the moderators. The moderation database handler selects the moderators depending on the document type, which are usually the creator of the document and the listed moderators for this document. See details in the <code>ModerationDatabaseHandler</code> class. At the same location the check for deletion is performed.</p> +<h3 id="what-is-in-the-database">What is in the Database?</h3> +<p>The moderation request is a document in the couchdb. Technically, the moderation requests holds the affected document as field where the values is a nested JSON dictionary.</p> +<p>The following screen shot shows an example for a moderation request for a project.</p> +<p><img src="https://raw.githubusercontent.com/wiki/siemens/sw360portal/images/036-oss-sw360-20160310-screenshot-moderation-reqeust-document-example.png" alt="Example Moderation Request in Database"></p> +<h3 id="evaluating-the-moderation-request">Evaluating the Moderation Request</h3> +<p>On the moderation portlet all moderations will be shown, for which the user is a moderator. Only open moderation requests can be selected. Approved and declined moderation requests will only be shown. -On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the <code>merge.jsp</code> and all differences will be shown to the moderator. This is done via tags such as the <code>sw360:CompareProject</code>-tag. Opening the detailed view of the moderation request changes the state to <code>in progress</code> to show other moderators that the moderation request is in work.</p> -<p>The following actions are possible:</p> -<ul> -<li><code>Accept request</code>: the document within the moderation request will be accepted and written to the DB via e.g. the <code>ProjectService</code>. The state is set to <code>ACCEPTED</code>.</li> -<li><code>Remove Me from Moderators</code>: the state of the moderation requests is set to <code>PENDING</code> again and the logged in moderator will be removed from the moderation list.</li> -<li><code>Decline request</code>: the moderation requests will be set to <code>REJECTED</code> and still shown in the list</li> -<li><code>Postpone request</code>: the state will be <code>IN PROGRESS</code>.</li> -<li><code>Cancel</code>: the moderation state is set to <code>PENDING</code> and the moderation request will still be shown in the moderation request list</li> -</ul> - - - - - - Docs: Projects - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ - - - - <h2 id="add-a-simple-project-with-no-relations-and-no-releases">Add a simple project with no relations and no releases</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Sign In with a known user</td> -<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left">The new project should be added to the projects list</td> -</tr> -</tbody> -</table> -<h2 id="add-a-full-project-with-relations-releases-and-send-to-clearing-process">Add a full project with relations, releases and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Click to add linked Projects</em></td> -<td style="text-align:left"><em>Search Project</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Search</em> and <em>Select</em> the project to be linked (e.g. created in TC01)</td> -<td style="text-align:left">Dialog is closed and selected project is displayed under <em>Linked Projects</em> section</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Click to add Releases</em></td> -<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> a release to be added</td> -<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">9</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">10</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left">The new project should be added to the projects list</td> -</tr> -<tr> -<td style="text-align:right">11</td> -<td style="text-align:left">Check <em>Clearing Status</em> by hovering mouse over the numbers.</td> -<td style="text-align:left">The message should be <em>new release, under clearing&hellip;</em></td> -</tr> -<tr> -<td style="text-align:right">12</td> -<td style="text-align:left">Send open release to clearing by clicking the button <em>Send to fossology</em>, under <em>Actions</em> column</td> -<td style="text-align:left"><em>Fossology Clearing</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">13</td> -<td style="text-align:left">Select the release to be sent for clearing and click <em>Send</em></td> -<td style="text-align:left"><em>Sent</em> message is displayed near the <em>Send to fossology</em> button</td> -</tr> -<tr> -<td style="text-align:right">14</td> -<td style="text-align:left">Click on project name and check <em>Summary</em> page</td> -<td style="text-align:left"><em>Clearing details</em> should have 1 for <em>Under clearing</em></td> -</tr> -<tr> -<td style="text-align:right">15</td> -<td style="text-align:left">Click on <em>Clearing Status</em></td> -<td style="text-align:left">The &ldquo;Release Clearing State_ should be <em>Sent to Fossology</em></td> -</tr> -</tbody> -</table> -<h2 id="add-a-project-with-releases-no-relations-remove-a-release-and-send-to-clearing-process">Add a project with releases, no relations, remove a release, and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1-5</td> -<td style="text-align:left">Same as in TC02</td> -<td></td> -</tr> -<tr> -<td style="text-align:right">5a</td> -<td style="text-align:left">Click on <em>Delete</em> icon to delete the linked project</td> -<td style="text-align:left"><em>Do you really want to remove the link to this project?</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">5b</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">The project is removed from the list of <em>Linked Projects</em></td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Click <em>Click to add Releases</em></td> -<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> more than one release to be added</td> -<td style="text-align:left">Dialog is closed and selected releases are displayed under <em>Linked Releases</em> section</td> -</tr> -<tr> -<td style="text-align:right">7a</td> -<td style="text-align:left">Click on <em>Delete</em> icon to delete one of the linked release</td> -<td style="text-align:left"><em>Do you really want to remove the link to this release?</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">7b</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">The release is removed from the list of <em>Linked Releases</em></td> -</tr> -<tr> -<td style="text-align:right">8-15</td> -<td style="text-align:left">Same as in TC02</td> -<td></td> -</tr> -</tbody> -</table> -<p>##TC04: Delete a project that is first linked to another project and then not linked</p> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Create a new project</td> -<td style="text-align:left">Project is created successfully</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Create another project and add first created one as linked project</td> -<td style="text-align:left">Projects are linked successfully</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Go to first created project in the projects table and try to delete it</td> -<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Message <em>The project is used by another project!</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Project is not deleted (e.g. refresh the page by clicking Projects tab)</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Go to second created project in the projects table and delete it</td> -<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>OK</em></td> -<td style="text-align:left">Project is deleted successfully</td> -</tr> -<tr> -<td style="text-align:right">8</td> -<td style="text-align:left">Go to first created project in the table (not linked anymore to second project) and delete it</td> -<td style="text-align:left">Project is deleted successfully</td> -</tr> -</tbody> -</table> -<h2 id="modify-an-existing-project-with-relations-releases-and-send-to-clearing-process">Modify an existing project with relations, releases and send to clearing process</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for a simple project (e.g. created in TC01) and click <em>Edit</em></td> -<td style="text-align:left"><em>You are editing the original document</em> message is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Execute steps 5-16 from TC02</td> -<td></td> -</tr> -</tbody> -</table> -<h2 id="add-and-modify-a-project-with-all-project-fields-filled-in">Add and modify a project with all project fields filled in</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Click on <em>Projects</em> tab</td> -<td style="text-align:left"><em>Projects</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill in all editable fields under <em>Basic Information</em>, <em>User Information</em> and <em>Admin Information</em></td> -<td style="text-align:left">Values are entered in the fields</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">6</td> -<td style="text-align:left">Check all fields on <em>Summary</em> page</td> -<td style="text-align:left">Values are filled in correctly</td> -</tr> -<tr> -<td style="text-align:right">7</td> -<td style="text-align:left">Click <em>Edit</em> button, modify some fields and <em>Update Project</em></td> -<td style="text-align:left">Values are updated successfully</td> -</tr> -</tbody> -</table> -<h2 id="duplicate-an-existing-project">Duplicate an existing project</h2> -<table> -<thead> -<tr> -<th style="text-align:right">Step</th> -<th style="text-align:left">Action</th> -<th style="text-align:left">Result</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right">1</td> -<td style="text-align:left">Search for an existing project with all fields filled in (e.g. created in TC06) and click <em>Duplicate</em> button under <em>Actions</em> column</td> -<td style="text-align:left">Project <em>Information</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">2</td> -<td style="text-align:left">Check all fields from copied project</td> -<td style="text-align:left">All fields are unchanged, including <em>Linked Projects</em> and <em>Linked Releases</em></td> -</tr> -<tr> -<td style="text-align:right">3</td> -<td style="text-align:left">Fill mandatory <em>Name</em> with a project name and click <em>Add Project</em></td> -<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> -</tr> -<tr> -<td style="text-align:right">4</td> -<td style="text-align:left">Click <em>Cancel</em> button</td> -<td style="text-align:left">New project <em>Summary</em> page is displayed</td> -</tr> -<tr> -<td style="text-align:right">5</td> -<td style="text-align:left">Check all fields</td> -<td style="text-align:left">All fields were copied successfully, except the new name of the project</td> -</tr> -</tbody> -</table> - - - - - - Docs: Release and Versioning - https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ - - - - <p>We have the following main principles for versioning and releases. We consider <a href="http://semver.org/">semantic versioning</a>:</p> -<blockquote> -<p>Given a version number MAJOR.MINOR.PATCH, increment the:</p> -<ul> -<li>MAJOR version when you make incompatible API changes,</li> -<li>MINOR version when you add functionality in a backwards-compatible manner, and</li> -<li>PATCH version when you make backwards-compatible bug fixes.</li> -</ul> -<p>Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.</p> -</blockquote> -<p>with the following implementation in our project:</p> -<h3 id="major-version">Major Version</h3> -<ul> -<li>API breaking changes are considered for the upcoming REST API.</li> -<li>Breaking change is <em>also</em> if a migration script is required for the data base.</li> -<li>Thrift API is not considered a public API anymore.</li> -<li>Therefore milestones cannot correspond to our versions like <code>1.4</code>, <code>1.5</code>, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.</li> -</ul> -<h3 id="minor-version">Minor Version</h3> -<ul> -<li>Changes to the thrift API will cause minor version increment.</li> -<li>Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.</li> -<li>Minor versions requires also tagging in the repo.</li> -</ul> -<h3 id="patch-level">Patch Level</h3> -<ul> -<li>Every push (merged pull request) to master shall generate <em>at least</em> (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.</li> -<li>Could e also minor improvements like adding a button with some functionality</li> -<li>Patch level is not tagged.</li> -</ul> -<h2 id="naming-and-meaning-of-milestones">Naming and Meaning of Milestones</h2> -<ul> -<li>Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.</li> -<li>We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.</li> -<li>However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.</li> -</ul> -<h2 id="technical-implementation">Technical Implementation</h2> -<ul> -<li>Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.</li> -<li>Currently, the versioning is &ldquo;manual maven based&rdquo;, we look for a cleaner more automated approach.</li> -</ul> -<h1 id="technical-maven-universe-how-to-maketag-a-release">Technical: Maven Universe How to make/tag a release⁽¹⁾:</h1> -<p>The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.</p> -<p>Let us assume, that we want to tag the version <strong>1.2.0</strong> and that the current version in the pom&rsquo;s is <strong>1.2.0-SNAPSHOT</strong>.</p> -<h3 id="0-work-in-a-clean-environment">0. Work in a clean environment</h3> -<p>Especially should all poms be without uncommitted changes. The safe way is to start with:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /tmp/ -</span></span><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git -</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360portal -</span></span></code></pre></div><h3 id="1-write-the-version-of-the-release-into-the-poms">1. Write the version of the release into the poms</h3> -<pre> -$ mvn versions:set -DnewVersion=<b>1.2.0</b> +On selecting the moderation requests, both documents (original and the updated out of the moderation request) will be compared in the <code>merge.jsp</code> and all differences will be shown to the moderator. This is done via tags such as the <code>sw360:CompareProject</code>-tag. Opening the detailed view of the moderation request changes the state to <code>in progress</code> to show other moderators that the moderation request is in work.</p> +<p>The following actions are possible:</p> +<ul> +<li><code>Accept request</code>: the document within the moderation request will be accepted and written to the DB via e.g. the <code>ProjectService</code>. The state is set to <code>ACCEPTED</code>.</li> +<li><code>Remove Me from Moderators</code>: the state of the moderation requests is set to <code>PENDING</code> again and the logged in moderator will be removed from the moderation list.</li> +<li><code>Decline request</code>: the moderation requests will be set to <code>REJECTED</code> and still shown in the list</li> +<li><code>Postpone request</code>: the state will be <code>IN PROGRESS</code>.</li> +<li><code>Cancel</code>: the moderation state is set to <code>PENDING</code> and the moderation request will still be shown in the moderation request list</li> +</ul>Docs: Projectshttps://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ +<h2 id="add-a-simple-project-with-no-relations-and-no-releases">Add a simple project with no relations and no releases</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Sign In with a known user</td> +<td style="text-align:left">User successfully signed in and <em>Home</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left">The new project should be added to the projects list</td> +</tr> +</tbody> +</table> +<h2 id="add-a-full-project-with-relations-releases-and-send-to-clearing-process">Add a full project with relations, releases and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name, change other fields if needed</td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Click to add linked Projects</em></td> +<td style="text-align:left"><em>Search Project</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Search</em> and <em>Select</em> the project to be linked (e.g. created in TC01)</td> +<td style="text-align:left">Dialog is closed and selected project is displayed under <em>Linked Projects</em> section</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Click to add Releases</em></td> +<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> a release to be added</td> +<td style="text-align:left">Dialog is closed and selected release is displayed under <em>Linked Releases</em> section</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">9</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">10</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left">The new project should be added to the projects list</td> +</tr> +<tr> +<td style="text-align:right">11</td> +<td style="text-align:left">Check <em>Clearing Status</em> by hovering mouse over the numbers.</td> +<td style="text-align:left">The message should be <em>new release, under clearing&hellip;</em></td> +</tr> +<tr> +<td style="text-align:right">12</td> +<td style="text-align:left">Send open release to clearing by clicking the button <em>Send to fossology</em>, under <em>Actions</em> column</td> +<td style="text-align:left"><em>Fossology Clearing</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">13</td> +<td style="text-align:left">Select the release to be sent for clearing and click <em>Send</em></td> +<td style="text-align:left"><em>Sent</em> message is displayed near the <em>Send to fossology</em> button</td> +</tr> +<tr> +<td style="text-align:right">14</td> +<td style="text-align:left">Click on project name and check <em>Summary</em> page</td> +<td style="text-align:left"><em>Clearing details</em> should have 1 for <em>Under clearing</em></td> +</tr> +<tr> +<td style="text-align:right">15</td> +<td style="text-align:left">Click on <em>Clearing Status</em></td> +<td style="text-align:left">The &ldquo;Release Clearing State_ should be <em>Sent to Fossology</em></td> +</tr> +</tbody> +</table> +<h2 id="add-a-project-with-releases-no-relations-remove-a-release-and-send-to-clearing-process">Add a project with releases, no relations, remove a release, and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1-5</td> +<td style="text-align:left">Same as in TC02</td> +<td></td> +</tr> +<tr> +<td style="text-align:right">5a</td> +<td style="text-align:left">Click on <em>Delete</em> icon to delete the linked project</td> +<td style="text-align:left"><em>Do you really want to remove the link to this project?</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">5b</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">The project is removed from the list of <em>Linked Projects</em></td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Click <em>Click to add Releases</em></td> +<td style="text-align:left"><em>Search Release</em> dialog is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Search by name</em> and <em>Select</em> more than one release to be added</td> +<td style="text-align:left">Dialog is closed and selected releases are displayed under <em>Linked Releases</em> section</td> +</tr> +<tr> +<td style="text-align:right">7a</td> +<td style="text-align:left">Click on <em>Delete</em> icon to delete one of the linked release</td> +<td style="text-align:left"><em>Do you really want to remove the link to this release?</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">7b</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">The release is removed from the list of <em>Linked Releases</em></td> +</tr> +<tr> +<td style="text-align:right">8-15</td> +<td style="text-align:left">Same as in TC02</td> +<td></td> +</tr> +</tbody> +</table> +<p>##TC04: Delete a project that is first linked to another project and then not linked</p> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Create a new project</td> +<td style="text-align:left">Project is created successfully</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Create another project and add first created one as linked project</td> +<td style="text-align:left">Projects are linked successfully</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Go to first created project in the projects table and try to delete it</td> +<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Message <em>The project is used by another project!</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Project is not deleted (e.g. refresh the page by clicking Projects tab)</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Go to second created project in the projects table and delete it</td> +<td style="text-align:left">Message <em>Do you want to delete project name?</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>OK</em></td> +<td style="text-align:left">Project is deleted successfully</td> +</tr> +<tr> +<td style="text-align:right">8</td> +<td style="text-align:left">Go to first created project in the table (not linked anymore to second project) and delete it</td> +<td style="text-align:left">Project is deleted successfully</td> +</tr> +</tbody> +</table> +<h2 id="modify-an-existing-project-with-relations-releases-and-send-to-clearing-process">Modify an existing project with relations, releases and send to clearing process</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for a simple project (e.g. created in TC01) and click <em>Edit</em></td> +<td style="text-align:left"><em>You are editing the original document</em> message is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Execute steps 5-16 from TC02</td> +<td></td> +</tr> +</tbody> +</table> +<h2 id="add-and-modify-a-project-with-all-project-fields-filled-in">Add and modify a project with all project fields filled in</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Click on <em>Projects</em> tab</td> +<td style="text-align:left"><em>Projects</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left"><em>New Project</em> page is displayed with mandatory fields marked with red star</td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill in all editable fields under <em>Basic Information</em>, <em>User Information</em> and <em>Admin Information</em></td> +<td style="text-align:left">Values are entered in the fields</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">6</td> +<td style="text-align:left">Check all fields on <em>Summary</em> page</td> +<td style="text-align:left">Values are filled in correctly</td> +</tr> +<tr> +<td style="text-align:right">7</td> +<td style="text-align:left">Click <em>Edit</em> button, modify some fields and <em>Update Project</em></td> +<td style="text-align:left">Values are updated successfully</td> +</tr> +</tbody> +</table> +<h2 id="duplicate-an-existing-project">Duplicate an existing project</h2> +<table> +<thead> +<tr> +<th style="text-align:right">Step</th> +<th style="text-align:left">Action</th> +<th style="text-align:left">Result</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right">1</td> +<td style="text-align:left">Search for an existing project with all fields filled in (e.g. created in TC06) and click <em>Duplicate</em> button under <em>Actions</em> column</td> +<td style="text-align:left">Project <em>Information</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">2</td> +<td style="text-align:left">Check all fields from copied project</td> +<td style="text-align:left">All fields are unchanged, including <em>Linked Projects</em> and <em>Linked Releases</em></td> +</tr> +<tr> +<td style="text-align:right">3</td> +<td style="text-align:left">Fill mandatory <em>Name</em> with a project name and click <em>Add Project</em></td> +<td style="text-align:left">The page remain the same and the message <em>You are editing the original document.</em> is displayed</td> +</tr> +<tr> +<td style="text-align:right">4</td> +<td style="text-align:left">Click <em>Cancel</em> button</td> +<td style="text-align:left">New project <em>Summary</em> page is displayed</td> +</tr> +<tr> +<td style="text-align:right">5</td> +<td style="text-align:left">Check all fields</td> +<td style="text-align:left">All fields were copied successfully, except the new name of the project</td> +</tr> +</tbody> +</table>Docs: Release and Versioninghttps://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ +<p>We have the following main principles for versioning and releases. We consider <a href="http://semver.org/">semantic versioning</a>:</p> +<blockquote> +<p>Given a version number MAJOR.MINOR.PATCH, increment the:</p> +<ul> +<li>MAJOR version when you make incompatible API changes,</li> +<li>MINOR version when you add functionality in a backwards-compatible manner, and</li> +<li>PATCH version when you make backwards-compatible bug fixes.</li> +</ul> +<p>Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.</p> +</blockquote> +<p>with the following implementation in our project:</p> +<h3 id="major-version">Major Version</h3> +<ul> +<li>API breaking changes are considered for the upcoming REST API.</li> +<li>Breaking change is <em>also</em> if a migration script is required for the data base.</li> +<li>Thrift API is not considered a public API anymore.</li> +<li>Therefore milestones cannot correspond to our versions like <code>1.4</code>, <code>1.5</code>, etc. anymore: we do not know which feature or issue will cause a version jump according to semantic versioning guidelines.</li> +</ul> +<h3 id="minor-version">Minor Version</h3> +<ul> +<li>Changes to the thrift API will cause minor version increment.</li> +<li>Larger new functionality which is backwards compatible, maybe one pull requests or maybe a group of pull requests.</li> +<li>Minor versions requires also tagging in the repo.</li> +</ul> +<h3 id="patch-level">Patch Level</h3> +<ul> +<li>Every push (merged pull request) to master shall generate <em>at least</em> (not there yet) a new patch level version, in order to allow for (clean) deployments at this level.</li> +<li>Could e also minor improvements like adding a button with some functionality</li> +<li>Patch level is not tagged.</li> +</ul> +<h2 id="naming-and-meaning-of-milestones">Naming and Meaning of Milestones</h2> +<ul> +<li>Milestones cannot correspond to versions (releases) anymore, because in general the version designator is determined by the level of change.</li> +<li>We use milestones as work packages. We see them as work packages from an organizational point of view. However, it is not a milestone to release a version, because - again in general - the version is determined by the level of change.</li> +<li>However, If the last merged pull quest of a work package, a completing merge: If it is not causing a major or minor version increment, still, this would lead to a minor version increment.</li> +</ul> +<h2 id="technical-implementation">Technical Implementation</h2> +<ul> +<li>Plan: The artifacts will be build by travis and stored on aws S3 (not there yet) with patch level version increments, but patch level versions will not lead to a tag in the repo.</li> +<li>Currently, the versioning is &ldquo;manual maven based&rdquo;, we look for a cleaner more automated approach.</li> +</ul> +<h1 id="technical-maven-universe-how-to-maketag-a-release">Technical: Maven Universe How to make/tag a release⁽¹⁾:</h1> +<p>The following information refers to the existing maven-based versioning scheme, as of now we are looking into a system which is not leading to a temporary change in the repo, commit, and then reverting changes.</p> +<p>Let us assume, that we want to tag the version <strong>1.2.0</strong> and that the current version in the pom&rsquo;s is <strong>1.2.0-SNAPSHOT</strong>.</p> +<h3 id="0-work-in-a-clean-environment">0. Work in a clean environment</h3> +<p>Especially should all poms be without uncommitted changes. The safe way is to start with:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ <span style="color:#366">cd</span> /tmp/ +</span></span><span style="display:flex;"><span>$ git clone https://github.com/eclipse/sw360.git +</span></span><span style="display:flex;"><span>$ <span style="color:#366">cd</span> sw360portal +</span></span></code></pre></div><h3 id="1-write-the-version-of-the-release-into-the-poms">1. Write the version of the release into the poms</h3> +<pre> +$ mvn versions:set -DnewVersion=<b>1.2.0</b> $ git add pom.xml \*\*/pom.xml -$ git commit -m "set version to <b>1.2.0</b>" -</pre> -<p>This will actually edit all pom.xml files and change the versions to <strong>1.2.0</strong>, i.e. remove the SNAPSHOT.</p> -<h3 id="2-test-the-project">2. Test the project</h3> -<pre> +$ git commit -m "set version to <b>1.2.0</b>" +</pre> +<p>This will actually edit all pom.xml files and change the versions to <strong>1.2.0</strong>, i.e. remove the SNAPSHOT.</p> +<h3 id="2-test-the-project">2. Test the project</h3> +<pre> $ mvn install -</pre> -<p>or even better: use vagrant.</p> -<h3 id="3-create-and-push-the-tag">3. Create and push the tag</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn scm:tag -</span></span></code></pre></div><p>This creates the tag and <strong>pushes it to github</strong>.</p> -<h3 id="4-write-the-new-incremented-snapshot-version-into-the-poms">4. Write the new incremented SNAPSHOT-version into the poms</h3> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn versions:set -DnewVersion<span style="color:#555">=</span>&lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt; -</span></span><span style="display:flex;"><span>$ git add pom.xml <span style="color:#c30;font-weight:bold">\*\*</span>/pom.xml -</span></span><span style="display:flex;"><span>$ git commit -m <span style="color:#c30">&#34;set version to &lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt;&#34;</span> -</span></span><span style="display:flex;"><span>$ git push origin master -</span></span></code></pre></div><p>&ndash; -⁽¹⁾ based on: <a href="https://axelfontaine.com/blog/final-nail.html">https://axelfontaine.com/blog/final-nail.html</a></p> - - - - - - Docs: Roles and Authorization - https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ - - - - <p>Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.</p> -<p>For setting roles of a user, the Liferay control panel is being used (Admin menu -&gt; Control Panel -&gt; Users and Organisations -&gt; Users -&gt; select one user and Edit -&gt; Roles). Setting access at individual records happens in the edit view of that record.</p> -<h2 id="roles-overview">Roles Overview</h2> -<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> -<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> -<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> -<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> -<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. This role can change data from other groups, limited by visibility setting of a project.</p> -<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> -<p>The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.</p> -<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> -<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> -<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> -<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> -<h4 id="user">User</h4> -<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> -<h3 id="moderation-requests">Moderation Requests</h3> -<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> -<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> -<ol> -<li><strong>creator</strong> - a creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item</li> -<li><strong>moderator</strong> - a creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> -<li><strong>contributor</strong> (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). -In contrast, the contributor cannot delete data items.</li> -<li><strong>project responsible</strong> (Project) - is a contributor, just named differently to identify the responsible person.</li> -<li><strong>lead architect</strong> (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> -<li><strong>contact</strong> (Release) - deprecated, should be renamed to contributor see #100.</li> -</ol> -<p><code>group (department)</code>, <code>contributor</code>, <code>moderator</code> and <code>owner</code> roles are entity specific, <code>user</code>, <code>clearing admin</code> and <code>admin</code> are roles assigned to a user.</p> -<h3 id="additional-project-visibility">Additional Project Visibility</h3> -<p>In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:</p> -<ol> -<li>Private - no one but the creator can read.</li> -<li>Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)</li> -<li>Department / business unit (should be renamed) - refer to the group the users are in.</li> -<li>Public - all registered users of the liferay / sw360 application (login required).</li> -</ol> -<p>The access rules are implemented in<code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> this is implemented in <code>ProjectPermissions</code>. See methods <code>isVisible</code> and <code>userIsEquivalentToModeratorinProject()</code> for the actual rules.</p> -<h3 id="overall-access-matrix">Overall Access Matrix</h3> -<p>The following table presents the SW360 Role-Authorisation-Model.</p> -<p>The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.</p> -<table> -<thead> -<tr> -<th></th> -<th>creator</th> -<th>moderator</th> -<th>contributor</th> -<th>user</th> -<th>clearing admin</th> -<th>(sw360)admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>create</td> -<td>-</td> -<td>-</td> -<td>-</td> -<td>PCRV</td> -<td>PCRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>read</td> -<td>P</td> -<td>P</td> -<td>P</td> -<td>(P²)CRVL</td> -<td>(P²)CRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>edit</td> -<td>PCR</td> -<td>PCR</td> -<td>PCR</td> -<td>(all created ones)</td> -<td>PCRVL</td> -<td>PCRVL</td> -</tr> -<tr> -<td>delete</td> -<td>PCR</td> -<td>PCR</td> -<td>-</td> -<td>(all created ones)</td> -<td>L</td> -<td>PCRVL</td> -</tr> -</tbody> -</table> -<p>P² : only if the user is member of the group of the project (or has created the project)</p> -<p>Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.</p> -<h4 id="legend">Legend</h4> -<table> -<thead> -<tr> -<th>acronym</th> -<th>description</th> -</tr> -</thead> -<tbody> -<tr> -<td>P</td> -<td>project</td> -</tr> -<tr> -<td>C</td> -<td>component</td> -</tr> -<tr> -<td>R</td> -<td>release</td> -</tr> -<tr> -<td>V</td> -<td>vendor</td> -</tr> -<tr> -<td>L</td> -<td>license</td> -</tr> -</tbody> -</table> -<h2 id="technical-info">Technical Info</h2> -<p>The role access rules are put into <code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> there are implementing classes of a template class <code>DocumentPermissions</code>. As an example, <code>ProjectPermissions</code> extends abstract class <code>DocumentPermissions</code>.</p> -<p>At run time, a permissions object consisting of a document and a user is created: In <code>PermissionUtils</code> (same package) there is a static method <code>makePermissions&lt;T&gt;()</code> that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.</p> -<p>Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of <code>PermissionUtils</code> for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the <code>lib-datahandler</code> library.</p> -<h2 id="further-plans">Further plans</h2> -<ol> -<li> -<p>Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: <a href="https://github.com/siemens/sw360portal/issues/106">Issue #106</a></p> -</li> -<li> -<p><a href="https://github.com/siemens/sw360portal/issues/101">Issue #101</a> for</p> -</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>download OSS sources</td> -<td>-</td> -<td>-</td> -<td>-</td> -<td>R</td> -<td>R</td> -<td>R</td> -</tr> -<tr> -<td>download internal sources</td> -<td>R</td> -<td>R</td> -<td>R</td> -<td>-</td> -<td>-</td> -<td>R</td> -</tr> -</tbody> -</table> -<ol start="3"> -<li><a href="https://github.com/siemens/sw360portal/issues/102">Issue #102</a> for</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>send to clearing</td> -<td>-</td> -<td>P</td> -<td>P</td> -<td>-</td> -<td>-</td> -<td>PCRL</td> -</tr> -</tbody> -</table> -<ol start="4"> -<li><a href="https://github.com/siemens/sw360portal/issues/103">Issue #103</a> for</li> -</ol> -<table> -<thead> -<tr> -<th></th> -<th>contributor</th> -<th>moderator</th> -<th>creator</th> -<th>user</th> -<th>clearing admin</th> -<th>admin</th> -</tr> -</thead> -<tbody> -<tr> -<td>edit clearing report</td> -<td>-</td> -<td>R</td> -<td>R</td> -<td>-</td> -<td>R?</td> -<td>PCRL</td> -</tr> -</tbody> -</table> - - - - - - Docs: Semantic Commits - https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ - - - - <h2 id="the-reason-and-benefit-of-semantic-commit-messages">The reason and benefit of semantic commit messages</h2> -<ul> -<li>automatic generating of the changelog</li> -<li>simple navigation through git history (e.g. ignoring style changes)</li> -</ul> -<h2 id="semantic-commit-message-structure">Semantic commit message structure</h2> -<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> -<h2 id="the-following-types-are-supported">The following <types> are supported</h2> -<ul> -<li>feat (new feature for the user, not a new feature for build script)</li> -<li>fix (bug fix for the user, not a fix to a build script)</li> -<li>docs (changes to the documentation)</li> -<li>style (formatting, missing semi colons, etc; no production code change)</li> -<li>refactor (refactoring production code, eg. renaming a variable)</li> -<li>test (adding missing tests, refactoring tests; no production code change)</li> -<li>chore (updating grunt tasks etc; no production code change)</li> -</ul> -<p>Example <scope> values:</p> -<ul> -<li>ui (user interface)</li> -<li>rest (REST API)</li> -<li>thrift (apache thrift services)</li> -<li>project (project portlet)</li> -<li>component (component portlet)</li> -<li>user (user portlet)</li> -<li>etc.</li> -</ul> -<h2 id="example-of-semantic-commit-message">Example of semantic commit message</h2> -<p><code>fix(rest): change maven plugin order to generate the documentation correctly</code></p> -<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> -<h2 id="referencing-issues">Referencing issues</h2> -<p>Please reference in the pull request to the open issue</p> -<p><code>closes eclipse/sw360#&lt;issue-number&gt;</code></p> -<p><code>closes eclipse/sw360#758</code></p> - - - - - - Docs: Testing Frameworks - https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ - - - - <p>The implementation of complicated rules is not always easy to read. +</pre> +<p>or even better: use vagrant.</p> +<h3 id="3-create-and-push-the-tag">3. Create and push the tag</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn scm:tag +</span></span></code></pre></div><p>This creates the tag and <strong>pushes it to github</strong>.</p> +<h3 id="4-write-the-new-incremented-snapshot-version-into-the-poms">4. Write the new incremented SNAPSHOT-version into the poms</h3> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>$ mvn versions:set -DnewVersion<span style="color:#555">=</span>&lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt; +</span></span><span style="display:flex;"><span>$ git add pom.xml <span style="color:#c30;font-weight:bold">\*\*</span>/pom.xml +</span></span><span style="display:flex;"><span>$ git commit -m <span style="color:#c30">&#34;set version to &lt;b&gt;1.3.0-SNAPSHOT&lt;/b&gt;&#34;</span> +</span></span><span style="display:flex;"><span>$ git push origin master +</span></span></code></pre></div><p>&ndash; +⁽¹⁾ based on: <a href="https://axelfontaine.com/blog/final-nail.html">https://axelfontaine.com/blog/final-nail.html</a></p>Docs: Roles and Authorizationhttps://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ +<p>Like any other system, SW360 allows for setting different levels of access for different users. Technically, the decision when user should be able to see or to do something happens (generally) on the backend server. This ensures consistency between the REST API and the portal application.</p> +<p>For setting roles of a user, the Liferay control panel is being used (Admin menu -&gt; Control Panel -&gt; Users and Organisations -&gt; Users -&gt; select one user and Edit -&gt; Roles). Setting access at individual records happens in the edit view of that record.</p> +<h2 id="roles-overview">Roles Overview</h2> +<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> +<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> +<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> +<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> +<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. This role can change data from other groups, limited by visibility setting of a project.</p> +<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> +<p>The clearing admin can change all component and release records and project records of the same group. This can be seen as group administrator.</p> +<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> +<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> +<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> +<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> +<h4 id="user">User</h4> +<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> +<h3 id="moderation-requests">Moderation Requests</h3> +<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> +<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> +<ol> +<li><strong>creator</strong> - a creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item</li> +<li><strong>moderator</strong> - a creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> +<li><strong>contributor</strong> (Component) - is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). +In contrast, the contributor cannot delete data items.</li> +<li><strong>project responsible</strong> (Project) - is a contributor, just named differently to identify the responsible person.</li> +<li><strong>lead architect</strong> (Project) - is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> +<li><strong>contact</strong> (Release) - deprecated, should be renamed to contributor see #100.</li> +</ol> +<p><code>group (department)</code>, <code>contributor</code>, <code>moderator</code> and <code>owner</code> roles are entity specific, <code>user</code>, <code>clearing admin</code> and <code>admin</code> are roles assigned to a user.</p> +<h3 id="additional-project-visibility">Additional Project Visibility</h3> +<p>In addition to the roles mentioned above, each project has a separate visibility setting (technically an attribute of the project document). There are four project visibility levels:</p> +<ol> +<li>Private - no one but the creator can read.</li> +<li>Me and moderators - involves all moderators and contributors, basically all names that are named among the attributes (lead architect, project responsible, contributors)</li> +<li>Department / business unit (should be renamed) - refer to the group the users are in.</li> +<li>Public - all registered users of the liferay / sw360 application (login required).</li> +</ol> +<p>The access rules are implemented in<code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> this is implemented in <code>ProjectPermissions</code>. See methods <code>isVisible</code> and <code>userIsEquivalentToModeratorinProject()</code> for the actual rules.</p> +<h3 id="overall-access-matrix">Overall Access Matrix</h3> +<p>The following table presents the SW360 Role-Authorisation-Model.</p> +<p>The row specifies which action to take, the column the role of the actor. Cell entries specify which entity type can be acted upon.</p> +<table> +<thead> +<tr> +<th></th> +<th>creator</th> +<th>moderator</th> +<th>contributor</th> +<th>user</th> +<th>clearing admin</th> +<th>(sw360)admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>create</td> +<td>-</td> +<td>-</td> +<td>-</td> +<td>PCRV</td> +<td>PCRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>read</td> +<td>P</td> +<td>P</td> +<td>P</td> +<td>(P²)CRVL</td> +<td>(P²)CRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>edit</td> +<td>PCR</td> +<td>PCR</td> +<td>PCR</td> +<td>(all created ones)</td> +<td>PCRVL</td> +<td>PCRVL</td> +</tr> +<tr> +<td>delete</td> +<td>PCR</td> +<td>PCR</td> +<td>-</td> +<td>(all created ones)</td> +<td>L</td> +<td>PCRVL</td> +</tr> +</tbody> +</table> +<p>P² : only if the user is member of the group of the project (or has created the project)</p> +<p>Note that ECC Admins and Security Admins have only the ability to write ECC and security data respectively at given records. However, as for the other access rights this role does not enhance anything above users.</p> +<h4 id="legend">Legend</h4> +<table> +<thead> +<tr> +<th>acronym</th> +<th>description</th> +</tr> +</thead> +<tbody> +<tr> +<td>P</td> +<td>project</td> +</tr> +<tr> +<td>C</td> +<td>component</td> +</tr> +<tr> +<td>R</td> +<td>release</td> +</tr> +<tr> +<td>V</td> +<td>vendor</td> +</tr> +<tr> +<td>L</td> +<td>license</td> +</tr> +</tbody> +</table> +<h2 id="technical-info">Technical Info</h2> +<p>The role access rules are put into <code>lib-datahandler</code>. In the package, <code>com.siemens.sw360.datahandler.permissions</code> there are implementing classes of a template class <code>DocumentPermissions</code>. As an example, <code>ProjectPermissions</code> extends abstract class <code>DocumentPermissions</code>.</p> +<p>At run time, a permissions object consisting of a document and a user is created: In <code>PermissionUtils</code> (same package) there is a static method <code>makePermissions&lt;T&gt;()</code> that creates a permissions object. The received permissions object instance can be asked if a particular operation is allowed.</p> +<p>Note that the general application of these permission operations runs in the backend (Thrift services). An application in the front end of <code>PermissionUtils</code> for example, is for displaying buttons depending on the user main role (user, clearing admin or admin). Then the portlet makes plain use of the <code>lib-datahandler</code> library.</p> +<h2 id="further-plans">Further plans</h2> +<ol> +<li> +<p>Actually, creating stuff should be checked in lib-datahandler, starting with creation of licenses,which should ot be permitted to users: <a href="https://github.com/siemens/sw360portal/issues/106">Issue #106</a></p> +</li> +<li> +<p><a href="https://github.com/siemens/sw360portal/issues/101">Issue #101</a> for</p> +</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>download OSS sources</td> +<td>-</td> +<td>-</td> +<td>-</td> +<td>R</td> +<td>R</td> +<td>R</td> +</tr> +<tr> +<td>download internal sources</td> +<td>R</td> +<td>R</td> +<td>R</td> +<td>-</td> +<td>-</td> +<td>R</td> +</tr> +</tbody> +</table> +<ol start="3"> +<li><a href="https://github.com/siemens/sw360portal/issues/102">Issue #102</a> for</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>send to clearing</td> +<td>-</td> +<td>P</td> +<td>P</td> +<td>-</td> +<td>-</td> +<td>PCRL</td> +</tr> +</tbody> +</table> +<ol start="4"> +<li><a href="https://github.com/siemens/sw360portal/issues/103">Issue #103</a> for</li> +</ol> +<table> +<thead> +<tr> +<th></th> +<th>contributor</th> +<th>moderator</th> +<th>creator</th> +<th>user</th> +<th>clearing admin</th> +<th>admin</th> +</tr> +</thead> +<tbody> +<tr> +<td>edit clearing report</td> +<td>-</td> +<td>R</td> +<td>R</td> +<td>-</td> +<td>R?</td> +<td>PCRL</td> +</tr> +</tbody> +</table>Docs: Semantic Commitshttps://www.eclipse.org/sw360/docs/development/dev-semantic-commits/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ +<h2 id="the-reason-and-benefit-of-semantic-commit-messages">The reason and benefit of semantic commit messages</h2> +<ul> +<li>automatic generating of the changelog</li> +<li>simple navigation through git history (e.g. ignoring style changes)</li> +</ul> +<h2 id="semantic-commit-message-structure">Semantic commit message structure</h2> +<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> +<h2 id="the-following-types-are-supported">The following <types> are supported</h2> +<ul> +<li>feat (new feature for the user, not a new feature for build script)</li> +<li>fix (bug fix for the user, not a fix to a build script)</li> +<li>docs (changes to the documentation)</li> +<li>style (formatting, missing semi colons, etc; no production code change)</li> +<li>refactor (refactoring production code, eg. renaming a variable)</li> +<li>test (adding missing tests, refactoring tests; no production code change)</li> +<li>chore (updating grunt tasks etc; no production code change)</li> +</ul> +<p>Example <scope> values:</p> +<ul> +<li>ui (user interface)</li> +<li>rest (REST API)</li> +<li>thrift (apache thrift services)</li> +<li>project (project portlet)</li> +<li>component (component portlet)</li> +<li>user (user portlet)</li> +<li>etc.</li> +</ul> +<h2 id="example-of-semantic-commit-message">Example of semantic commit message</h2> +<p><code>fix(rest): change maven plugin order to generate the documentation correctly</code></p> +<p><code>&lt;type&gt;(&lt;scope&gt;): &lt;commit message&gt;</code></p> +<h2 id="referencing-issues">Referencing issues</h2> +<p>Please reference in the pull request to the open issue</p> +<p><code>closes eclipse/sw360#&lt;issue-number&gt;</code></p> +<p><code>closes eclipse/sw360#758</code></p>Docs: Testing Frameworkshttps://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ +<p>The implementation of complicated rules is not always easy to read. A good way to document and explain the behaviour of rule engines are natural language tests. -A frame work we use for that is <a href="http://jgiven.org/">jgiven</a>. -We write the tests using the [dataprovider] (<a href="https://github.com/TNG/junit-dataprovider">https://github.com/TNG/junit-dataprovider</a>) runner. -This is basically a runner that allows to use parametrized tests.</p> -<p>The basic testing frame work is still <a href="http://junit.org/">JUnit4</a>, assertions are made using <a href="https://code.google.com/p/hamcrest/wiki/Tutorial">hamcrest</a> and we mock complicated input classes with <a href="http://mockito.org/">mockito</a>.</p> - - - - - - Docs: Troubleshooting - https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ - - - - <h3 id="development-problems-building-sw360portal-with-maven">Development: problems building sw360portal with maven?</h3> -<p>Before building the sw360portal with maven, ensure that the following components are installed in the development environment:</p> -<ul> -<li>A git client</li> -<li>Apache Maven 3.0.X</li> -<li>Apache Thrift 0.9.3</li> -<li>Java 1.8.X</li> -<li>CouchDB, at least 1.5 (only if the tests will be executed locally)</li> -</ul> -<h3 id="development-problems-using-eclipse">Development: problems using Eclipse?</h3> -<p>Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. -Recommended is IntelliJ IDEA or NetBeans.</p> -<h3 id="liferay-problems-with-displaying-changes-to-page">Liferay: problems with displaying changes to page?</h3> -<p>When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>js_fast_load=0&amp;css_fast_load=0&amp;strip=0 -</span></span></code></pre></div><h3 id="liferay-where-are-the-initial-admin-user-settings">Liferay: where are the initial admin user settings?</h3> -<p>It is the file <code>portal-ext.properties</code> in sw360/opt.</p> -<h3 id="maven-build-generally-fails">Maven: build generally fails</h3> -<p>You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either &ldquo;mvn install&rdquo; on top level or inside build configuration.</p> -<h4 id="backend-problems-with-company-proxy">Backend: problems with company proxy?</h4> -<p>maybe try instead:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>/opt/apache-tomcat-/bin/startup.sh -</span></span></code></pre></div><p>just this:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;-Dhttps.proxy...&#34; /opt/apache-tomcat-/bin/startup.sh -</span></span></code></pre></div><p>for lucene it might be necessary to add:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>[httpd_global_handlers] -</span></span><span style="display:flex;"><span>_fti = {couch_httpd_proxy, handle_proxy_req, &lt;&lt;&#34;http://127.0.0.1:8085/couchdblucene&#34;&gt;&gt;} -</span></span></code></pre></div><p>in lucene.ini of local.d of your CouchDB installation</p> -<h4 id="backend-are-thrift-services-up">Backend: are thrift services up?</h4> -<ol> -<li>Check tomcat manager (if the services are there)</li> -<li>Check if the service is accessible: -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components -</span></span></code></pre></div>Should return &ldquo;Welcome to &hellip;&rdquo;.</li> -<li>Check if the service thrift page is there: -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components/thrift -</span></span></code></pre></div>Should return HTTP status code 500, because in the browser, no valid thrift message was formed.</li> -</ol> -<h4 id="backend-orgektorpdbaccessexception">Backend: org.ektorp.DbAccessException</h4> -<p>What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field &ldquo;_id&rdquo;</p> -<p>You add the class you have been trying to serialize to +A frame work we use for that is <a href="http://jgiven.org/">jgiven</a>. +We write the tests using the [dataprovider] (<a href="https://github.com/TNG/junit-dataprovider">https://github.com/TNG/junit-dataprovider</a>) runner. +This is basically a runner that allows to use parametrized tests.</p> +<p>The basic testing frame work is still <a href="http://junit.org/">JUnit4</a>, assertions are made using <a href="https://code.google.com/p/hamcrest/wiki/Tutorial">hamcrest</a> and we mock complicated input classes with <a href="http://mockito.org/">mockito</a>.</p>Docs: Troubleshootinghttps://www.eclipse.org/sw360/docs/development/dev-troubleshooting/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ +<h3 id="development-problems-building-sw360portal-with-maven">Development: problems building sw360portal with maven?</h3> +<p>Before building the sw360portal with maven, ensure that the following components are installed in the development environment:</p> +<ul> +<li>A git client</li> +<li>Apache Maven 3.0.X</li> +<li>Apache Thrift 0.9.3</li> +<li>Java 1.8.X</li> +<li>CouchDB, at least 1.5 (only if the tests will be executed locally)</li> +</ul> +<h3 id="development-problems-using-eclipse">Development: problems using Eclipse?</h3> +<p>Please do not use Eclipse, because the integration of Apache Thrift is an open issue and we found no plugin for Eclipse to solve the shown compiler errors. +Recommended is IntelliJ IDEA or NetBeans.</p> +<h3 id="liferay-problems-with-displaying-changes-to-page">Liferay: problems with displaying changes to page?</h3> +<p>When developing changes to a page and these changes do not show in browser - even after redeployment, then the internal liferay optimisation mechanisms may kick in. Try to add to the URL string the following key value parameters:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>js_fast_load=0&amp;css_fast_load=0&amp;strip=0 +</span></span></code></pre></div><h3 id="liferay-where-are-the-initial-admin-user-settings">Liferay: where are the initial admin user settings?</h3> +<p>It is the file <code>portal-ext.properties</code> in sw360/opt.</p> +<h3 id="maven-build-generally-fails">Maven: build generally fails</h3> +<p>You just try to compile parts or all of it and it fails? Most of the stuff depends on the module /build-configuration. Execute either &ldquo;mvn install&rdquo; on top level or inside build configuration.</p> +<h4 id="backend-problems-with-company-proxy">Backend: problems with company proxy?</h4> +<p>maybe try instead:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>/opt/apache-tomcat-/bin/startup.sh +</span></span></code></pre></div><p>just this:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;-Dhttps.proxy...&#34; /opt/apache-tomcat-/bin/startup.sh +</span></span></code></pre></div><p>for lucene it might be necessary to add:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>[httpd_global_handlers] +</span></span><span style="display:flex;"><span>_fti = {couch_httpd_proxy, handle_proxy_req, &lt;&lt;&#34;http://127.0.0.1:8085/couchdblucene&#34;&gt;&gt;} +</span></span></code></pre></div><p>in lucene.ini of local.d of your CouchDB installation</p> +<h4 id="backend-are-thrift-services-up">Backend: are thrift services up?</h4> +<ol> +<li>Check tomcat manager (if the services are there)</li> +<li>Check if the service is accessible: +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components +</span></span></code></pre></div>Should return &ldquo;Welcome to &hellip;&rdquo;.</li> +<li>Check if the service thrift page is there: +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://your.url.to.server.com:8085/components/thrift +</span></span></code></pre></div>Should return HTTP status code 500, because in the browser, no valid thrift message was formed.</li> +</ol> +<h4 id="backend-orgektorpdbaccessexception">Backend: org.ektorp.DbAccessException</h4> +<p>What do I do if I get: org.ektorp.DbAccessException: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field &ldquo;_id&rdquo;</p> +<p>You add the class you have been trying to serialize to THRIFT_CLASSES in -sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java</p> -<h4 id="backend-maven-failed-tomcat7-deploy">Backend: maven failed tomcat7 deploy</h4> -<p>If the deployment via maven of the backend does fail with an error like this</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2302/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2102/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2064/17930 KB -</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses -</span></span><span style="display:flex;"><span>2064/17930 KB -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Reactor Summary: -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend ........................................... SUCCESS <span style="color:#555">[</span>2.579s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-src ....................................... SUCCESS <span style="color:#555">[</span>0.058s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-licenses ...................................... SUCCESS <span style="color:#555">[</span>10.544s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-users ......................................... SUCCESS <span style="color:#555">[</span>1.485s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-vendors ....................................... SUCCESS <span style="color:#555">[</span>6.929s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-search ........................................ SUCCESS <span style="color:#555">[</span>5.837s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-components .................................... SUCCESS <span style="color:#555">[</span>19.439s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-projects ...................................... SUCCESS <span style="color:#555">[</span>14.280s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-attachments ................................... SUCCESS <span style="color:#555">[</span>6.188s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-moderation .................................... SUCCESS <span style="color:#555">[</span>1.169s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-fossology ..................................... SUCCESS <span style="color:#555">[</span>6.259s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-svc ....................................... SUCCESS <span style="color:#555">[</span>0.038s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-licenses ...................................... FAILURE <span style="color:#555">[</span>3.630s<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-users ......................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-vendors ....................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-search ........................................ SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-components .................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-projects ...................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-attachments ................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-moderation .................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-fossology ..................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-utils ..................................... SKIPPED -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> BUILD FAILURE -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Total time: 1:19.836s -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Finished at: Mon May <span style="color:#f60">04</span> 15:57:46 CEST <span style="color:#f60">2015</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Final Memory: 24M/311M -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy <span style="color:#555">(</span>default-cli<span style="color:#555">)</span> on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -&gt; <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> To see the full stack trace of the errors, re-run Maven with the -e switch. -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Re-run Maven using the -X switch to <span style="color:#366">enable</span> full debug logging. -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> For more information about the errors and possible solutions, please <span style="color:#366">read</span> the following articles: -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> After correcting the problems, you can resume the build with the <span style="color:#366">command</span> -</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> mvn &lt;goals&gt; -rf :svc-licenses -</span></span><span style="display:flex;"><span>voyager:backend sam$ -</span></span></code></pre></div><p>One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a <code>mvn tomcat7:redeploy</code> command.</p> -<h4 id="deployment-liferay-not-accessible">Deployment: liferay not accessible</h4> -<p>If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>/opt/apache-tomcat-.../bin/.startup.sh -</span></span><span style="display:flex;"><span>/opt/liferay-.../tomcat-.../bin/.startup.sh -</span></span></code></pre></div> - - - - - Docs: User Management Roles - https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ - - - - <p>Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;</p> -<ul> -<li>The creator of the record</li> -<li>The moderators for a record</li> -<li>The clearing admins of the same group in SW360.</li> -</ul> -<p>Then, the proposed changes can be approved by them.</p> -<h2 id="general-sw360-roles-and-access">General SW360 Roles and Access</h2> -<p>There are two main types of roles. The first type are general roles on the system that apply in the default case:</p> -<ol> -<li><strong>User</strong> - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.</li> -<li><strong>Clearing Expert</strong> - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.</li> -<li><strong>Clearing Admin</strong> - A clearing admin has the rights to work on the projects of the own group and to edit licenses.</li> -<li><strong>ECC Admin</strong> - The only users who can edit (or approve as moderation request) ECC classifications.</li> -<li><strong>Secuirty Admin</strong> - The only users to edit relevance for security vulnerabilities.</li> -<li><strong>SW360 Admin</strong> - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.</li> -</ol> -<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> -<ol> -<li><strong>Creator</strong> - A creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item.</li> -<li><strong>Moderator</strong> - A creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> -<li><strong>Contributor</strong> (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.</li> -<li><strong>Project Owner</strong> - A user who owns the project.</li> -<li><strong>Lead Architect</strong> (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> -<li><strong>Project Responsible</strong> (Project) - Is a contributor, just named differently to identify the responsible person.</li> -<li><strong>Security Responsible</strong> - Users responsible for the security of the project.</li> -</ol> - - - - - - Docs: Using RequireJS fro Javascript Modules - https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ - - - - <p>Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.</p> -<h1 id="goal">Goal</h1> -<p>We want to use RequireJS (<a href="http://requirejs.org/">http://requirejs.org/</a>) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:</p> -<ul> -<li>libraries like jquery or datatables can be imported by name but without a specified version</li> -<li>if necessary, specific versions can be imported for parts of the page</li> -<li>it is very easy to only load needed dependencies</li> -<li>good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.</li> -</ul> -<h1 id="how-to-use---example">How to use - example</h1> -<p>There is a new jspf-file to be included in jsps to enable RequireJS support:</p> -<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; -</code></pre> -<p>When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:</p> -<pre><code>require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { - // code goes here, libraries can be used through the variables $, quickfilter and confirm - // Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object +sw360/src/libraries/lib-datahandler/src/main/java/com/siemens/sw360/datahandler/thrift/ThriftUtils.java</p> +<h4 id="backend-maven-failed-tomcat7-deploy">Backend: maven failed tomcat7 deploy</h4> +<p>If the deployment via maven of the backend does fail with an error like this</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2302/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2102/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2064/17930 KB +</span></span><span style="display:flex;"><span>Uploading: http://localhost:8085/manager/text/deploy?path<span style="color:#555">=</span>%2Flicenses +</span></span><span style="display:flex;"><span>2064/17930 KB +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Reactor Summary: +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend ........................................... SUCCESS <span style="color:#555">[</span>2.579s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-src ....................................... SUCCESS <span style="color:#555">[</span>0.058s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-licenses ...................................... SUCCESS <span style="color:#555">[</span>10.544s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-users ......................................... SUCCESS <span style="color:#555">[</span>1.485s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-vendors ....................................... SUCCESS <span style="color:#555">[</span>6.929s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-search ........................................ SUCCESS <span style="color:#555">[</span>5.837s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-components .................................... SUCCESS <span style="color:#555">[</span>19.439s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-projects ...................................... SUCCESS <span style="color:#555">[</span>14.280s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-attachments ................................... SUCCESS <span style="color:#555">[</span>6.188s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-moderation .................................... SUCCESS <span style="color:#555">[</span>1.169s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> src-fossology ..................................... SUCCESS <span style="color:#555">[</span>6.259s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-svc ....................................... SUCCESS <span style="color:#555">[</span>0.038s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-licenses ...................................... FAILURE <span style="color:#555">[</span>3.630s<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-users ......................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-vendors ....................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-search ........................................ SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-components .................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-projects ...................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-attachments ................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-moderation .................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> svc-fossology ..................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> backend-utils ..................................... SKIPPED +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> BUILD FAILURE +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Total time: 1:19.836s +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Finished at: Mon May <span style="color:#f60">04</span> 15:57:46 CEST <span style="color:#f60">2015</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> Final Memory: 24M/311M +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>INFO<span style="color:#555">]</span> ------------------------------------------------------------------------ +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:deploy <span style="color:#555">(</span>default-cli<span style="color:#555">)</span> on project svc-licenses: Cannot invoke Tomcat manager: Broken pipe -&gt; <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> To see the full stack trace of the errors, re-run Maven with the -e switch. +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> Re-run Maven using the -X switch to <span style="color:#366">enable</span> full debug logging. +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> For more information about the errors and possible solutions, please <span style="color:#366">read</span> the following articles: +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> <span style="color:#555">[</span>Help 1<span style="color:#555">]</span> http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> After correcting the problems, you can resume the build with the <span style="color:#366">command</span> +</span></span><span style="display:flex;"><span><span style="color:#555">[</span>ERROR<span style="color:#555">]</span> mvn &lt;goals&gt; -rf :svc-licenses +</span></span><span style="display:flex;"><span>voyager:backend sam$ +</span></span></code></pre></div><p>One solution is that you deployed already and the tomcat7 plugin does not like to have multiple deploy commands. Instead you will need to issue a <code>mvn tomcat7:redeploy</code> command.</p> +<h4 id="deployment-liferay-not-accessible">Deployment: liferay not accessible</h4> +<p>If the virtual machine was shut down and started up again, the backend services and frontend liferay require manual restart. Please contribute a change in the vagrant deployment if you feel that this could be changed. The actual places to call are:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>/opt/apache-tomcat-.../bin/.startup.sh +</span></span><span style="display:flex;"><span>/opt/liferay-.../tomcat-.../bin/.startup.sh +</span></span></code></pre></div>Docs: User Management Roleshttps://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ +<p>Every user can create records and edit own created records. However, to change records of others, approval is required. Approval in SW360 is a so called moderation request. A moderation request is a set of proposed changed not applied to record immediately, but will be routed to;</p> +<ul> +<li>The creator of the record</li> +<li>The moderators for a record</li> +<li>The clearing admins of the same group in SW360.</li> +</ul> +<p>Then, the proposed changes can be approved by them.</p> +<h2 id="general-sw360-roles-and-access">General SW360 Roles and Access</h2> +<p>There are two main types of roles. The first type are general roles on the system that apply in the default case:</p> +<ol> +<li><strong>User</strong> - A user is the default, in order to apply modifications, a user can pose moderation requests, except for the data items that a user has created.</li> +<li><strong>Clearing Expert</strong> - Member of the clearing team. Has the rights to work on the projects of the own group and to edit licenses. Can also work on clearing requests.</li> +<li><strong>Clearing Admin</strong> - A clearing admin has the rights to work on the projects of the own group and to edit licenses.</li> +<li><strong>ECC Admin</strong> - The only users who can edit (or approve as moderation request) ECC classifications.</li> +<li><strong>Secuirty Admin</strong> - The only users to edit relevance for security vulnerabilities.</li> +<li><strong>SW360 Admin</strong> - An admin has full rights on all (visible!) data items. Can elevate permissions of other users.</li> +</ol> +<p>In addition there are ACL-style roles, meaning that per data item access settings can be made:</p> +<ol> +<li><strong>Creator</strong> - A creator can modify in addition to the user&rsquo;s read abilities, a user can be creator of a data item.</li> +<li><strong>Moderator</strong> - A creator can define moderators for a data item. Moderators can change a data item as a creator can.</li> +<li><strong>Contributor</strong> (Component) - Is a contributor to a component, project, similar (but not the same) to a moderator. In addition to moderator, this role has been added to identify contributors (or that contributors get the fame). In contrast, the contributor cannot delete data items.</li> +<li><strong>Project Owner</strong> - A user who owns the project.</li> +<li><strong>Lead Architect</strong> (Project) - Is a contributor, just named differently to identify the responsible person. an architect refers to the person who has that role of the project or product. This role has been added to identify architects to have a contact person for technical questions.</li> +<li><strong>Project Responsible</strong> (Project) - Is a contributor, just named differently to identify the responsible person.</li> +<li><strong>Security Responsible</strong> - Users responsible for the security of the project.</li> +</ol>Docs: Using RequireJS fro Javascript Moduleshttps://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ +<p>Today most of the javascript code runs in the global namespace. This increases the risk of overwriting symbols in the global namespace due to different libraries and snippets.</p> +<h1 id="goal">Goal</h1> +<p>We want to use RequireJS (<a href="http://requirejs.org/">http://requirejs.org/</a>) to modularize our code and to have clear namespaces for each component. In addition some of the code may be reused more easily. Other advantages:</p> +<ul> +<li>libraries like jquery or datatables can be imported by name but without a specified version</li> +<li>if necessary, specific versions can be imported for parts of the page</li> +<li>it is very easy to only load needed dependencies</li> +<li>good support of webjars due to webjars-locator. Webjars a are automatically accessible through RequireJS.</li> +</ul> +<h1 id="how-to-use---example">How to use - example</h1> +<p>There is a new jspf-file to be included in jsps to enable RequireJS support:</p> +<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; +</code></pre> +<p>When RequireJS is enabled with the above include, all libraries can be accessed and code can be scoped:</p> +<pre><code>require(['jquery', 'module/quickfilter', 'module/confirm', /* jquery-plugins: */ 'datatables', 'jquery-ui'], function($, quickfilter, confirm) { +// code goes here, libraries can be used through the variables $, quickfilter and confirm +// Note: jquery-plugins does not have to be bound to variables since they directly register themselves in the jquery object }); -</code></pre> -<p><strong>NOTE/WARNING</strong>: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:</p> -<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; +</code></pre> +<p><strong>NOTE/WARNING</strong>: since not all code is using RequireJS at the moment it is highly recommended to include RequireJS just before the script tag using it. DO NOT include it at the beginning of the file! Therefore use the following pattern:</p> +<pre><code>&lt;%@ include file=&quot;/html/utils/includes/requirejs.jspf&quot; %&gt; &lt;script&gt; - require(['jquery'], function($) { - // js stuff - }); +require(['jquery'], function($) { +// js stuff +}); &lt;/script&gt; -</code></pre> -<p><strong>Explanation</strong>: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.</p> -<h1 id="migration">Migration</h1> -<h2 id="migrate-a-jsp">Migrate a JSP</h2> -<p>To migrate a JSP to use RequireJS the following steps have to be done:</p> -<ol> -<li>Enable RequireJS support by including <code>requirejs.jspf</code>. Do it JUST before the script tag with the main code (see NOTE above).</li> -<li>Enclose the existing code in a <code>require</code>-function (<strong>Attention:</strong> Also read &ldquo;Co-existence with AUI().use()&rdquo; below)</li> -<li>Remove existing <code>script</code>-tags that loads the javascript files &ldquo;manually&rdquo;</li> -<li>Rewrite code that access functions inside the new <code>require</code>-function from outside (e.g. click handlers, see below)</li> -</ol> -<h2 id="co-existence-with-auiuse">Co-existence with AUI().use()</h2> -<p>If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call <code>require</code> inside. Otherwise the code may not be executed correclty if the &lsquo;Drag&amp;Drop&rsquo; error occurs to early during page loading:</p> -<pre><code>AUI().use('liferay-portlet-url', function () { - require(['jquery', 'module/quickfilter') { - // AUI and require modules loaded and available - }); +</code></pre> +<p><strong>Explanation</strong>: some the the jQuery-plugins are already module safe. This means the look if something like RequireJS is available and - if this is the case - register themselves as anonymous modules. If someone in some include in the page loads such a plugin via script plugin it may happen that the plugins registers itself twice as an anonymous module which causes errors in RequireJS. Loading RequireJS after all script tags will prevent this and ensure that every plugin is only registered once.</p> +<h1 id="migration">Migration</h1> +<h2 id="migrate-a-jsp">Migrate a JSP</h2> +<p>To migrate a JSP to use RequireJS the following steps have to be done:</p> +<ol> +<li>Enable RequireJS support by including <code>requirejs.jspf</code>. Do it JUST before the script tag with the main code (see NOTE above).</li> +<li>Enclose the existing code in a <code>require</code>-function (<strong>Attention:</strong> Also read &ldquo;Co-existence with AUI().use()&rdquo; below)</li> +<li>Remove existing <code>script</code>-tags that loads the javascript files &ldquo;manually&rdquo;</li> +<li>Rewrite code that access functions inside the new <code>require</code>-function from outside (e.g. click handlers, see below)</li> +</ol> +<h2 id="co-existence-with-auiuse">Co-existence with AUI().use()</h2> +<p>If you need to use AUI().use() in your code, e.g. to grab the PortletURL object, you have to call this function first and call <code>require</code> inside. Otherwise the code may not be executed correclty if the &lsquo;Drag&amp;Drop&rsquo; error occurs to early during page loading:</p> +<pre><code>AUI().use('liferay-portlet-url', function () { +require(['jquery', 'module/quickfilter') { +// AUI and require modules loaded and available +}); +}); +</code></pre> +<h2 id="migrate-click-handlers">Migrate click-handlers</h2> +<p>Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:</p> +<pre><code>$('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) +</code></pre> +<p>This click handler is added inside the RequireJS-scope where the function <code>exportSpreadsheet</code> is defined. +You may also attach handler for distinct elements in each row of a table:</p> +<pre><code>$('#componentsTable').on('click.components', 'img.delete', function(event) { +// do stuff +}); +</code></pre> +<h2 id="make-a-module-out-of-a-jspf-include">Make a module out of a jspf-include</h2> +<p>There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:</p> +<ol> +<li> +<p>Move the javascript code to an own file. Place it below the &lsquo;html/js&rsquo;-folder, following the same structure as the jspf-file. If the jspf-file is <code>html/components/includes/vendors/addVendor.jspf</code> place the javascript code in the file <code>js/components/includes/vendors/addVendor.js</code>.</p> +</li> +<li> +<p>Enclose the code in a define statement to define a new module:</p> +<pre><code> define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { +// define module code +}); +</code></pre> +</li> +</ol> +<p>In order to use the new module include the jspf-file and load the js-code via RequireJS:</p> +<pre><code>&lt;%@ include &quot;html/components/includes/vendors/addVendor.jspf&quot; %&gt; +require(['components/includes/vendors/addVendor'], function(addVendor) { +// use addVendor }); -</code></pre> -<h2 id="migrate-click-handlers">Migrate click-handlers</h2> -<p>Since none of the defined functions remains in the global scope click handlers defined in the attributes of a tag would no longer work. Use jQuery to attach a click handler instead:</p> -<pre><code>$('#exportSpreadsheetButton').on('click.components', exportSpreadsheet) -</code></pre> -<p>This click handler is added inside the RequireJS-scope where the function <code>exportSpreadsheet</code> is defined. -You may also attach handler for distinct elements in each row of a table:</p> -<pre><code>$('#componentsTable').on('click.components', 'img.delete', function(event) { - // do stuff +</code></pre> +<h2 id="make-a-module-out-of-a-javascript-file-or-function">Make a module out of a javascript file or function</h2> +<p>There are several javascript files and functions below `/html/js&rsquo;. They can be make compatible to RequireJS as follows:</p> +<ol> +<li> +<p>Create a new file inside <code>/html/js/component</code> with a proper name that describes the functionality for the new component</p> +</li> +<li> +<p>Define the module and point to the legacy function, e.g.</p> +<pre><code> define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { +return { +confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ +}; }); -</code></pre> -<h2 id="make-a-module-out-of-a-jspf-include">Make a module out of a jspf-include</h2> -<p>There are many jspf-includes which contain html as well as javascript code. They should be converted as followed:</p> -<ol> -<li> -<p>Move the javascript code to an own file. Place it below the &lsquo;html/js&rsquo;-folder, following the same structure as the jspf-file. If the jspf-file is <code>html/components/includes/vendors/addVendor.jspf</code> place the javascript code in the file <code>js/components/includes/vendors/addVendor.js</code>.</p> -</li> -<li> -<p>Enclose the code in a define statement to define a new module:</p> -<pre><code> define('components/includes/vendors/addVendor', [ /* dependencies */ ], function() { - // define module code - }); -</code></pre> -</li> -</ol> -<p>In order to use the new module include the jspf-file and load the js-code via RequireJS:</p> -<pre><code>&lt;%@ include &quot;html/components/includes/vendors/addVendor.jspf&quot; %&gt; - -require(['components/includes/vendors/addVendor'], function(addVendor) { - // use addVendor +</code></pre> +</li> +<li> +<p>Afterwards the module can be loaded using the name <code>component/confirm</code>, e.g.</p> +<pre><code> require(['module/confirm'], function(confirm) { +confirm.confirmDeletion(/*...*/); }); -</code></pre> -<h2 id="make-a-module-out-of-a-javascript-file-or-function">Make a module out of a javascript file or function</h2> -<p>There are several javascript files and functions below `/html/js&rsquo;. They can be make compatible to RequireJS as follows:</p> -<ol> -<li> -<p>Create a new file inside <code>/html/js/component</code> with a proper name that describes the functionality for the new component</p> -</li> -<li> -<p>Define the module and point to the legacy function, e.g.</p> -<pre><code> define('module/confirm', ['jquery', /* jquery-plugins: */ 'jquery-confirm', /* legacy code */ 'main' ], function($) { - return { - confirmDeletion: deleteConfirmed /* pointer to legacy method in main.js */ - }; - }); -</code></pre> -</li> -<li> -<p>Afterwards the module can be loaded using the name <code>component/confirm</code>, e.g.</p> -<pre><code> require(['module/confirm'], function(confirm) { - confirm.confirmDeletion(/*...*/); - }); -</code></pre> -</li> -</ol> -<p><strong>Note</strong> The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. -<strong>Note</strong> You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.</p> - - - - - - Docs: CVE-Search Scheduling - https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ - - - - <p>SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.</p> -<p>In what follows the synchronization between SW360 and the external CVE provider is described.</p> -<p><code>CveSearch-updates</code> can either be scheduled automatically when launching the <code>schedule-service</code> (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an <code>SW360 admin</code>. -It is automatically scheduled with the start of the scheduling service, if in the <code>/resources/sw360.properties</code> file of the <code>schedule-service</code> in the backend, <code>cvesearchService</code> is mentioned in the <code>autostart</code>-property:</p> -<p><code>autostart = cvesearchService</code></p> -<p>According to the default settings, cveSearch is <em>not</em> auto-started with the scheduling service.</p> -<p>For manually scheduling the CVE search service, open the <code>Schedule Portlet</code> of the <code>Admin</code> menu. Note that the <code>Admin</code> menu is only visible to <code>SW360 admins</code>.</p> -<p><img src="./images/UCAdminScheduling/01_adminMenu.png" alt=""></p> -<p>In the <code>Schedule Portlet</code> of the <code>Admin</code> menu, a user with <code>admin</code> rights can turn on or off automatic updates of the cve-search service manually. -In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the <code>Schedule CveSearch Updates</code>-button is inactive, whereas the <code>Cancel Scheduled CveSearch Updates</code>-button is active and vice versa:</p> -<p><img src="./images/UCAdminScheduling/scheduleAdminPortlet.png" alt=""></p> -<p>The <code>offset</code> (first run of the update) and the <code>interval</code> between updates can also be adjusted in the <code>/resources/sw360.properties</code> file of the <code>src-schedule</code> service. -The corresponding properties are <code>schedule.cvesearch.firstOffset.seconds</code> and <code>schedule.cvesearch.interval.seconds</code>. -The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. -The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> -<p><code>schedule.cvesearch.firstOffset.seconds = 0</code></p> -<p><code>schedule.cvesearch.interval.seconds = 86400</code></p> -<p>With automatic scheduling the next synchronization moment according to the <code>offset</code> and the <code>interval</code> is computed. This will be the first moment when a <code>cveSearch-update</code> is run. -There is nothing like an <code>initial run</code> when autostarting of manually scheduling the <code>CveSearch-updates</code>. -Moreover, the configuration, i.e. <code>offset</code>, <code>interval</code> and <code>next synchronization</code> (where the latter is a consequence of <code>offset</code> and <code> interval</code>) are shown in the portlet:</p> -<p><img src="./images/UCAdminScheduling/scheduleAdminPortletProperties.png" alt=""></p> -<h2 id="setup-of-a-local-instance">Setup of a local instance</h2> -<p>It is recommended to set up and use a local instance instead of the public cve-search instance. -The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.</p> - - - - - - Docs: Enumerations - https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ - - - - <p>SW360 thrift API is comprised of the following methods:</p> -<ul> -<li>attachments</li> -<li>codescoop</li> -<li>components</li> -<li>cvesearch</li> -<li>fossology</li> -<li>importstatus</li> -<li>licenseinfo</li> -<li>licenses</li> -<li>moderation</li> -<li>projectimport</li> -<li>projects</li> -<li>schedule</li> -<li>search</li> -<li>sw360</li> -<li>users</li> -<li>vendors</li> -<li>vulnerabilities</li> -</ul> -<p>Reference: <a href="https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift">https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift</a></p> -<h2 id="attachments">Attachments</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift</a></p> -<h3 id="attachmenttype">AttachmentType</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>DOCUMENT</td> -<td>justa document</td> -</tr> -<tr> -<td>SOURCE</td> -<td>original course code</td> -</tr> -<tr> -<td>DESIGN</td> -<td>design document</td> -</tr> -<tr> -<td>REQUIREMENT</td> -<td>requirements document</td> -</tr> -<tr> -<td>CLEARING_REPORT</td> -<td>OSS licensing reporting</td> -</tr> -<tr> -<td>COMPONENT_LICENSE_INFO_XML</td> -<td>XML document with licenseing information - e.g. SPDX</td> -</tr> -<tr> -<td>COMPONENT_LICENSE_INFO_COMBINED</td> -<td>XML document with licensing information covering multiple componnts at once - e.g. SPDX</td> -</tr> -<tr> -<td>SCAN_RESULT_REPORT</td> -<td>Output what a scanner for licenses has found</td> -</tr> -<tr> -<td>SCAN_RESULT_REPORT_XML</td> -<td>Output what a scanner for licenses has found this time in XML</td> -</tr> -<tr> -<td>SOURCE_SELF</td> -<td>Self assembled source code distribution</td> -</tr> -<tr> -<td>BINARY</td> -<td>Binary of component from vendor</td> -</tr> -<tr> -<td>BINARY_SELF</td> -<td>Self built binary</td> -</tr> -<tr> -<td>DECISION_REPORT</td> -<td>documenting importing decisions for using this item</td> -</tr> -<tr> -<td>LEGAL_EVALUATION</td> -<td>Some legal evaluation created for this item</td> -</tr> -<tr> -<td>LICENSE_AGREEMENT</td> -<td>A ruling license agreement for this item, note that this could be for commercial software for example</td> -</tr> -<tr> -<td>SCREENSHOT</td> -<td>Screenshot, usually screenshot of the Website with licensing information</td> -</tr> -<tr> -<td>OTHER</td> -<td>anything that dos not match to the given above</td> -</tr> -</tbody> -</table> -<h3 id="checkstatus">CheckStatus</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>NOTCHECKED</td> -<td>Default value after upload.</td> -</tr> -<tr> -<td>ACCEPTED</td> -<td>Reviewed and confirmed attachment.</td> -</tr> -<tr> -<td>REJECTED</td> -<td>Document or attachment cannot be used.</td> -</tr> -</tbody> -</table> -<h2 id="codescoop-thrift-file">CodeScoop Thrift File</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift</a></p> -<h2 id="components">Components</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift</a></p> -<h2 id="cvesearch">cvesearch</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift</a></p> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>NEW</td> -<td>&hellip;</td> -</tr> -<tr> -<td>UPDATED</td> -<td>New information for a notification message, so it is updated</td> -</tr> -<tr> -<td>OLD</td> -<td>&hellip;</td> -</tr> -<tr> -<td>FAILED</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="fossology">Fossology</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="importstatus">Importstatus</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="license-info">License Info</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h3 id="licenseinforequeststatus">LicenseInfoRequestStatus</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>SUCCESS</td> -<td>&hellip;</td> -</tr> -<tr> -<td>NO_APPLICABLE_SOURCE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>FAILURE</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h3 id="outputformatvariant">OutputFormatVariant</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>REPORT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>DISCLOSURE</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="licenses">Licenses</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="moderation">Moderation</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift</a></p> -<h3 id="documenttype">DocumentType</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>COMPONENT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>RELEASE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>PROJECT</td> -<td>&hellip;</td> -</tr> -<tr> -<td>LICENSE</td> -<td>&hellip;</td> -</tr> -<tr> -<td>USER</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="project-import">Project Import</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="projects">Projects</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift</a></p> -<h3 id="project-state">Project State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>ACTIVE</td> -<td><em>well</em></td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td><em>well</em></td> -</tr> -<tr> -<td>UNKNOWN</td> -<td><em>well</em></td> -</tr> -</tbody> -</table> -<h3 id="project-type">Project Type</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>CUSTOMER</td> -<td>Project that delivers artifacts to customer outside organisation</td> -</tr> -<tr> -<td>INTERNAL</td> -<td>Project that provides artifacts or service for internal use</td> -</tr> -<tr> -<td>PRODUCT</td> -<td>Just that it is a product instead of a project</td> -</tr> -<tr> -<td>SERVICE</td> -<td>Project that provides services to customer outside organisation</td> -</tr> -<tr> -<td>INNER_SOURCE</td> -<td>Inner source project, meaning that everyone inside org can use it</td> -</tr> -</tbody> -</table> -<h3 id="project-relationship">Project Relationship</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>UNKNOWN</td> -<td><em>unknown</em></td> -</tr> -<tr> -<td>REFERRED</td> -<td>Sister project</td> -</tr> -<tr> -<td>CONTAINED</td> -<td>Sub project</td> -</tr> -<tr> -<td>DUPLICATE</td> -<td><em>duplicate</em></td> -</tr> -</tbody> -</table> -<h3 id="project-clearing-state">Project Clearing State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>not started</td> -</tr> -<tr> -<td>IN_PROGRESS</td> -<td>&hellip;</td> -</tr> -<tr> -<td>CLOSED</td> -<td>&hellip;</td> -</tr> -</tbody> -</table> -<h2 id="schedule">Schedule</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="search">Search</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="general-sw360-thrift">General SW360 Thrift</h2> -<h3 id="software-mainline-states">Software Mainline States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>Not decided so far</td> -</tr> -<tr> -<td>MAINLINE</td> -<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> -</tr> -<tr> -<td>SPECIFIC</td> -<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td>The software has issues, please consider removing it soon, if in use.</td> -</tr> -<tr> -<td>DENIED</td> -<td>Software which is not allowed for use. For example, software that does not have licensing.</td> -</tr> -</tbody> -</table> -<h2 id="general-sw360-thrift-1">General SW360 Thrift</h2> -<h3 id="software-mainline-states-1">Software Mainline States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description.</th> -</tr> -</thead> -<tbody> -<tr> -<td>OPEN</td> -<td>Not decided so far</td> -</tr> -<tr> -<td>MAINLINE</td> -<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> -</tr> -<tr> -<td>SPECIFIC</td> -<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> -</tr> -<tr> -<td>PHASE_OUT</td> -<td>The software has issues, please consider removing it soon, if in use.</td> -</tr> -<tr> -<td>DENIED</td> -<td>Software which is not allowed for use. For example, software that does not have licensing.</td> -</tr> -</tbody> -</table> -<h3 id="moderation-states">Moderation States</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>PENDING</td> -<td>Not opened so far.</td> -</tr> -<tr> -<td>APPROVED</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.</td> -</tr> -<tr> -<td>REJECTED</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.</td> -</tr> -<tr> -<td>INPROGRESS</td> -<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.</td> -</tr> -</tbody> -</table> -<h3 id="visibility">Visibility</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>PRIVATE</td> -<td>Only visible by creator (and admin which applies to all visibility levels).</td> -</tr> -<tr> -<td>ME_AND_MODERATORS</td> -<td>Visible by creator and moderators.</td> -</tr> -<tr> -<td>BUISNESSUNIT_AND_MODERATORS</td> -<td>All users of the same group and the moderators.</td> -</tr> -<tr> -<td>EVERYONE</td> -<td>Every user who is logged into the system.</td> -</tr> -</tbody> -</table> -<h3 id="verification-state">Verification State</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>NOT_CHECKED</td> -<td>No one has yet looked at this and verified it.</td> -</tr> -<tr> -<td>CHECKED</td> -<td>It is verified.</td> -</tr> -<tr> -<td>INCORRECT</td> -<td>It was decided that the verification should be rejected.</td> -</tr> -</tbody> -</table> -<h3 id="release-relationship">Release Relationship</h3> -<table> -<thead> -<tr> -<th>Value</th> -<th>Description</th> -<th>Clearing releav nt</th> -</tr> -</thead> -<tbody> -<tr> -<td>CONTAINED</td> -<td>If you just do not know whether it is dynamically linked.</td> -<td>Yes</td> -</tr> -<tr> -<td>REFERRED</td> -<td>Referencing a stand alone used other part.</td> -<td>No</td> -</tr> -<tr> -<td>UNKNOWN</td> -<td>If you just do not know.</td> -<td>Yes</td> -</tr> -<tr> -<td>DYNAMICALLY_LINKED</td> -<td>Software dynamically linked - as the name says.</td> -<td>Yes</td> -</tr> -<tr> -<td>STATICALLY_LINKED</td> -<td>Software statically linked - as the name says.</td> -<td>Yes</td> -</tr> -<tr> -<td>SIDE_BY_SIDE</td> -<td>Not decided so far.</td> -<td>Yes</td> -</tr> -<tr> -<td>STANDALONE</td> -<td>Software is given as standalone delivery, ie. not technically connected.</td> -<td>Yes</td> -</tr> -<tr> -<td>INTERNAL_USE</td> -<td>Used for creating or building or ? the product or projects but not delivered.</td> -<td>Yes</td> -</tr> -<tr> -<td>OPTIONAL</td> -<td>Is not mandatory part of the installation.</td> -<td>Yes</td> -</tr> -<tr> -<td>TO_BE_REPLACED</td> -<td>Is there but should be moved out.</td> -<td>Yes</td> -</tr> -</tbody> -</table> -<h2 id="users">Users</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift</a></p> -<h2 id="vendors">Vendors</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift</a></p> -<p><em>No enumerations provided</em></p> -<h2 id="vulnerabilities">Vulnerabilities</h2> -<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift</a></p> -<p><em>No enumerations provided</em></p> - - - - - - Docs: Properties - https://www.eclipse.org/sw360/docs/administrationguide/properties/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/administrationguide/properties/ - - - - <p><strong>Frontend Properties</strong>: All the sw360 frontend properties are mentioned in <a href="https://github.com/eclipse/sw360/blob/master/frontend/sw360-portlet/src/main/resources/sw360.properties">sw360.properties</a> file. +</code></pre> +</li> +</ol> +<p><strong>Note</strong> The legacy function should be moved inside the module as soon as the function is no longer accessed directly but via RequireJS only. +<strong>Note</strong> You can also require legacy javascript files if you need them as dependency as pointed out in the examples above.</p>Docs: CVE-Search Schedulinghttps://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ +<p>SW360 gets vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data. By default SW360 can connect to cve-search [https://www.circl.lu/services/cve-search/] which is either available as an online service [http://cve.circl.lu] or can be installed locally. For security and privacy reasons it is strongly advised to install a local cve-search service.</p> +<p>In what follows the synchronization between SW360 and the external CVE provider is described.</p> +<p><code>CveSearch-updates</code> can either be scheduled automatically when launching the <code>schedule-service</code> (e.g. when re/starting SW360) or it can be scheduled or unscheduled manually by an <code>SW360 admin</code>. +It is automatically scheduled with the start of the scheduling service, if in the <code>/resources/sw360.properties</code> file of the <code>schedule-service</code> in the backend, <code>cvesearchService</code> is mentioned in the <code>autostart</code>-property:</p> +<p><code>autostart = cvesearchService</code></p> +<p>According to the default settings, cveSearch is <em>not</em> auto-started with the scheduling service.</p> +<p>For manually scheduling the CVE search service, open the <code>Schedule Portlet</code> of the <code>Admin</code> menu. Note that the <code>Admin</code> menu is only visible to <code>SW360 admins</code>.</p> +<p><img src="./images/UCAdminScheduling/01_adminMenu.png" alt=""></p> +<p>In the <code>Schedule Portlet</code> of the <code>Admin</code> menu, a user with <code>admin</code> rights can turn on or off automatic updates of the cve-search service manually. +In the UI of the portlet, the admin can see whether or not the CVE-service is scheduled: if the service is scheduled, the <code>Schedule CveSearch Updates</code>-button is inactive, whereas the <code>Cancel Scheduled CveSearch Updates</code>-button is active and vice versa:</p> +<p><img src="./images/UCAdminScheduling/scheduleAdminPortlet.png" alt=""></p> +<p>The <code>offset</code> (first run of the update) and the <code>interval</code> between updates can also be adjusted in the <code>/resources/sw360.properties</code> file of the <code>src-schedule</code> service. +The corresponding properties are <code>schedule.cvesearch.firstOffset.seconds</code> and <code>schedule.cvesearch.interval.seconds</code>. +The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. +The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> +<p><code>schedule.cvesearch.firstOffset.seconds = 0</code></p> +<p><code>schedule.cvesearch.interval.seconds = 86400</code></p> +<p>With automatic scheduling the next synchronization moment according to the <code>offset</code> and the <code>interval</code> is computed. This will be the first moment when a <code>cveSearch-update</code> is run. +There is nothing like an <code>initial run</code> when autostarting of manually scheduling the <code>CveSearch-updates</code>. +Moreover, the configuration, i.e. <code>offset</code>, <code>interval</code> and <code>next synchronization</code> (where the latter is a consequence of <code>offset</code> and <code> interval</code>) are shown in the portlet:</p> +<p><img src="./images/UCAdminScheduling/scheduleAdminPortletProperties.png" alt=""></p> +<h2 id="setup-of-a-local-instance">Setup of a local instance</h2> +<p>It is recommended to set up and use a local instance instead of the public cve-search instance. +The accompanying project sw360-chores contains a Dockerfile that can easily setup this service.</p>Docs: Enumerationshttps://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ +<p>SW360 thrift API is comprised of the following methods:</p> +<ul> +<li>attachments</li> +<li>codescoop</li> +<li>components</li> +<li>cvesearch</li> +<li>fossology</li> +<li>importstatus</li> +<li>licenseinfo</li> +<li>licenses</li> +<li>moderation</li> +<li>projectimport</li> +<li>projects</li> +<li>schedule</li> +<li>search</li> +<li>sw360</li> +<li>users</li> +<li>vendors</li> +<li>vulnerabilities</li> +</ul> +<p>Reference: <a href="https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift">https://github.com/eclipse/sw360/tree/master/libraries/lib-datahandler/src/main/thrift</a></p> +<h2 id="attachments">Attachments</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/attachments.thrift</a></p> +<h3 id="attachmenttype">AttachmentType</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>DOCUMENT</td> +<td>justa document</td> +</tr> +<tr> +<td>SOURCE</td> +<td>original course code</td> +</tr> +<tr> +<td>DESIGN</td> +<td>design document</td> +</tr> +<tr> +<td>REQUIREMENT</td> +<td>requirements document</td> +</tr> +<tr> +<td>CLEARING_REPORT</td> +<td>OSS licensing reporting</td> +</tr> +<tr> +<td>COMPONENT_LICENSE_INFO_XML</td> +<td>XML document with licenseing information - e.g. SPDX</td> +</tr> +<tr> +<td>COMPONENT_LICENSE_INFO_COMBINED</td> +<td>XML document with licensing information covering multiple componnts at once - e.g. SPDX</td> +</tr> +<tr> +<td>SCAN_RESULT_REPORT</td> +<td>Output what a scanner for licenses has found</td> +</tr> +<tr> +<td>SCAN_RESULT_REPORT_XML</td> +<td>Output what a scanner for licenses has found this time in XML</td> +</tr> +<tr> +<td>SOURCE_SELF</td> +<td>Self assembled source code distribution</td> +</tr> +<tr> +<td>BINARY</td> +<td>Binary of component from vendor</td> +</tr> +<tr> +<td>BINARY_SELF</td> +<td>Self built binary</td> +</tr> +<tr> +<td>DECISION_REPORT</td> +<td>documenting importing decisions for using this item</td> +</tr> +<tr> +<td>LEGAL_EVALUATION</td> +<td>Some legal evaluation created for this item</td> +</tr> +<tr> +<td>LICENSE_AGREEMENT</td> +<td>A ruling license agreement for this item, note that this could be for commercial software for example</td> +</tr> +<tr> +<td>SCREENSHOT</td> +<td>Screenshot, usually screenshot of the Website with licensing information</td> +</tr> +<tr> +<td>OTHER</td> +<td>anything that dos not match to the given above</td> +</tr> +</tbody> +</table> +<h3 id="checkstatus">CheckStatus</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>NOTCHECKED</td> +<td>Default value after upload.</td> +</tr> +<tr> +<td>ACCEPTED</td> +<td>Reviewed and confirmed attachment.</td> +</tr> +<tr> +<td>REJECTED</td> +<td>Document or attachment cannot be used.</td> +</tr> +</tbody> +</table> +<h2 id="codescoop-thrift-file">CodeScoop Thrift File</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/codescoop.thrift</a></p> +<h2 id="components">Components</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/components.thrift</a></p> +<h2 id="cvesearch">cvesearch</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/cvesearch.thrift</a></p> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>NEW</td> +<td>&hellip;</td> +</tr> +<tr> +<td>UPDATED</td> +<td>New information for a notification message, so it is updated</td> +</tr> +<tr> +<td>OLD</td> +<td>&hellip;</td> +</tr> +<tr> +<td>FAILED</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="fossology">Fossology</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/fossology.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="importstatus">Importstatus</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/importstatus.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="license-info">License Info</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenseinfo.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h3 id="licenseinforequeststatus">LicenseInfoRequestStatus</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>SUCCESS</td> +<td>&hellip;</td> +</tr> +<tr> +<td>NO_APPLICABLE_SOURCE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>FAILURE</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h3 id="outputformatvariant">OutputFormatVariant</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>REPORT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>DISCLOSURE</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="licenses">Licenses</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/licenses.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="moderation">Moderation</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/moderation.thrift</a></p> +<h3 id="documenttype">DocumentType</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>COMPONENT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>RELEASE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>PROJECT</td> +<td>&hellip;</td> +</tr> +<tr> +<td>LICENSE</td> +<td>&hellip;</td> +</tr> +<tr> +<td>USER</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="project-import">Project Import</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projectimport.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="projects">Projects</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/projects.thrift</a></p> +<h3 id="project-state">Project State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>ACTIVE</td> +<td><em>well</em></td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td><em>well</em></td> +</tr> +<tr> +<td>UNKNOWN</td> +<td><em>well</em></td> +</tr> +</tbody> +</table> +<h3 id="project-type">Project Type</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>CUSTOMER</td> +<td>Project that delivers artifacts to customer outside organisation</td> +</tr> +<tr> +<td>INTERNAL</td> +<td>Project that provides artifacts or service for internal use</td> +</tr> +<tr> +<td>PRODUCT</td> +<td>Just that it is a product instead of a project</td> +</tr> +<tr> +<td>SERVICE</td> +<td>Project that provides services to customer outside organisation</td> +</tr> +<tr> +<td>INNER_SOURCE</td> +<td>Inner source project, meaning that everyone inside org can use it</td> +</tr> +</tbody> +</table> +<h3 id="project-relationship">Project Relationship</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>UNKNOWN</td> +<td><em>unknown</em></td> +</tr> +<tr> +<td>REFERRED</td> +<td>Sister project</td> +</tr> +<tr> +<td>CONTAINED</td> +<td>Sub project</td> +</tr> +<tr> +<td>DUPLICATE</td> +<td><em>duplicate</em></td> +</tr> +</tbody> +</table> +<h3 id="project-clearing-state">Project Clearing State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>not started</td> +</tr> +<tr> +<td>IN_PROGRESS</td> +<td>&hellip;</td> +</tr> +<tr> +<td>CLOSED</td> +<td>&hellip;</td> +</tr> +</tbody> +</table> +<h2 id="schedule">Schedule</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/schedule.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="search">Search</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/search.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="general-sw360-thrift">General SW360 Thrift</h2> +<h3 id="software-mainline-states">Software Mainline States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>Not decided so far</td> +</tr> +<tr> +<td>MAINLINE</td> +<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> +</tr> +<tr> +<td>SPECIFIC</td> +<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td>The software has issues, please consider removing it soon, if in use.</td> +</tr> +<tr> +<td>DENIED</td> +<td>Software which is not allowed for use. For example, software that does not have licensing.</td> +</tr> +</tbody> +</table> +<h2 id="general-sw360-thrift-1">General SW360 Thrift</h2> +<h3 id="software-mainline-states-1">Software Mainline States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description.</th> +</tr> +</thead> +<tbody> +<tr> +<td>OPEN</td> +<td>Not decided so far</td> +</tr> +<tr> +<td>MAINLINE</td> +<td>Organisation or person thinks that use of this software is recommended, which included multiple versions.</td> +</tr> +<tr> +<td>SPECIFIC</td> +<td>The software is not recommended in general, but for special use case or for this particular version it is acceptable.</td> +</tr> +<tr> +<td>PHASE_OUT</td> +<td>The software has issues, please consider removing it soon, if in use.</td> +</tr> +<tr> +<td>DENIED</td> +<td>Software which is not allowed for use. For example, software that does not have licensing.</td> +</tr> +</tbody> +</table> +<h3 id="moderation-states">Moderation States</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>PENDING</td> +<td>Not opened so far.</td> +</tr> +<tr> +<td>APPROVED</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has approved the moderation request. It could be deleted then.</td> +</tr> +<tr> +<td>REJECTED</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has rejected the moderation request.</td> +</tr> +<tr> +<td>INPROGRESS</td> +<td>A person who has received the moderation request (which could be creator of the document, a clearing admin, a moderator, etc.) has opened / viewed the moderation request, but did not decide.</td> +</tr> +</tbody> +</table> +<h3 id="visibility">Visibility</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>PRIVATE</td> +<td>Only visible by creator (and admin which applies to all visibility levels).</td> +</tr> +<tr> +<td>ME_AND_MODERATORS</td> +<td>Visible by creator and moderators.</td> +</tr> +<tr> +<td>BUISNESSUNIT_AND_MODERATORS</td> +<td>All users of the same group and the moderators.</td> +</tr> +<tr> +<td>EVERYONE</td> +<td>Every user who is logged into the system.</td> +</tr> +</tbody> +</table> +<h3 id="verification-state">Verification State</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>NOT_CHECKED</td> +<td>No one has yet looked at this and verified it.</td> +</tr> +<tr> +<td>CHECKED</td> +<td>It is verified.</td> +</tr> +<tr> +<td>INCORRECT</td> +<td>It was decided that the verification should be rejected.</td> +</tr> +</tbody> +</table> +<h3 id="release-relationship">Release Relationship</h3> +<table> +<thead> +<tr> +<th>Value</th> +<th>Description</th> +<th>Clearing releav nt</th> +</tr> +</thead> +<tbody> +<tr> +<td>CONTAINED</td> +<td>If you just do not know whether it is dynamically linked.</td> +<td>Yes</td> +</tr> +<tr> +<td>REFERRED</td> +<td>Referencing a stand alone used other part.</td> +<td>No</td> +</tr> +<tr> +<td>UNKNOWN</td> +<td>If you just do not know.</td> +<td>Yes</td> +</tr> +<tr> +<td>DYNAMICALLY_LINKED</td> +<td>Software dynamically linked - as the name says.</td> +<td>Yes</td> +</tr> +<tr> +<td>STATICALLY_LINKED</td> +<td>Software statically linked - as the name says.</td> +<td>Yes</td> +</tr> +<tr> +<td>SIDE_BY_SIDE</td> +<td>Not decided so far.</td> +<td>Yes</td> +</tr> +<tr> +<td>STANDALONE</td> +<td>Software is given as standalone delivery, ie. not technically connected.</td> +<td>Yes</td> +</tr> +<tr> +<td>INTERNAL_USE</td> +<td>Used for creating or building or ? the product or projects but not delivered.</td> +<td>Yes</td> +</tr> +<tr> +<td>OPTIONAL</td> +<td>Is not mandatory part of the installation.</td> +<td>Yes</td> +</tr> +<tr> +<td>TO_BE_REPLACED</td> +<td>Is there but should be moved out.</td> +<td>Yes</td> +</tr> +</tbody> +</table> +<h2 id="users">Users</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/users.thrift</a></p> +<h2 id="vendors">Vendors</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vendors.thrift</a></p> +<p><em>No enumerations provided</em></p> +<h2 id="vulnerabilities">Vulnerabilities</h2> +<p><a href="https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift">https://github.com/eclipse/sw360/blob/master/libraries/lib-datahandler/src/main/thrift/vulnerabilities.thrift</a></p> +<p><em>No enumerations provided</em></p>Docs: Propertieshttps://www.eclipse.org/sw360/docs/administrationguide/properties/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/administrationguide/properties/ +<p><strong>Frontend Properties</strong>: All the sw360 frontend properties are mentioned in <a href="https://github.com/eclipse/sw360/blob/master/frontend/sw360-portlet/src/main/resources/sw360.properties">sw360.properties</a> file. For example; -<a href="https://github.com/eclipse/sw360/wiki/">https://github.com/eclipse/sw360/wiki/</a></p> -<ul> -<li> -<p>Different categories for components,</p> -<p>component.categories=[ &ldquo;framework&rdquo;, &ldquo;SDK&rdquo;, &ldquo;big-data&rdquo;, &ldquo;build-management&rdquo;, &ldquo;cloud&rdquo;, &ldquo;content&rdquo;, &ldquo;database&rdquo;, &ldquo;graphics&rdquo;, &ldquo;http&rdquo;, &ldquo;javaee&rdquo;, &ldquo;library&rdquo;, &ldquo;mail&rdquo;, &ldquo;mobile&rdquo;, &ldquo;network-client&rdquo;, &ldquo;network-server&rdquo;, &ldquo;osgi&rdquo;, &ldquo;security&rdquo;, &ldquo;testing&rdquo;, &ldquo;virtual-machine&rdquo;, &ldquo;web-framework&rdquo;, &ldquo;xml&rdquo;]</p> -</li> -<li> -<p>Dropdown for project type,</p> -<p>project.type=[ &ldquo;Customer Project&rdquo;, &ldquo;Internal Project&rdquo;, &ldquo;Product&rdquo;, &ldquo;Service&rdquo;, &ldquo;Inner Source&rdquo; ]</p> -</li> -<li> -<p>API Token generation,</p> -<p>rest.apitoken.generator.enable=false</p> -</li> -<li> -<p>Activation of portlets and components</p> -</li> -</ul> -<p><strong>Backend Properties</strong>: This, <a href="https://github.com/eclipse/sw360/blob/master/backend/src-common/src/main/resources/sw360.properties">sw360.properties</a> file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.</p> -<p>You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.</p> - - - - - - Docs: Workflows - https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ - - - - <p>This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.</p> -<h3 id="create-component-and-release">Create Component and Release</h3> -<p>So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.</p> -<p>Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.</p> -<p>The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png"/> -</figure> - -<h3 id="create-a-project">Create a Project</h3> -<p>A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term &lsquo;project&rsquo; is used also for subsuming the term &lsquo;product&rsquo;.</p> -<p>As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.</p> -<p>In the diagram, the &ldquo;clearing process&rdquo; is mentioned, because the clearing process affects the software components of a project. The main approach is the following:</p> -<ul> -<li>A project responsible sets up a project with used releases.</li> -<li>For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.</li> -<li>Once analyses for all releases are complete, the &ldquo;clearing process&rdquo; is finished for this project.</li> -</ul> -<p>A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:</p> -<ul> -<li>Visibility level</li> -<li>Project contacts</li> -<li>Important Dates for the project</li> -</ul> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-add-project.png"/> -</figure> - -<h3 id="moderation">Moderation</h3> -<p>The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):</p> -<ul> -<li>The creator of a document (document is a project entry, a release entry etc)</li> -<li>Admins</li> -<li>Clearing admins</li> -<li>Moderators of this document</li> -<li>Other special roles, such as project responsible</li> -</ul> -<p>Please see the page <a href="https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/" title="Dev Role">about the Role Authorization Model</a> for more information.</p> -<p>If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:</p> -<ul> -<li>The creator of a document (document is a project entry, a release entry etc)</li> -<li>Admins</li> -<li>Clearing admins</li> -<li>Moderators of this document</li> -</ul> -<p>The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-moderation.png"/> -</figure> - - - - - - - Docs: SW360 User Frequently Asked Questions - https://www.eclipse.org/sw360/docs/userguide/faq/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/faq/ - - - - <h5 id="q-who-should-be-listed-as-moderator"><strong>Q</strong>: Who should be listed as Moderator?</h5> -<p><strong>A</strong>: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role &lsquo;Software Clearing Site Representative&rsquo;.</p> -<h5 id="q-who-should-be-listed-as-contributor"><strong>Q</strong>: Who should be listed as Contributor?</h5> -<p><strong>A</strong>: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.</p> -<h5 id="q-i-have-changed-a-project-component-release-or-attachment-but-sw360-does-not-show-the-changes"><strong>Q</strong>: I have changed a project, component, release or attachment, but SW360 does not show the changes?</h5> -<p><strong>A</strong>: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called &lsquo;Moderation Request&rsquo; is generated. A Moderator needs to approve your changes. Go to the Home view an check the box &lsquo;My Task Submissions&rsquo;, the project, component, or release should be listed there.</p> -<h5 id="q-what-should-i-enter-in-the-field-visibility"><strong>Q</strong>: What should I enter in the field &lsquo;Visibility&rsquo;.</h5> -<p><strong>A</strong>: Visibility controls which group of people is allowed to see a project. The default setting is &lsquo;Everyone&rsquo;, i.e. everyone within an organisation can see the project and all its releases.</p> -<h5 id="q-how-can-i-change-the-clearing-state-of-a-release"><strong>Q</strong>: How can I change the &lsquo;Clearing State&rsquo; of a release?</h5> -<p><strong>A</strong>: There is no direct way to do it. If there is no clearing report available, the clearing state will be &lsquo;New&rsquo;. If a clearing report available it will be &lsquo;Clearing report available&rsquo;. If at least one clearing report has been approved, the clearing state will be &lsquo;Approved&rsquo;.</p> -<h5 id="q-i-cant-find-a-specific-release-inside-my-project--what-can-i-do"><strong>Q</strong>: I can&rsquo;t find a specific release inside my project – what can I do?</h5> -<p><strong>A</strong>: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.</p> -<h5 id="q-i-cant-delete-my-component-called-toms-test-component"><strong>Q</strong>: I can&rsquo;t delete my component called &lsquo;Tom&rsquo;s Test Component&rsquo;.</h5> -<p><strong>A</strong>: Do not use special characters like single or double quotes. To be able to delete such a component or release you&rsquo;ll first have to rename it…</p> -<h5 id="q-what-is-copyleft-effect"><strong>Q</strong>: What is Copyleft Effect?</h5> -<p><strong>A</strong>: <strong>Copyleft</strong> effect is the reverse idea of <strong>copyright</strong>. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that <strong>modified software</strong> must also be free and becomes available to the community.</p> -<h5 id="q-different-classification-of-the-open-source-licenses"><strong>Q</strong>: Different Classification of the Open Source Licenses.</h5> -<p><strong>A</strong>: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:</p> -<table> -<thead> -<tr> -<th></th> -<th>License Class</th> -<th>License Name(s)</th> -<th>Risks</th> -<th>Obligations</th> -</tr> -</thead> -<tbody> -<tr> -<td><span style="color:white;font-size:2em;">⚫</span></td> -<td><strong>White Licenses</strong></td> -<td>MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)</td> -<td><strong>low risk</strong></td> -<td>Mostly standard obligations: display license text, display copyrights</td> -</tr> -<tr> -<td><span style="color:yellow;font-size:2em;">⚫</span></td> -<td><strong>Yellow Licenses</strong></td> -<td>CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL</td> -<td><strong>medium risk</strong> - because of non-standard obligtions in some cases</td> -<td>Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses</td> -</tr> -<tr> -<td><span style="color:red;font-size:2em;">⚫</span></td> -<td><strong>Red Licenses</strong></td> -<td>GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL</td> -<td><strong>check before use</strong> some special obligation which might be not in line with your lans</td> -<td>Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used</td> -</tr> -<tr> -<td><span style="color:red;font-size:2em;">⚫</span></td> -<td><strong>Red Licenses</strong></td> -<td>SleepyCat, Aladdin Free Public License; Berkeley DB licenses</td> -<td><strong>really check before use</strong> because of nearly unlimited copy left effect</td> -<td>Before thinking about components licensed under these license, get in contact with your software licensing experts!</td> -</tr> -</tbody> -</table> - - - - - - Docs: Naming a Component - https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ - - - - <p><strong>The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.</strong></p> -<h2 id="usage-and-handling-of-components">Usage and Handling of Components</h2> -<ul> -<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> -<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> -<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> -</ul> -<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> -<ul> -<li>Duplicate entries need to be removed</li> -<li>Separating vendor from components names and release tags brings clarity to component naming</li> -<li>Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation</li> -<li>Having the clear modelling of data enables better search and filtering abilities of the component catalogue.</li> -</ul> -<h2 id="checklist">Checklist</h2> -<ul> -<li>Does the component already exist on SW360 (think about possible different names)?</li> -<li>What is the name of the component homepage?</li> -<li>What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!</li> -<li>How is component called on repositories like Maven, NuGet, etc.?</li> -<li>Take care: use the name and not the id!</li> -<li>Search SW360 for the component repository id.</li> -<li>Search SW360 for all possible name variations.</li> -<li>Ask your local software clearing expert for help.</li> -</ul> -<h2 id="naming-a-component---special-cases">Naming a Component - Special Cases</h2> -<h3 id="net-component-from-github">.Net Component from GitHub</h3> -<p><img src="SW360_NamingaComponentimage/draft_30.png" alt="draft_30"> In some case it is difficult to determine the real name of a component, like for example <em>Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)</em>. In these cases it might be the best way to use that package name as specified on Nuget, in this case <strong>Microsoft.EntityFrameworkCore</strong>.</p> -<h3 id="java-components">Java Components</h3> -<p>The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.</p> -<p>Examples:</p> -<ul> -<li>&lsquo;Spring Framework&rsquo; (from project home page <a href="https://spring.io/projects"><span style="color:red">↗</span> https://spring.io/projects</a> or also from source code repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a>)</li> -<li>&lsquo;Spring Data Redis&rsquo; (from project home page <a href="https://spring.io/projects/spring-data"><span style="color:red">↗</span> https://spring.io/projects/spring-data</a> or also from source code repository <a href="https://github.com/spring-projects/spring-data-redis"><span style="color:red">↗</span> https://github.com/spring-projects/spring-data-redis</a>)</li> -<li>&lsquo;Thymeleaf&rsquo; (from project home page <a href="https://www.thymeleaf.org/"><span style="color:red">↗</span> https://www.thymeleaf.org/</a>; source code repository <a href="https://github.com/thymeleaf/thymeleaf"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf</a>)</li> -<li>&lsquo;Thymeleaf Spring 5 Integration&rsquo; (from project home page <a href="https://www.thymeleaf.org/download.html"><span style="color:red">↗</span> https://www.thymeleaf.org/download.html</a> or source code repository page <a href="https://github.com/thymeleaf/thymeleaf-spring"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf-spring</a> → <a href="https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5"><span style="color:red">↗</span> thymeleaf-spring5</a></li> -<li>&lsquo;Commons Codec&rsquo; (from project home page <a href="https://commons.apache.org/proper/commons-codec/"><span style="color:red">↗</span> https://commons.apache.org/proper/commons-codec/</a> or source code repository page <a href="https://github.com/apache/commons-codec"><span style="color:red">↗</span> https://github.com/apache/commons-codec</a>) [or better &lsquo;Apache Commons Codec&rsquo;? But &lsquo;Apache&rsquo; is already the vendor&rsquo;]</li> -</ul> -<p>Do not use jar names or Gradle/Maven artifactIds, like &lsquo;spring-framework&rsquo;. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-<version>.jar (which is only a subset of the Spring Framework)!</p> -<p>Hierarchical Java components:</p> -<p>Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for &lsquo;Spring Framework&rsquo; there is one repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a> with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.</p> -<p>In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like &lsquo;Thymeleaf Spring 5 Integration&rsquo; above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like &lsquo;Thymeleaf Spring Integration&rsquo;) and have seprate releases for the subset (&lsquo;3.0.9.RELEASE Spring 5&rsquo;).</p> -<p>Identifying a (new or existing) SW360 component for a java archive:</p> -<p>Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).</p> -<p><em>Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.</em></p> -<h2 id="component-scope">Component Scope</h2> -<p>We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.</p> -<h3 id="example">Example</h3> -<p>There is a Java component called Logback (<a href="https://logback.qos.ch/"><span style="color:red">↗</span> https://logback.qos.ch/</a>). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In <strong>SW360 there should be only one component Logback!</strong> It is confusing to have also &ldquo;Logback core&rdquo;, &ldquo;logback-core&rdquo;, &ldquo;logback core&rdquo;, &ldquo;logback classic&rdquo; and &ldquo;logback-classic&rdquo;.</p> -<h2 id="naming-a-component--span-stylecolorredbad-examplesspan">Naming a Component – <span style="color:red">Bad Examples</span></h2> -<h3 id="jsonnet">Json.Net</h3> -<p>There is a component that is available on NuGet by the name &lsquo;Json.NET&rsquo; and the id &lsquo;Newtonsoft.Json&rsquo;. On the component homepage <a href="http://www.newtonsoft.com/json"><span style="color:red">↗</span> http://www.newtonsoft.com/json</a> it is called &lsquo;Json.NET&rsquo;.</p> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>14 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>1 x Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET (COTS)&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;NuGet Gallery&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>1 x Vendor = &lsquo;CodePlex&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>4 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Newtonsoft Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -</ul> -<p>The proper identification (Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET&rsquo;) has to be used!</p> -<h3 id="oracle-javabeans-activation-framework">Oracle JavaBeans Activation Framework</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Activation&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaBeans Activation Framework&rsquo;</li> -</ul> -<h3 id="oracle-java-mail">Oracle Java Mail</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Mail&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>5 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>4 x Vendor = &lsquo;Oracle&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo;</li> -</ul> -<h3 id="momentjs">Moment.js</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>7 x Vendor = &lsquo;GitHub&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment JS&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;MomentJS&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment.js&rsquo;</li> -</ul> -<p>Just look on the community homepage: there is the name in bold letters: -Moment.js – consider this name.</p> - - - - - - Docs: Attachment File Types - https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ - - - - <p>SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.</p> -<p>Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.</p> -<p>In summary, the following the types currently are as follows:</p> -<table> -<thead> -<tr> -<th style="text-align:left">Type name</th> -<th style="text-align:left">Functionality</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">SOURCE</td> -<td style="text-align:left">for sending to tools</td> -<td style="text-align:left">Source packages of a release as found on the Internet</td> -</tr> -<tr> -<td style="text-align:left">COMPONENT_LICENSE_INFO_XML</td> -<td style="text-align:left">for project documentation generation</td> -<td style="text-align:left">An XML-based description of the licenses and coprights involved</td> -</tr> -<tr> -<td style="text-align:left">DESIGN</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just nomenclature to name this not document</td> -</tr> -<tr> -<td style="text-align:left">REQUIREMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just a general placeholder for an attachment</td> -</tr> -<tr> -<td style="text-align:left">DOCUMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just a general placeholder for an attachment</td> -</tr> -<tr> -<td style="text-align:left">CLEARING_REPORT</td> -<td style="text-align:left">Setting clearing status</td> -<td style="text-align:left">Reporting information for component license state</td> -</tr> -<tr> -<td style="text-align:left">COMPONENT_LICENSE_INFO_COMBINED</td> -<td style="text-align:left">(should be) for project documentation generation</td> -<td style="text-align:left">Multiple components with component license information</td> -</tr> -<tr> -<td style="text-align:left">SCAN_RESULT_REPORT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just description what scanners found without conclusions</td> -</tr> -<tr> -<td style="text-align:left">SCAN_RESULT_REPORT_XML</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just description what scanners found without conclusions in XML</td> -</tr> -<tr> -<td style="text-align:left">SOURCE_SELF</td> -<td style="text-align:left">(should be) for sending to tools</td> -<td style="text-align:left">Source packages build self, because not available in the Internet</td> -</tr> -<tr> -<td style="text-align:left">BINARY</td> -<td style="text-align:left">future: for sending to tool doing binary analysis</td> -<td style="text-align:left">Binary from the publisher</td> -</tr> -<tr> -<td style="text-align:left">BINARY_SELF</td> -<td style="text-align:left">future: for sending to tool doing binary analysis</td> -<td style="text-align:left">Self built binary</td> -</tr> -<tr> -<td style="text-align:left">DECISION_REPORT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Decision information ref. the component</td> -</tr> -<tr> -<td style="text-align:left">LEGAL_EVALUATION</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Internally created legal evaluation</td> -</tr> -<tr> -<td style="text-align:left">LICENSE_AGREEMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Document describing the license agreement</td> -</tr> -<tr> -<td style="text-align:left">SCREENSHOT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">If licensing information is captured with screenshot</td> -</tr> -<tr> -<td style="text-align:left">OTHER</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">If not document</td> -</tr> -</tbody> -</table> - - - - - - Docs: Record Creation - https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ - - - - <h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> -<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> -<ul> -<li>What is the name of the vendor, the name of the component and what is the release designator?</li> -<li>For the Vendor -<ul> -<li>Does a CPE entry exist? -<ul> -<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> -<li>Use the same writing as found in the CPE dictionary</li> -</ul> -</li> -<li>A CPE does not exist? -<ul> -<li>Who is the copyright holder: an organization? -<ul> -<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> -</ul> -</li> -<li>A person -<ul> -<li>Look at the CPE dictionaries for example</li> -<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> -</ul> -</li> -</ul> -</li> -</ul> -</li> -<li>For a component -<ul> -<li>Again, does a CPE entry exist?</li> -<li>Separate Component name from release designation</li> -</ul> -</li> -<li>For a release -<ul> -<li>Do not repeat the component name</li> -<li>Use the release designation as provided by the software package</li> -<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> -</ul> -</li> -<li>For special cases: -<ul> -<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> -<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> -<li>Consider that leaving items out from a software release is actually a modification</li> -</ul> -</li> -</ul> -<h2 id="how-to-create-vendors">How to Create Vendors</h2> -<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> -<p>There are different cases:</p> -<ol> -<li> -<p>COTS:</p> -<ul> -<li> -<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> -</li> -<li> -<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> -</li> -<li> -<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> -</li> -<li> -<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> -</li> -<li> -<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> -</li> -</ul> -</li> -<li> -<p>Freeware</p> -<ul> -<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> -</ul> -</li> -<li> -<p>OSS:</p> -<ul> -<li> -<p>Community name, e.g. zlib project for zlib.</p> -</li> -<li> -<p>Or the org name of the github orgname or sourceforge group name</p> -</li> -<li> -<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> -</li> -<li> -<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> -</li> -<li> -<p>But eclipse has a github organization anyway, for example</p> -</li> -<li> -<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> -</li> -</ul> -</li> -</ol> -<p>Note that very release has its own vendor. as a consequence:</p> -<ul> -<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> -</ul> -<h2 id="naming-a-vendor">Naming a Vendor</h2> -<p>Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.</p> -<p>Required information:</p> -<ul> -<li><strong>Full name</strong> - The full name of the company, organization or person.</li> -<li><strong>Short name</strong> - A good short name, compatible to CPE (see section 8.3)</li> -<li><strong>URL</strong> - The URL of the organization or a URL where we can get more information about a person.</li> -</ul> -<h3 id="how-to-find-a-good-vendor-name">How to find a (good) vendor name?</h3> -<p>Some guidelines</p> -<ul> -<li>If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that&rsquo;s most probably the right vendor name.</li> -<li>If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that&rsquo;s is the right vendor name.</li> -<li>If there is only a single person developing the component, then this is the vendor.</li> -<li>If there is a GitHub organization name or person name available, use this one.</li> -<li><strong>No vendor names are</strong>: &lsquo;Open Source Software&rsquo;, &lsquo;NuGet Gallery&rsquo;, &lsquo;CodePlex&rsquo;, &lsquo;Codeguru&rsquo;, &lsquo;Stack Overflow&rsquo;, &lsquo;CodeProject&rsquo;, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.</li> -</ul> -<h3 id="examples">Examples</h3> -<h4 id="microsoft">Microsoft</h4> -<p>Full name = Microsoft Corporation</p> -<p>Short name = Microsoft</p> -<p>URL = <a href="https://www.microsoft.com/en-in/"><span style="color:red">↗</span> www.microsoft.com</a></p> -<h4 id="apache">Apache</h4> -<p>Full name = Apache Software Foundation</p> -<p>Short name = Apache</p> -<p>URL = <a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org/</a></p> -<h4 id="constantin-titarenko">Constantin Titarenko</h4> -<p>Full name = Constantin Titarenko</p> -<p>Short name = constantin_titarenko (Note the underscore!)</p> -<p>URL = <a href="https://github.com/titarenko"><span style="color:red">↗</span> https://github.com/titarenko</a></p> -<h2 id="how-to-determine-the-cpe">How to determine the CPE?</h2> -<p>The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.</p> -<h3 id="syntax-of-a-cpe-entry">Syntax of a CPE Entry</h3> -<p>The syntax of a CPE entry is defined as:</p> -<p><code>cpe:&lt;CPE-Version&gt;:&lt;part&gt;:&lt;vendor&gt;:&lt;product&gt;:&lt;version&gt;:&lt;update&gt;:&lt;edition&gt;:&lt;language&gt;</code></p> -<p><strong>CPE-Version</strong> refers to the CPE naming format version. We will always use version 2.3</p> -<p><strong>part</strong> refers to the type of the component (a = application, o = operating system, h =hardware device)</p> -<p><strong>vendor</strong> refers to the vendor or author of the component. Only small letters are allowed.</p> -<p><strong>product</strong> refers to the name of the product. Only small letters are allowed.</p> -<p><strong>version</strong> refers to the version of the product.</p> -<p><strong>update</strong> refers to the updates of this specific version</p> -<p><strong>edition</strong> and <strong>language</strong> can be used to specify more details</p> -<p>Non-existing or unknown party can get replaced by the placeholder &lsquo;*&rsquo;.</p> -<p><strong>Note</strong>: only small letters are allowed. Spaces have to be replaced by underlines &lsquo;_&rsquo;.</p> -<h3 id="examples-1">Examples</h3> -<p><strong>Microsoft .Net Framework, version 1.0 SP2</strong></p> -<p><code>cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*</code></p> -<p><strong>Apache ActiveMQ, version 4.0</strong></p> -<p><code>cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*</code></p> -<p><strong>Apache log4net, version 1.2.9 beta</strong></p> -<p><code>cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*</code></p> -<p><strong>Oracle Java Runtime, version 1.7.0, update 51</strong></p> -<p><code>cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*</code></p> - - - - - - Docs: SW360 Rest API - https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ - - - - <p>The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module <code>rest</code> in the sw360 distribution.</p> -<h1 id="module-structure">Module Structure</h1> -<p>The <code>rest</code> module provides a REST API infrastructure for sw360 including:</p> -<ul> -<li>Module <code>authorization-server</code> - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.</li> -<li>Module <code>resource-server</code> - REST API Gateway, providing access to the data for authenticated and authorized users / clients.</li> -<li>Module <code>rest-common</code> - only library code that is shared between the other rest modules.</li> -</ul> -<p>The REST API implementation uses:</p> -<ul> -<li>Module <code>authorization-server</code> uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.</li> -<li>Module <code>resource-server</code> uses thrift backend services for accessing sw360 data to deliver it to the external clients.</li> -</ul> -<h1 id="api-principles">API Principles</h1> -<h2 id="security-principles">Security Principles</h2> -<p>The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user&rsquo;s name. +<a href="https://github.com/eclipse/sw360/wiki/">https://github.com/eclipse/sw360/wiki/</a></p> +<ul> +<li> +<p>Different categories for components,</p> +<p>component.categories=[ &ldquo;framework&rdquo;, &ldquo;SDK&rdquo;, &ldquo;big-data&rdquo;, &ldquo;build-management&rdquo;, &ldquo;cloud&rdquo;, &ldquo;content&rdquo;, &ldquo;database&rdquo;, &ldquo;graphics&rdquo;, &ldquo;http&rdquo;, &ldquo;javaee&rdquo;, &ldquo;library&rdquo;, &ldquo;mail&rdquo;, &ldquo;mobile&rdquo;, &ldquo;network-client&rdquo;, &ldquo;network-server&rdquo;, &ldquo;osgi&rdquo;, &ldquo;security&rdquo;, &ldquo;testing&rdquo;, &ldquo;virtual-machine&rdquo;, &ldquo;web-framework&rdquo;, &ldquo;xml&rdquo;]</p> +</li> +<li> +<p>Dropdown for project type,</p> +<p>project.type=[ &ldquo;Customer Project&rdquo;, &ldquo;Internal Project&rdquo;, &ldquo;Product&rdquo;, &ldquo;Service&rdquo;, &ldquo;Inner Source&rdquo; ]</p> +</li> +<li> +<p>API Token generation,</p> +<p>rest.apitoken.generator.enable=false</p> +</li> +<li> +<p>Activation of portlets and components</p> +</li> +</ul> +<p><strong>Backend Properties</strong>: This, <a href="https://github.com/eclipse/sw360/blob/master/backend/src-common/src/main/resources/sw360.properties">sw360.properties</a> file contains the sw360 backend properties. This file contains the common properties for the backend services and also holds the setting for the mail utility.</p> +<p>You can change these default values by mentioning it in the sw360.properties file, present in /etc/sw360 folder. This path is to be created by the admin. After changing the properties, server needs to be restarted in order to make the changes effective. If the properties file is not present in the required folder, the default values will be selected.</p>Docs: Workflowshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ +<p>This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.</p> +<h3 id="create-component-and-release">Create Component and Release</h3> +<p>So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.</p> +<p>Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.</p> +<p>The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png"/> +</figure> +<h3 id="create-a-project">Create a Project</h3> +<p>A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term &lsquo;project&rsquo; is used also for subsuming the term &lsquo;product&rsquo;.</p> +<p>As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.</p> +<p>In the diagram, the &ldquo;clearing process&rdquo; is mentioned, because the clearing process affects the software components of a project. The main approach is the following:</p> +<ul> +<li>A project responsible sets up a project with used releases.</li> +<li>For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.</li> +<li>Once analyses for all releases are complete, the &ldquo;clearing process&rdquo; is finished for this project.</li> +</ul> +<p>A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:</p> +<ul> +<li>Visibility level</li> +<li>Project contacts</li> +<li>Important Dates for the project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-add-project.png"/> +</figure> +<h3 id="moderation">Moderation</h3> +<p>The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):</p> +<ul> +<li>The creator of a document (document is a project entry, a release entry etc)</li> +<li>Admins</li> +<li>Clearing admins</li> +<li>Moderators of this document</li> +<li>Other special roles, such as project responsible</li> +</ul> +<p>Please see the page <a href="https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/" title="Dev Role">about the Role Authorization Model</a> for more information.</p> +<p>If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:</p> +<ul> +<li>The creator of a document (document is a project entry, a release entry etc)</li> +<li>Admins</li> +<li>Clearing admins</li> +<li>Moderators of this document</li> +</ul> +<p>The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-moderation.png"/> +</figure>Docs: SW360 User Frequently Asked Questionshttps://www.eclipse.org/sw360/docs/userguide/faq/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/faq/ +<h5 id="q-who-should-be-listed-as-moderator"><strong>Q</strong>: Who should be listed as Moderator?</h5> +<p><strong>A</strong>: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role &lsquo;Software Clearing Site Representative&rsquo;.</p> +<h5 id="q-who-should-be-listed-as-contributor"><strong>Q</strong>: Who should be listed as Contributor?</h5> +<p><strong>A</strong>: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.</p> +<h5 id="q-i-have-changed-a-project-component-release-or-attachment-but-sw360-does-not-show-the-changes"><strong>Q</strong>: I have changed a project, component, release or attachment, but SW360 does not show the changes?</h5> +<p><strong>A</strong>: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called &lsquo;Moderation Request&rsquo; is generated. A Moderator needs to approve your changes. Go to the Home view an check the box &lsquo;My Task Submissions&rsquo;, the project, component, or release should be listed there.</p> +<h5 id="q-what-should-i-enter-in-the-field-visibility"><strong>Q</strong>: What should I enter in the field &lsquo;Visibility&rsquo;.</h5> +<p><strong>A</strong>: Visibility controls which group of people is allowed to see a project. The default setting is &lsquo;Everyone&rsquo;, i.e. everyone within an organisation can see the project and all its releases.</p> +<h5 id="q-how-can-i-change-the-clearing-state-of-a-release"><strong>Q</strong>: How can I change the &lsquo;Clearing State&rsquo; of a release?</h5> +<p><strong>A</strong>: There is no direct way to do it. If there is no clearing report available, the clearing state will be &lsquo;New&rsquo;. If a clearing report available it will be &lsquo;Clearing report available&rsquo;. If at least one clearing report has been approved, the clearing state will be &lsquo;Approved&rsquo;.</p> +<h5 id="q-i-cant-find-a-specific-release-inside-my-project--what-can-i-do"><strong>Q</strong>: I can&rsquo;t find a specific release inside my project – what can I do?</h5> +<p><strong>A</strong>: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.</p> +<h5 id="q-i-cant-delete-my-component-called-toms-test-component"><strong>Q</strong>: I can&rsquo;t delete my component called &lsquo;Tom&rsquo;s Test Component&rsquo;.</h5> +<p><strong>A</strong>: Do not use special characters like single or double quotes. To be able to delete such a component or release you&rsquo;ll first have to rename it…</p> +<h5 id="q-what-is-copyleft-effect"><strong>Q</strong>: What is Copyleft Effect?</h5> +<p><strong>A</strong>: <strong>Copyleft</strong> effect is the reverse idea of <strong>copyright</strong>. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that <strong>modified software</strong> must also be free and becomes available to the community.</p> +<h5 id="q-different-classification-of-the-open-source-licenses"><strong>Q</strong>: Different Classification of the Open Source Licenses.</h5> +<p><strong>A</strong>: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:</p> +<table> +<thead> +<tr> +<th></th> +<th>License Class</th> +<th>License Name(s)</th> +<th>Risks</th> +<th>Obligations</th> +</tr> +</thead> +<tbody> +<tr> +<td><span style="color:white;font-size:2em;">⚫</span></td> +<td><strong>White Licenses</strong></td> +<td>MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)</td> +<td><strong>low risk</strong></td> +<td>Mostly standard obligations: display license text, display copyrights</td> +</tr> +<tr> +<td><span style="color:yellow;font-size:2em;">⚫</span></td> +<td><strong>Yellow Licenses</strong></td> +<td>CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL</td> +<td><strong>medium risk</strong> - because of non-standard obligtions in some cases</td> +<td>Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses</td> +</tr> +<tr> +<td><span style="color:red;font-size:2em;">⚫</span></td> +<td><strong>Red Licenses</strong></td> +<td>GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL</td> +<td><strong>check before use</strong> some special obligation which might be not in line with your lans</td> +<td>Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used</td> +</tr> +<tr> +<td><span style="color:red;font-size:2em;">⚫</span></td> +<td><strong>Red Licenses</strong></td> +<td>SleepyCat, Aladdin Free Public License; Berkeley DB licenses</td> +<td><strong>really check before use</strong> because of nearly unlimited copy left effect</td> +<td>Before thinking about components licensed under these license, get in contact with your software licensing experts!</td> +</tr> +</tbody> +</table>Docs: Naming a Componenthttps://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ +<p><strong>The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.</strong></p> +<h2 id="usage-and-handling-of-components">Usage and Handling of Components</h2> +<ul> +<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> +<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> +<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> +</ul> +<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> +<ul> +<li>Duplicate entries need to be removed</li> +<li>Separating vendor from components names and release tags brings clarity to component naming</li> +<li>Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation</li> +<li>Having the clear modelling of data enables better search and filtering abilities of the component catalogue.</li> +</ul> +<h2 id="checklist">Checklist</h2> +<ul> +<li>Does the component already exist on SW360 (think about possible different names)?</li> +<li>What is the name of the component homepage?</li> +<li>What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!</li> +<li>How is component called on repositories like Maven, NuGet, etc.?</li> +<li>Take care: use the name and not the id!</li> +<li>Search SW360 for the component repository id.</li> +<li>Search SW360 for all possible name variations.</li> +<li>Ask your local software clearing expert for help.</li> +</ul> +<h2 id="naming-a-component---special-cases">Naming a Component - Special Cases</h2> +<h3 id="net-component-from-github">.Net Component from GitHub</h3> +<p><img src="SW360_NamingaComponentimage/draft_30.png" alt="draft_30"> In some case it is difficult to determine the real name of a component, like for example <em>Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)</em>. In these cases it might be the best way to use that package name as specified on Nuget, in this case <strong>Microsoft.EntityFrameworkCore</strong>.</p> +<h3 id="java-components">Java Components</h3> +<p>The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.</p> +<p>Examples:</p> +<ul> +<li>&lsquo;Spring Framework&rsquo; (from project home page <a href="https://spring.io/projects"><span style="color:red">↗</span> https://spring.io/projects</a> or also from source code repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a>)</li> +<li>&lsquo;Spring Data Redis&rsquo; (from project home page <a href="https://spring.io/projects/spring-data"><span style="color:red">↗</span> https://spring.io/projects/spring-data</a> or also from source code repository <a href="https://github.com/spring-projects/spring-data-redis"><span style="color:red">↗</span> https://github.com/spring-projects/spring-data-redis</a>)</li> +<li>&lsquo;Thymeleaf&rsquo; (from project home page <a href="https://www.thymeleaf.org/"><span style="color:red">↗</span> https://www.thymeleaf.org/</a>; source code repository <a href="https://github.com/thymeleaf/thymeleaf"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf</a>)</li> +<li>&lsquo;Thymeleaf Spring 5 Integration&rsquo; (from project home page <a href="https://www.thymeleaf.org/download.html"><span style="color:red">↗</span> https://www.thymeleaf.org/download.html</a> or source code repository page <a href="https://github.com/thymeleaf/thymeleaf-spring"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf-spring</a> → <a href="https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5"><span style="color:red">↗</span> thymeleaf-spring5</a></li> +<li>&lsquo;Commons Codec&rsquo; (from project home page <a href="https://commons.apache.org/proper/commons-codec/"><span style="color:red">↗</span> https://commons.apache.org/proper/commons-codec/</a> or source code repository page <a href="https://github.com/apache/commons-codec"><span style="color:red">↗</span> https://github.com/apache/commons-codec</a>) [or better &lsquo;Apache Commons Codec&rsquo;? But &lsquo;Apache&rsquo; is already the vendor&rsquo;]</li> +</ul> +<p>Do not use jar names or Gradle/Maven artifactIds, like &lsquo;spring-framework&rsquo;. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-<version>.jar (which is only a subset of the Spring Framework)!</p> +<p>Hierarchical Java components:</p> +<p>Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for &lsquo;Spring Framework&rsquo; there is one repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a> with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.</p> +<p>In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like &lsquo;Thymeleaf Spring 5 Integration&rsquo; above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like &lsquo;Thymeleaf Spring Integration&rsquo;) and have seprate releases for the subset (&lsquo;3.0.9.RELEASE Spring 5&rsquo;).</p> +<p>Identifying a (new or existing) SW360 component for a java archive:</p> +<p>Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).</p> +<p><em>Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.</em></p> +<h2 id="component-scope">Component Scope</h2> +<p>We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.</p> +<h3 id="example">Example</h3> +<p>There is a Java component called Logback (<a href="https://logback.qos.ch/"><span style="color:red">↗</span> https://logback.qos.ch/</a>). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In <strong>SW360 there should be only one component Logback!</strong> It is confusing to have also &ldquo;Logback core&rdquo;, &ldquo;logback-core&rdquo;, &ldquo;logback core&rdquo;, &ldquo;logback classic&rdquo; and &ldquo;logback-classic&rdquo;.</p> +<h2 id="naming-a-component--span-stylecolorredbad-examplesspan">Naming a Component – <span style="color:red">Bad Examples</span></h2> +<h3 id="jsonnet">Json.Net</h3> +<p>There is a component that is available on NuGet by the name &lsquo;Json.NET&rsquo; and the id &lsquo;Newtonsoft.Json&rsquo;. On the component homepage <a href="http://www.newtonsoft.com/json"><span style="color:red">↗</span> http://www.newtonsoft.com/json</a> it is called &lsquo;Json.NET&rsquo;.</p> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>14 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>1 x Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET (COTS)&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;NuGet Gallery&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>1 x Vendor = &lsquo;CodePlex&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>4 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Newtonsoft Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +</ul> +<p>The proper identification (Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET&rsquo;) has to be used!</p> +<h3 id="oracle-javabeans-activation-framework">Oracle JavaBeans Activation Framework</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Activation&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaBeans Activation Framework&rsquo;</li> +</ul> +<h3 id="oracle-java-mail">Oracle Java Mail</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Mail&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>5 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>4 x Vendor = &lsquo;Oracle&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo;</li> +</ul> +<h3 id="momentjs">Moment.js</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>7 x Vendor = &lsquo;GitHub&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment JS&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;MomentJS&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment.js&rsquo;</li> +</ul> +<p>Just look on the community homepage: there is the name in bold letters: +Moment.js – consider this name.</p>Docs: Attachment File Typeshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ +<p>SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.</p> +<p>Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.</p> +<p>In summary, the following the types currently are as follows:</p> +<table> +<thead> +<tr> +<th style="text-align:left">Type name</th> +<th style="text-align:left">Functionality</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">SOURCE</td> +<td style="text-align:left">for sending to tools</td> +<td style="text-align:left">Source packages of a release as found on the Internet</td> +</tr> +<tr> +<td style="text-align:left">COMPONENT_LICENSE_INFO_XML</td> +<td style="text-align:left">for project documentation generation</td> +<td style="text-align:left">An XML-based description of the licenses and coprights involved</td> +</tr> +<tr> +<td style="text-align:left">DESIGN</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just nomenclature to name this not document</td> +</tr> +<tr> +<td style="text-align:left">REQUIREMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just a general placeholder for an attachment</td> +</tr> +<tr> +<td style="text-align:left">DOCUMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just a general placeholder for an attachment</td> +</tr> +<tr> +<td style="text-align:left">CLEARING_REPORT</td> +<td style="text-align:left">Setting clearing status</td> +<td style="text-align:left">Reporting information for component license state</td> +</tr> +<tr> +<td style="text-align:left">COMPONENT_LICENSE_INFO_COMBINED</td> +<td style="text-align:left">(should be) for project documentation generation</td> +<td style="text-align:left">Multiple components with component license information</td> +</tr> +<tr> +<td style="text-align:left">SCAN_RESULT_REPORT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just description what scanners found without conclusions</td> +</tr> +<tr> +<td style="text-align:left">SCAN_RESULT_REPORT_XML</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just description what scanners found without conclusions in XML</td> +</tr> +<tr> +<td style="text-align:left">SOURCE_SELF</td> +<td style="text-align:left">(should be) for sending to tools</td> +<td style="text-align:left">Source packages build self, because not available in the Internet</td> +</tr> +<tr> +<td style="text-align:left">BINARY</td> +<td style="text-align:left">future: for sending to tool doing binary analysis</td> +<td style="text-align:left">Binary from the publisher</td> +</tr> +<tr> +<td style="text-align:left">BINARY_SELF</td> +<td style="text-align:left">future: for sending to tool doing binary analysis</td> +<td style="text-align:left">Self built binary</td> +</tr> +<tr> +<td style="text-align:left">DECISION_REPORT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Decision information ref. the component</td> +</tr> +<tr> +<td style="text-align:left">LEGAL_EVALUATION</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Internally created legal evaluation</td> +</tr> +<tr> +<td style="text-align:left">LICENSE_AGREEMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Document describing the license agreement</td> +</tr> +<tr> +<td style="text-align:left">SCREENSHOT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">If licensing information is captured with screenshot</td> +</tr> +<tr> +<td style="text-align:left">OTHER</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">If not document</td> +</tr> +</tbody> +</table>Docs: Record Creationhttps://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ +<h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> +<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> +<ul> +<li>What is the name of the vendor, the name of the component and what is the release designator?</li> +<li>For the Vendor +<ul> +<li>Does a CPE entry exist? +<ul> +<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> +<li>Use the same writing as found in the CPE dictionary</li> +</ul> +</li> +<li>A CPE does not exist? +<ul> +<li>Who is the copyright holder: an organization? +<ul> +<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> +</ul> +</li> +<li>A person +<ul> +<li>Look at the CPE dictionaries for example</li> +<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> +</ul> +</li> +</ul> +</li> +</ul> +</li> +<li>For a component +<ul> +<li>Again, does a CPE entry exist?</li> +<li>Separate Component name from release designation</li> +</ul> +</li> +<li>For a release +<ul> +<li>Do not repeat the component name</li> +<li>Use the release designation as provided by the software package</li> +<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> +</ul> +</li> +<li>For special cases: +<ul> +<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> +<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> +<li>Consider that leaving items out from a software release is actually a modification</li> +</ul> +</li> +</ul> +<h2 id="how-to-create-vendors">How to Create Vendors</h2> +<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> +<p>There are different cases:</p> +<ol> +<li> +<p>COTS:</p> +<ul> +<li> +<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> +</li> +<li> +<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> +</li> +<li> +<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> +</li> +<li> +<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> +</li> +<li> +<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> +</li> +</ul> +</li> +<li> +<p>Freeware</p> +<ul> +<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> +</ul> +</li> +<li> +<p>OSS:</p> +<ul> +<li> +<p>Community name, e.g. zlib project for zlib.</p> +</li> +<li> +<p>Or the org name of the github orgname or sourceforge group name</p> +</li> +<li> +<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> +</li> +<li> +<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> +</li> +<li> +<p>But eclipse has a github organization anyway, for example</p> +</li> +<li> +<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> +</li> +</ul> +</li> +</ol> +<p>Note that very release has its own vendor. as a consequence:</p> +<ul> +<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> +</ul> +<h2 id="naming-a-vendor">Naming a Vendor</h2> +<p>Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.</p> +<p>Required information:</p> +<ul> +<li><strong>Full name</strong> - The full name of the company, organization or person.</li> +<li><strong>Short name</strong> - A good short name, compatible to CPE (see section 8.3)</li> +<li><strong>URL</strong> - The URL of the organization or a URL where we can get more information about a person.</li> +</ul> +<h3 id="how-to-find-a-good-vendor-name">How to find a (good) vendor name?</h3> +<p>Some guidelines</p> +<ul> +<li>If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that&rsquo;s most probably the right vendor name.</li> +<li>If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that&rsquo;s is the right vendor name.</li> +<li>If there is only a single person developing the component, then this is the vendor.</li> +<li>If there is a GitHub organization name or person name available, use this one.</li> +<li><strong>No vendor names are</strong>: &lsquo;Open Source Software&rsquo;, &lsquo;NuGet Gallery&rsquo;, &lsquo;CodePlex&rsquo;, &lsquo;Codeguru&rsquo;, &lsquo;Stack Overflow&rsquo;, &lsquo;CodeProject&rsquo;, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.</li> +</ul> +<h3 id="examples">Examples</h3> +<h4 id="microsoft">Microsoft</h4> +<p>Full name = Microsoft Corporation</p> +<p>Short name = Microsoft</p> +<p>URL = <a href="https://www.microsoft.com/en-in/"><span style="color:red">↗</span> www.microsoft.com</a></p> +<h4 id="apache">Apache</h4> +<p>Full name = Apache Software Foundation</p> +<p>Short name = Apache</p> +<p>URL = <a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org/</a></p> +<h4 id="constantin-titarenko">Constantin Titarenko</h4> +<p>Full name = Constantin Titarenko</p> +<p>Short name = constantin_titarenko (Note the underscore!)</p> +<p>URL = <a href="https://github.com/titarenko"><span style="color:red">↗</span> https://github.com/titarenko</a></p> +<h2 id="how-to-determine-the-cpe">How to determine the CPE?</h2> +<p>The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.</p> +<h3 id="syntax-of-a-cpe-entry">Syntax of a CPE Entry</h3> +<p>The syntax of a CPE entry is defined as:</p> +<p><code>cpe:&lt;CPE-Version&gt;:&lt;part&gt;:&lt;vendor&gt;:&lt;product&gt;:&lt;version&gt;:&lt;update&gt;:&lt;edition&gt;:&lt;language&gt;</code></p> +<p><strong>CPE-Version</strong> refers to the CPE naming format version. We will always use version 2.3</p> +<p><strong>part</strong> refers to the type of the component (a = application, o = operating system, h =hardware device)</p> +<p><strong>vendor</strong> refers to the vendor or author of the component. Only small letters are allowed.</p> +<p><strong>product</strong> refers to the name of the product. Only small letters are allowed.</p> +<p><strong>version</strong> refers to the version of the product.</p> +<p><strong>update</strong> refers to the updates of this specific version</p> +<p><strong>edition</strong> and <strong>language</strong> can be used to specify more details</p> +<p>Non-existing or unknown party can get replaced by the placeholder &lsquo;*&rsquo;.</p> +<p><strong>Note</strong>: only small letters are allowed. Spaces have to be replaced by underlines &lsquo;_&rsquo;.</p> +<h3 id="examples-1">Examples</h3> +<p><strong>Microsoft .Net Framework, version 1.0 SP2</strong></p> +<p><code>cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*</code></p> +<p><strong>Apache ActiveMQ, version 4.0</strong></p> +<p><code>cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*</code></p> +<p><strong>Apache log4net, version 1.2.9 beta</strong></p> +<p><code>cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*</code></p> +<p><strong>Oracle Java Runtime, version 1.7.0, update 51</strong></p> +<p><code>cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*</code></p>Docs: SW360 Rest APIhttps://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ +<p>The sw360 REST API provides access to sw360 resources for external clients. It consists currently of three Maven modules aggregated in one parent module <code>rest</code> in the sw360 distribution.</p> +<h1 id="module-structure">Module Structure</h1> +<p>The <code>rest</code> module provides a REST API infrastructure for sw360 including:</p> +<ul> +<li>Module <code>authorization-server</code> - OAuth2 Authorization Server, offering typical authorization steps of an OAuth2 workflow.</li> +<li>Module <code>resource-server</code> - REST API Gateway, providing access to the data for authenticated and authorized users / clients.</li> +<li>Module <code>rest-common</code> - only library code that is shared between the other rest modules.</li> +</ul> +<p>The REST API implementation uses:</p> +<ul> +<li>Module <code>authorization-server</code> uses the Liferay user management via the Liferay REST API to authenticate users and the users thrift backend service to access user profile data.</li> +<li>Module <code>resource-server</code> uses thrift backend services for accessing sw360 data to deliver it to the external clients.</li> +</ul> +<h1 id="api-principles">API Principles</h1> +<h2 id="security-principles">Security Principles</h2> +<p>The basic security principles are following the OAuth2 standards. So there should be an authorization server which can be the one contained in this project. That one provides access tokens after it authenticated the client and the user using this client. In addition it checks which authorities this client should receive for operating in the user&rsquo;s name. With this OAuth2 access token the client can query the resource server which will restrict access to the given authorities. -Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.</p> -<p>There are currently three different possibilities for an OAuth2 authorization server implemented:</p> -<ul> -<li>Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.</li> -<li>Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.</li> -<li>Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.</li> -</ul> -<h2 id="data-principles">Data Principles</h2> -<p>The REST API provides Hypermedia using <a href="http://stateless.co/hal_specification.html">HAL</a> (Hypertext Application Language). -The following example shows some ideas of the REST API. It can be obtained by</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api -</span></span></code></pre></div><p>Note that the response below is maybe not the exact same response of your current version:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;_links&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:attachments&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/attachments{?sha1}&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:components&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/components&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenses&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenses&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenseinfo&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenseinfo&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:projects&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/projects&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:releases&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/releases&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:users&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/users&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vendors&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vendors&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vulnerabilities&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vulnerabilities&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;profile&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/profile&#34;</span> -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;curies&#34;</span>: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/docs/{rel}.html&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;name&#34;</span>: <span style="color:#c30">&#34;sw360&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h1 id="api-installation">API Installation</h1> -<p>Both, the <code>authorization-server</code> and the <code>resource-server</code> can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.</p> -<h1 id="api-configuration">API Configuration</h1> -<p>Since the <code>authorization-server</code> and the <code>resource-server</code> are Spring Boot servers, they are configured as usual via <code>/src/main/resources/application.yml</code>. In addition some configuration comes historically from <code>sw360.properties</code>. Please note that all configurations could be provided centrally in the <code>/etc/sw360/</code> directory. As such, the <code>sw360.properties</code> sits directly in <code>/etc/sw360/</code>. For rest-specific configurations the application considers the location <code>/etc/sw360/rest</code>.</p> -<h2 id="authorization-server-configuration">Authorization Server Configuration</h2> -<h3 id="special-liferay-credentials-configuration">Special Liferay Credentials Configuration</h3> -<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via Liferay username/password credentials should be possible:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>sw360:sw360-portal-server-url</td> -<td>the url of the Liferay instance</td> -<td>n/a (but could be given if environment variable is used like <code>${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}</code>)</td> -</tr> -<tr> -<td>sw360:sw360-liferay-company-id</td> -<td>the id of the company in Liferay that sw360 is run for</td> -<td>(but could be given if environment variable is used like <code>${SW360_LIFERAY_COMPANY_ID:20155}</code>)</td> -</tr> -</tbody> -</table> -<h3 id="special-sso-configuration">Special SSO Configuration</h3> -<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via SSO should be possible:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>security:customheader:enabled</td> -<td>Flag if the components needed for SSO should be active</td> -<td>false</td> -</tr> -<tr> -<td>security:customheader:headername:intermediateauthstore</td> -<td>the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only</td> -<td>custom-header-auth-marker</td> -</tr> -<tr> -<td>security:customheader:headername:email</td> -<td>the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)</td> -<td>authenticated-email</td> -</tr> -<tr> -<td>security:customheader:headername:extid</td> -<td>the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)</td> -<td>authenticated-extid</td> -</tr> -</tbody> -</table> -<p>:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!</p> -<h4 id="removing-headers-in-apache">Removing Headers in Apache</h4> -<p>In Apache you may use the <a href="https://httpd.apache.org/docs/current/mod/mod_headers.html"><code>mod_headers</code></a> module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the <code>authorization-server</code>:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>RequestHeader unset custom-header-auth-marker -</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-email -</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-extid -</span></span></code></pre></div><h3 id="a-namegeneral-configageneral-configuration"><a name="general-config"></a>General Configuration</h3> -<p>Possible properties in <code>sw360.properties</code> file are:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>backend.url</td> -<td>the url where the thrift services can be found</td> -<td>http://127.0.0.1:8080</td> -</tr> -<tr> -<td>rest.write.access.usergroup</td> -<td>the user group level (`USER</td> -<td>CLEARING_ADMIN</td> -</tr> -<tr> -<td>rest.admin.access.usergroup</td> -<td>the user group level (`USER</td> -<td>CLEARING_ADMIN</td> -</tr> -</tbody> -</table> -<p>The values in <code>sw360.properties</code> should be migrated to the <code>application.yml</code> in the future.</p> -<p>Further important properties in <code>application.yml</code> file are:</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>couchdb:url</td> -<td>the url of the CouchDB to use as client store</td> -<td>n/a</td> -</tr> -<tr> -<td>couchdb:database</td> -<td>the database name of the CouchDB database to use as client store</td> -<td>n/a</td> -</tr> -<tr> -<td>couchdb:username</td> -<td>if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value</td> -<td>null</td> -</tr> -<tr> -<td>couchdb:password</td> -<td>if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value</td> -<td>null</td> -</tr> -<tr> -<td>sw360:cors:allowed-origin</td> -<td>value for cross origin resource sharing</td> -<td>n/a</td> -</tr> -<tr> -<td>security:oauth2:resource:id</td> -<td>should just be the same then in the resource server</td> -<td>n/a</td> -</tr> -</tbody> -</table> -<p>After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the <code>ADMIN</code> authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.</p> -<h1 id="client-management">Client Management</h1> -<p>In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-<code>ADMIN</code> privileges are needed for client management, an authentication is needed to work with this API.</p> -<p>For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):</p> -<ol> -<li> -<p>Open a browser with developer tools capabilities</p> -</li> -<li> -<p>Open</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/client-management -</span></span></code></pre></div><p>This page always shows the currently configured clients and can be refreshed after every manipulation of a client.</p> -</li> -<li> -<p>To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); -</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;POST&#39;, &#39;/authorization/client-management&#39;, false); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.send(JSON.stringify( -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;description&#34; : &#34;my first test client&#34;, -</span></span><span style="display:flex;"><span> &#34;authorities&#34; : [ &#34;BASIC&#34; ], -</span></span><span style="display:flex;"><span> &#34;scope&#34; : [ &#34;READ&#34; ], -</span></span><span style="display:flex;"><span> &#34;access_token_validity&#34; : 3600, -</span></span><span style="display:flex;"><span> &#34;refresh_token_validity&#34; : 3600 -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>)); -</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); -</span></span></code></pre></div></li> -<li> -<p>to manipulate an existing client, do the same but add the clientid to the data object</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> &#34;client_id&#34; : &#34;9e358ca832ce4ce99a770c7bd0f8e066&#34; -</span></span></code></pre></div></li> -<li> -<p>to remove an existing client, enter the following javascript in the dev tools console</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); -</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;DELETE&#39;, &#39;/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066&#39;, false); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); -</span></span><span style="display:flex;"><span>xmlHttpRequest.send(); -</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); -</span></span></code></pre></div></li> -</ol> -<p>This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.</p> -<h3 id="client-management-via-curl">Client Management via Curl</h3> -<p>The above described call to create a rest client can also be done directly via one curl call:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#033">SW360_USER</span><span style="color:#555">=[</span>admin sw360 user<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span><span style="color:#033">SW360_PW</span><span style="color:#555">=[</span>corresponding sw360 admin user password<span style="color:#555">]</span> -</span></span><span style="display:flex;"><span>curl -s -S <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --user <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">SW360_USER</span><span style="color:#a00">}</span><span style="color:#c30">:</span><span style="color:#a00">${</span><span style="color:#033">SW360_PW</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Content-Type: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Accept: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -X POST https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/client-management <span style="color:#c30;font-weight:bold">\ -</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -d @- <span style="color:#c30">&lt;&lt;EOF -</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;my first test client&#34;, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;authorities&#34; : [ &#34;BASIC&#34; ], -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;scope&#34; : [ &#34;READ&#34; ], -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;access_token_validity&#34; : 3600, -</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;refresh_token_validity&#34; : 3600 -</span></span></span><span style="display:flex;"><span><span style="color:#c30">} -</span></span></span><span style="display:flex;"><span><span style="color:#c30">EOF</span> -</span></span></code></pre></div><p>This only works with the liferay basic-auth mechanism, SSO is not supported via curl.</p> -<h2 id="oauth2-access-token">OAuth2 Access Token</h2> -<p>Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.</p> -<h3 id="sso-backed-access-token">SSO Backed Access Token</h3> -<p>Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/oauth/token?grant_type=password&amp;client_id=[clientid]&amp;client_secret=[clientsecret] -</span></span></code></pre></div><p>Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>From this response the value of the <code>access_token</code> and probably <code>refresh_token</code> field is the one to copy-paste for later usage.</p> -<h3 id="liferay-backed-access-token">Liferay Backed Access Token</h3> -<p>With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example <code>curl</code>:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;[clientid]:[clientsecret]&#39;</span> -d <span style="color:#c30">&#39;grant_type=password&amp;username=[username]&amp;password=[password]&#39;</span> https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/oauth/token -k -</span></span></code></pre></div><p>Example response:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field <code>access_token</code> and probably <code>refresh_token</code>.</p> -<p>More Links:</p> -<ul> -<li>OAuth2 more information: <a href="https://oauth.net/2/">https://oauth.net/2/</a></li> -<li>Decode Bearer tokens at: <a href="https://jwt.io/">https://jwt.io/</a></li> -</ul> -<h2 id="oauth2-refresh-token">OAuth2 Refresh Token</h2> -<p>The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the <code>refresh_token</code> without further re-authorization of the user. The following url must be used:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> http://localhost/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=&lt;REFRESH_TOKEN&gt; -</span></span></code></pre></div><p>The client must pass its credentials via basic authentication. Though a user authentication is not necessary. -If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the &lsquo;grant_type=refresh_token&rsquo; query parameter may be used.</p> -<h2 id="example-apache-configuration">Example Apache configuration</h2> -<p>The following example shows the relevant part for an Apache proxy to configure -authentication of the <code>authorization-server</code> properly:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-apache" data-lang="apache"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;Location</span> <span style="color:#c30">/authorization/oauth/token</span><span style="color:#309;font-weight:bold">&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#366">Order</span> allow,deny -</span></span><span style="display:flex;"><span> <span style="color:#366">Allow</span> from <span style="color:#069;font-weight:bold">all</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;If</span> <span style="color:#c30">&#34;%{QUERY_STRING} =~ /^grant_type=refresh_token\&amp;/&#34;</span><span style="color:#309;font-weight:bold">&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># No authentication needed</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/If&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;Else&gt;</span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Configure your authentication here</span> -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/Else&gt;</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPass</span> https://localhost:8443/authorization/oauth/token -</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPassReverse</span> https://localhost:8443/authorization/oauth/token -</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/Location&gt;</span> -</span></span></code></pre></div><h1 id="resource-server-configuration">Resource Server Configuration</h1> -<p>Now that access tokens can be generated, the resource server has to be configured. The same general ideas of <a href="#general-config">general config</a> apply. The properties of the <code>application.yml</code> are</p> -<table> -<thead> -<tr> -<th>Key</th> -<th>Values</th> -<th>Default</th> -</tr> -</thead> -<tbody> -<tr> -<td>sw360:thrift-server-url</td> -<td>the url where the thrift services can be found, e.g. http://localhost:8080</td> -<td></td> -</tr> -<tr> -<td>sw360:test-user-id</td> -<td>only for developing, simple test user short cut, must be pulled off for productive</td> -<td></td> -</tr> -<tr> -<td>sw360:test-user-passwors</td> -<td>see above</td> -<td></td> -</tr> -<tr> -<td>sw360:couchdb-url</td> -<td>the url of the CouhDB server for attachment handling, e.g. https://localhost:5984</td> -<td></td> -</tr> -<tr> -<td>sw360:cors:allowed-origin</td> -<td>value for cross origin resource sharing</td> -<td>n/a</td> -</tr> -</tbody> -</table> -<p>The REST API is now completely usable via an own client or testwise with integrated tools.</p> -<h1 id="tools">Tools</h1> -<p>To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api -</span></span></code></pre></div><p>An example for a screenshot is as follows:</p> -<p><img src="https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png" alt="rest-hal-explorer"></p> -<p>When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:</p> -<ul> -<li>Key: Authorization</li> -<li>As value you need to enter: <code>Bearer [ACCESS_TOKEN]</code> where <code>[ACCESS_TOKEN]</code> actually contains the token</li> -</ul> -<h2 id="example--get-a-list-of-projects">Example – Get a list of projects</h2> -<p>Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://sw360.org/resource/api/projects (or /resource/api/projects) -</span></span></code></pre></div><p>will return the following response:</p> -<p><img src="https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png" alt="rest-explorer2"></p> -<h1 id="api-documentation">API Documentation</h1> -<p>sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance</p> -<table> -<thead> -<tr> -<th>URL</th> -<th>Description</th> -</tr> -</thead> -<tbody> -<tr> -<td>https://[hostname]:[port]/resource/docs/index.html</td> -<td>Small overview page</td> -</tr> -<tr> -<td>https://[hostname]:[port]/resource/docs/api-guide.html</td> -<td>The API description for the currently running server</td> -</tr> -<tr> -<td>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api</td> -<td>Integrated HAL browser to directly use the API</td> -</tr> -</tbody> -</table> -<h1 id="known-problems">Known Problems</h1> -<p>If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#c30">&#34;_links&#34;</span><span style="color:#a00;background-color:#faa">:</span> { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;self&#34;</span>: { -</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d&#34;</span> -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the <code>http</code> protocol and port - which is a problem if the server should be contacted over <code>https</code>only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to <code>https</code>.</p> -<p>Solution is to set for example in Nginx HTTP &lsquo;X-Forward-*&rsquo; headers on a reverse proxy, for example:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">location</span> <span style="color:#c30">/</span> { -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">...</span> -</span></span><span style="display:flex;"><span> <span style="color:#c30">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Port</span> <span style="color:#f60">443</span>; -</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Proto</span> <span style="color:#c30">https</span>; -</span></span><span style="display:flex;"><span> } -</span></span></code></pre></div><p>For other Web severs, there might a similar solution.</p> - - - - - - Docs: Authorization Concept - https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ - - - - <p>The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: <a href="https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model">role and access model</a></p> -<h2 id="roles-overview">Roles Overview</h2> -<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> -<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> -<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> -<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> -<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the <code>SW360_ADMIN</code> role to allow users of this role to promote other users&rsquo;s roles, follow these steps:</p> -<ol> -<li>Go to control panel</li> -<li>Select the <code>Users</code> section</li> -<li>To subsection <code>Roles</code></li> -<li>Select row for <code>SW360 Admin</code> and select action <code>Define permissions</code>.</li> -</ol> -<p>When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.</p> -<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> -<p>The clearing admin can change all component and release records and project records of the same group.</p> -<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> -<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> -<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> -<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> -<h4 id="user">User</h4> -<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> -<h4 id="summary">Summary</h4> -<h3 id="moderation-requests">Moderation Requests</h3> -<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p> - - - - - - Docs: Configurable Property Keys - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ - - - - <h3 id="introduction">Introduction</h3> -<p>List of all applicable property files in sw360:</p> -<ul> -<li>sw360.properties</li> -<li>fossology.properties</li> -<li>couchdb.properties</li> -<li>search.properties</li> -<li>orgmapping.properties</li> -<li>databasetest.properties</li> -<li>authorization/application.yml</li> -<li>rest/application.yml</li> -</ul> -<h3 id="sw360properties-etcsw360sw360properties">SW360.properties (/etc/sw360/sw360.properties)</h3> -<p>The following table shall give an overview about the general sw360 configuration settings.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">licenseinfo.spdxparser.use-license-info-from-files</td> -<td style="text-align:left">true/false</td> -</tr> -<tr> -<td style="text-align:left">mainline.state.enabled.for.user</td> -<td style="text-align:left">true/false</td> -</tr> -<tr> -<td style="text-align:left">key.auth.email</td> -<td style="text-align:left">EMAIL</td> -</tr> -<tr> -<td style="text-align:left">key.auth.extid</td> -<td style="text-align:left">EXTID</td> -</tr> -<tr> -<td style="text-align:left">key.auth.givenname</td> -<td style="text-align:left">GIVENNAME</td> -</tr> -<tr> -<td style="text-align:left">key.auth.surname</td> -<td style="text-align:left">SURNAME</td> -</tr> -<tr> -<td style="text-align:left">key.auth.department</td> -<td style="text-align:left">DEPARTMENT</td> -</tr> -<tr> -<td style="text-align:left">backend.url</td> -<td style="text-align:left">http://127.0.0.1:8080</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.vendor.threshold</td> -<td style="text-align:left">1</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.product.threshold</td> -<td style="text-align:left">0</td> -</tr> -<tr> -<td style="text-align:left">cvesearch.cutoff</td> -<td style="text-align:left">6</td> -</tr> -<tr> -<td style="text-align:left">combined.cli.parser.external.id.correlation.key</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">schedule.cvesearch.firstOffset.seconds</td> -<td style="text-align:left">0</td> -</tr> -<tr> -<td style="text-align:left">schedule.cvesearch.interval.seconds</td> -<td style="text-align:left">&ldquo;(24<em>60</em>60)&rdquo;</td> -</tr> -<tr> -<td style="text-align:left">autostart</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">rest.write.access.usergroup</td> -<td style="text-align:left">SW360_ADMIN</td> -</tr> -<tr> -<td style="text-align:left">rest.access.token.validity.seconds</td> -<td style="text-align:left">3600</td> -</tr> -<tr> -<td style="text-align:left">rest.security.client.id</td> -<td style="text-align:left">sw360-trusted-client</td> -</tr> -<tr> -<td style="text-align:left">rest.security.client.secret</td> -<td style="text-align:left">sw360-secret</td> -</tr> -<tr> -<td style="text-align:left">programming.languages</td> -<td style="text-align:left">ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON</td> -</tr> -<tr> -<td style="text-align:left">software.platforms</td> -<td style="text-align:left">Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)</td> -</tr> -<tr> -<td style="text-align:left">operating.systems</td> -<td style="text-align:left">Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS</td> -</tr> -<tr> -<td style="text-align:left">clearing.teams</td> -<td style="text-align:left">org1,org2,org3</td> -</tr> -<tr> -<td style="text-align:left">state</td> -<td style="text-align:left">Active,Phase out,Unknown</td> -</tr> -<tr> -<td style="text-align:left">project.type</td> -<td style="text-align:left">Customer Project,Internal Project,Product,Service,Inner Source</td> -</tr> -<tr> -<td style="text-align:left">project.externalkeys</td> -<td style="text-align:left">internal.id</td> -</tr> -<tr> -<td style="text-align:left">license.identifiers</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">component.categories</td> -<td style="text-align:left">framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml</td> -</tr> -<tr> -<td style="text-align:left">component.externalkeys</td> -<td style="text-align:left">com.github.id,com.gitlab.id,purl.id</td> -</tr> -<tr> -<td style="text-align:left">custommap.project.roles</td> -<td style="text-align:left">Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user</td> -</tr> -<tr> -<td style="text-align:left">custommap.component.roles</td> -<td style="text-align:left">Committer,Contributor,Expert</td> -</tr> -<tr> -<td style="text-align:left">custommap.release.roles</td> -<td style="text-align:left">Committer,Contributor,Expert</td> -</tr> -<tr> -<td style="text-align:left">custommap.release.externalIds</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">release.externalkeys</td> -<td style="text-align:left">org.maven.id,com.github.id,com.gitlab.id,purl.id</td> -</tr> -<tr> -<td style="text-align:left">projectimport.hosts</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">preferred.country.codes</td> -<td style="text-align:left">DE,AT,CH,US</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_from</td> -<td style="text-align:left">_<a href="mailto:No_Reply__@sw360.org">No_Reply__@sw360.org</a></td> -</tr> -<tr> -<td style="text-align:left">MailUtil_host</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_port</td> -<td style="text-align:left">25</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableStarttls</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableSsl</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_isAuthenticationNecessary</td> -<td style="text-align:left">true</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_login</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_password</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_enableDebug</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">MailUtil_supportMailAddress</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">defaultBegin</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">defaultEnd</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">unsubscribeNoticeBefore</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">unsubscribeNoticeAfter</td> -<td style="text-align:left">-</td> -</tr> -</tbody> -</table> -<h3 id="fossologyproperties-etcsw360fossologyproperties">fossology.properties (/etc/sw360/fossology.properties)</h3> -<p>These configuration parameters are necessary to connect to a fossology server.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">fossology.host</td> -<td style="text-align:left">localhost</td> -</tr> -<tr> -<td style="text-align:left">fossology.port</td> -<td style="text-align:left">22</td> -</tr> -<tr> -<td style="text-align:left">fossology.user</td> -<td style="text-align:left">sw360</td> -</tr> -<tr> -<td style="text-align:left">fossology.key.file</td> -<td style="text-align:left">/fossology.id_rsa</td> -</tr> -<tr> -<td style="text-align:left">fossology.key.pub.file</td> -<td style="text-align:left">[fossology.key.file] + .pub</td> -</tr> -</tbody> -</table> -<h3 id="couchdbproperties-etcsw360couchdbproperties">couchdb.properties (/etc/sw360/couchdb.properties)</h3> -<p>CouchDB and Lucene serach configuration properties.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">couchdb.url</td> -<td style="text-align:left">http://localhost:5984</td> -</tr> -<tr> -<td style="text-align:left">couchdb.database</td> -<td style="text-align:left">sw360db</td> -</tr> -<tr> -<td style="text-align:left">couchdb.user</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.password</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.userdb</td> -<td style="text-align:left">sw360users</td> -</tr> -<tr> -<td style="text-align:left">couchdb.attachments</td> -<td style="text-align:left">sw360attachments</td> -</tr> -<tr> -<td style="text-align:left">couchdb.fossologyKeys</td> -<td style="text-align:left">sw360fossologyKeys</td> -</tr> -<tr> -<td style="text-align:left">couchdb.vulnerability_management</td> -<td style="text-align:left">sw360vm</td> -</tr> -<tr> -<td style="text-align:left">lucenesearch.limit</td> -<td style="text-align:left">25</td> -</tr> -<tr> -<td style="text-align:left">lucenesearch.leading.wildcard*</td> -<td style="text-align:left">false</td> -</tr> -</tbody> -</table> -<blockquote> -<p>* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. <em>(couchdb-lucene.ini is part of the couchdb-lucene .war package)</em> <br> -[lucene] <br> -allowLeadingWildcard=true</p> -</blockquote> -<h3 id="searchproperties-etcsw360searchproperties">search.properties (/etc/sw360/search.properties)</h3> -<p>The following table shall give an overview about the specific search properties</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">search.name.max.length</td> -<td style="text-align:left">64</td> -</tr> -</tbody> -</table> -<h3 id="orgmappingproperties-etcsw360orgmappingproperties">orgmapping.properties (/etc/sw360/orgmapping.properties)</h3> -<p>This configuration file is used to activate the sw360 orgmapping feature.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">match.prefix</td> -<td style="text-align:left">false</td> -</tr> -<tr> -<td style="text-align:left">enable.custom.mapping</td> -<td style="text-align:left">false</td> -</tr> -</tbody> -</table> -<h3 id="databasetestproperties-etcsw360databasetestproperties">databasetest.properties (/etc/sw360/databasetest.properties)</h3> -<p>Just for couchdb database test purpose.</p> -<table> -<thead> -<tr> -<th style="text-align:left">Property Key</th> -<th style="text-align:left">Default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">couch_db_url</td> -<td style="text-align:left">http://localhost:5984</td> -</tr> -<tr> -<td style="text-align:left">couch_db_database</td> -<td style="text-align:left">datahandlertestdb</td> -</tr> -<tr> -<td style="text-align:left">couchdb.username</td> -<td style="text-align:left">-</td> -</tr> -<tr> -<td style="text-align:left">couchdb.password</td> -<td style="text-align:left">-</td> -</tr> -</tbody> -</table> -<h3 id="authorizationapplicationyml-etcsw360authorizationapplicationyml">authorization/application.yml (/etc/sw360/authorization/application.yml)</h3> -<p>All of the following built-in properties can be overridden:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Port to open in standalone mode -</span></span><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8090 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials -</span></span><span style="display:flex;"><span>couchdb: -</span></span><span style="display:flex;"><span> url: http://localhost:5984 -</span></span><span style="display:flex;"><span> database: sw360oauthclients -</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password -</span></span><span style="display:flex;"><span> #username: -</span></span><span style="display:flex;"><span> #password: -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> jackson: -</span></span><span style="display:flex;"><span> serialization: -</span></span><span style="display:flex;"><span> indent_output: true -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># Common SW360 properties -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> # The url of the Liferay instance -</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} -</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for -</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} -</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO -</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server -</span></span><span style="display:flex;"><span> customheader: -</span></span><span style="display:flex;"><span> headername: -</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here -</span></span><span style="display:flex;"><span> enabled: false -</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers -</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server -</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker -</span></span><span style="display:flex;"><span> email: authenticated-email -</span></span><span style="display:flex;"><span> extid: authenticated-extid -</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span></code></pre></div><h3 id="restapplicationyml-etcsw360restapplicationyml">rest/application.yml (/etc/sw360/rest/application.yml)</h3> -<p>All of the following built-in properties can be overridden:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>server: -</span></span><span style="display:flex;"><span> port: 8091 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>spring: -</span></span><span style="display:flex;"><span> http: -</span></span><span style="display:flex;"><span> multipart: -</span></span><span style="display:flex;"><span> max-file-size: 500MB -</span></span><span style="display:flex;"><span> max-request-size: 600MB -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> data: -</span></span><span style="display:flex;"><span> rest: -</span></span><span style="display:flex;"><span> base-path: /api -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span># logging: -</span></span><span style="display:flex;"><span># level: -</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>security: -</span></span><span style="display:flex;"><span> oauth2: -</span></span><span style="display:flex;"><span> resource: -</span></span><span style="display:flex;"><span> id: sw360-REST-API -</span></span><span style="display:flex;"><span> filter-order: 3 -</span></span><span style="display:flex;"><span> jwt: -</span></span><span style="display:flex;"><span> keyValue: | -</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- -</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy -</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ -</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ -</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg -</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da -</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ -</span></span><span style="display:flex;"><span> PQIDAQAB -</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span>sw360: -</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} -</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org -</span></span><span style="display:flex;"><span> test-user-password: sw360-password -</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} -</span></span><span style="display:flex;"><span> cors: -</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} -</span></span></code></pre></div> - - - - - Docs: Configuring Country Codes - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ - - - - <p>This feature is available on:</p> -<ul> -<li>projects / Owner Country</li> -<li>components / Owner Country</li> -</ul> -<p><img src="https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg" alt="Country Code List"></p> -<p>Its supports preferred country codes, which are shown at the top of the country list. <br> -You can configure them by using the sw360.properties.</p> -<table> -<thead> -<tr> -<th style="text-align:center">sw360 properties key</th> -<th style="text-align:center">value</th> -<th style="text-align:center">default</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">preferred.country.codes</td> -<td style="text-align:center">(ISO 3166-1 alpha-2)</td> -<td style="text-align:center">DE,AT,CH,US</td> -</tr> -</tbody> -</table> - - - - - - Docs: CVE Scheduler - https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ - - - - <h1 id="how-to-use-sw360-cve-schedule">How to use SW360 CVE schedule</h1> -<p>SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.<br> -<em>Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.</em></p> -<h2 id="install-cve-search">Install CVE-search</h2> -<p>cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.</p> -<h3 id="docker-installation-github-repohttpsgithubcomcve-searchcve-search-docker">Docker Installation <a href="https://github.com/cve-search/CVE-Search-Docker">Github repo</a></h3> -<p>Only clone and &ldquo;docker-compose up&rdquo;.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/CVE-Search-Docker.git -</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> CVE-Search-Docker -</span></span><span style="display:flex;"><span> $ docker-compose up -</span></span></code></pre></div><h3 id="native-installation-github-repohttpsgithubcomcve-searchcve-search">Native Installation <a href="https://github.com/cve-search/cve-search">Github repo</a></h3> -<ol> -<li>Clone source</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/cve-search -</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search -</span></span><span style="display:flex;"><span> $ git checkout <span style="color:#555">{</span>tag/branch<span style="color:#555">}</span> -</span></span></code></pre></div><ol start="2"> -<li>Install system requirements</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install -y &lt; requirements.system -</span></span></code></pre></div><ol start="3"> -<li>Install CVE-Search and its Python dependencies</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> pip3 install -r requirements.txt -</span></span></code></pre></div><ol start="4"> -<li>Install mongodb</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ <span style="color:#033">codename</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>lsb_release --codename --short<span style="color:#069;font-weight:bold">)</span> -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ <span style="color:#366">echo</span> <span style="color:#c30">&#34;deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu </span><span style="color:#a00">${</span><span style="color:#033">codename</span><span style="color:#a00">}</span><span style="color:#c30">/mongodb-org/4.4 multiverse&#34;</span> | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list -</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get update -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo apt-get install -y mongodb-org -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl start mongod -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Verify status of mongodb</span> -</span></span><span style="display:flex;"><span> $ sudo systemctl status mongod -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># if all is ok, enable mongodb to start on system startup</span> -</span></span><span style="display:flex;"><span> $ sudo systemctl <span style="color:#366">enable</span> mongod -</span></span></code></pre></div><ol start="5"> -<li>Populating the database</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install redis redis-server -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">#modify: stop-writes-on-bgsave-error yes -&gt; no</span> -</span></span><span style="display:flex;"><span> $ sudo vim /etc/redis/redis.conf -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ sudo systemctl restart redis -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_cpe_dictionary.py -p -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_json.py -p -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> $ ./sbin/db_updater.py -c <span style="color:#09f;font-style:italic"># This will take &gt; 45minutes on a decent machine, please be patient</span> -</span></span></code></pre></div><ol start="6"> -<li>Updating the database</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ ./sbin/db_updater.py -v -</span></span></code></pre></div><ol start="7"> -<li>Starting and stopping the web-server</li> -</ol> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Install psutil &gt;= 5.7.0</span> -</span></span><span style="display:flex;"><span> $ pip3 install psutil&gt;<span style="color:#555">=</span>5.7.0 -</span></span><span style="display:flex;"><span> -</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Starting web server</span> -</span></span><span style="display:flex;"><span> $ python3 web/index.py -</span></span></code></pre></div><p>Default Web server: http://localhost:5000</p> -<p>To stop the server, press the <code>CTRL+C</code></p> -<p><strong>Note</strong>: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search -</span></span><span style="display:flex;"><span> $ cp etc/configuration.ini.sample etc/configuration.ini -</span></span><span style="display:flex;"><span> $ vim etc/configuration.ini -</span></span></code></pre></div><h2 id="setup-sw360-with-cve-server">Setup SW360 with CVE server</h2> -<ol> -<li>Change default CVE server</li> -</ol> -<p>Change <code>cvesearch.host</code> with CVE server address.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-cvesearch/src/main/resources/cvesearch.properties -</span></span></code></pre></div><ol start="2"> -<li>Setting for schedule the CVE service</li> -</ol> -<p>The offset (first run of the update) and the interval between updates can also be adjusted.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-schedule/src/main/resources/sw360.properties -</span></span></code></pre></div><p>The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> -<p>According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start <code>autostart = cvesearchService</code></p> -<ol start="3"> -<li>Schedule task Adminstration</li> -</ol> -<p>View and start/stop schedule</p> -<p>Click <code>Admin</code> &gt; <code>Schedule</code></p> -<h2 id="reference">Reference</h2> -<p>CVE guide: [https://cve-search.github.io/cve-search/database/database.html]</p> -<p>User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]</p> - - - - - - Docs: Dependency Network Feature - https://www.eclipse.org/sw360/docs/userguide/dependency_network/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/dependency_network/ - - - - <h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> -<p>To use this function, please:</p> -<ol> -<li> -<p>Build the source code and deploy.</p> -</li> -<li> -<p>Add config <strong>enable.flexible.project.release.relationship=true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> -</li> -</ol> -<p>The following changes will work when <strong>enable.flexible.project.release.relationship=true</strong> only.</p> -<ol start="3"> -<li>Use the migration script (<strong>056_migrate_project_dependency_network.py</strong>) we provided to mograte the database.</li> -</ol> -<p>Before you run the script, please change two places in the script:</p> -<p>(1) Line 30: <code>DRY_RUN = True</code> -&gt; <code>DRY_RUN = False</code></p> -<p>(2) Line 32: <code>COUCHSERVER = 'http://localhost:5984/'</code> -&gt; <code>COUCHSERVER = 'http://admin:password@localhost:5984/'</code></p> -<p><code>admin</code> and <code>password</code> should be your username and password for CouchDB.</p> -<h1 id="1-introduction"><strong>1. Introduction</strong></h1> -<p>The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.</p> -<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> -<p>This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. -Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png"/> -</figure> - -<h2 id="21-the-changes-of-edit-project-gui"><strong>2.1. The changes of edit project GUI</strong></h2> -<p>In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:</p> -<h4 id="a-modify-the-add-releases-button-this-button-will-add-a-direct-dependency-release-in-the-dependency-graph-of-this-project"><strong>a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png"/> -</figure> - -<h4 id="b-a-new-icon-button-to-add-a-dependency-release-to-another-dependency-release-in-the-dependency-graph-note-that-this-dependency-added-is-seen-as-the-transitive-dependency-of-this-project"><strong>b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png"/> -</figure> - -<h4 id="c-a-new-icon-button-to-load-the-default-dependency-graph-of-a-dependency-release-by-importing-the-dependency-information-stored-on-the-component-page-note-that-this-button-will-load-all-dependencies-both-direct-and-transitive-ones-of-the-corresponding-dependency-release"><strong>c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png"/> -</figure> - -<h4 id="d-the-combo-box-allows-the-user-to-modify-the-version-of-a-dependency"><strong>d. The combo box allows the user to modify the version of a dependency.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Select_version_box.png"/> -</figure> - -<h4 id="e-the-check-dependency-network-button-will-compare-and-show-the-different-dependency-information-which-is-not-consistent-with-the-default-one-stored-on-the-component-page-by-highlighting-them-the-inconsistency-usually-happens-after-users-modified-the-dependency-graph-or-imported-an-old-project"><strong>e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png"/> -</figure> - -<h2 id="23-rest-api-changes"><strong>2.3 Rest API changes</strong></h2> -<h3 id="new-rest-apis">New Rest APIs</h3> -<p><strong>a. 3.3.35. Get a single project with dependencies network</strong></p> -<p>The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> &#34;name&#34; : &#34;Emerald Web&#34;, -</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;6a8250852362462095c57535294039e4&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;TO_BE_REPLACED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;PHASEOUT&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>b. 3.3.36. Creating a project with dependencies network</strong></p> -<p>If the <strong>dependencyNetwork</strong> field is included in the request body, a dependency network will be registered for the project.</p> -<ul> -<li>Simple example request (modify releaseIds to the existing release ids in sw360):</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;TestProject1&#34;, -</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>c. 3.3.37. Update a project with dependencies network</strong></p> -<p>Same request body as &ldquo;Creating a project with dependencies network&rdquo;.</p> - - - - - - Docs: Export and Import - https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ - - - - <div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-diff" data-lang="diff"><span style="display:flex;"><span><span style="background-color:#fcc">- note that only export and import of users is active, -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- everything else is deprecated functionality. -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- The export and import functionality has not been -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- updated at some point and thus will not function -</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- properly anymore. -</span></span></span></code></pre></div><h1 id="full-export">Full Export</h1> -<p>The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. -e.g.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/_utils/config.html -</span></span></code></pre></div><p>under</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>view_index_dir /var/lib/couchdb -</span></span></code></pre></div><p>This method of exporting has the advantage that all Ids remain the same. -An equally simple method it to use the Couch-DB replicator from Futon.</p> -<p>This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://github.com/couchapp/couchapp -</span></span></code></pre></div><p>and then follows the instructions from</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://harthur.github.io/costco/ -</span></span></code></pre></div><p>and</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>couchapp push . http://localhost:5984/sw360users -</span></span></code></pre></div><p>then you go to</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/sw360users/_design/costco/index.html -</span></span></code></pre></div><p>and you can run functions like:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { -</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { -</span></span><span style="display:flex;"><span> if(doc.fullname == &#39;Homer J. Simons&#39;) { -</span></span><span style="display:flex;"><span> doc.fullname = &#39;Homer Jay Simons&#39;; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> return doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p>You can also change the names of properties, e.g.</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { -</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { -</span></span><span style="display:flex;"><span> if(doc.fullname ) { -</span></span><span style="display:flex;"><span> doc.fullname2 = doc.fullname; -</span></span><span style="display:flex;"><span> delete doc.fullname; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> return doc; -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><h1 id="csv-export">CSV Export</h1> -<h2 id="users">Users</h2> -<p>The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.</p> -<h2 id="projects">Projects</h2> -<p>There is no CSV export or import for projects currently.</p> -<h2 id="components-and-releases">Components and Releases</h2> -<p>To Export the components and releases you need to do the following: +Every client gets an access token as well as an refresh token. As long as the refresh token is valid, the client can gather a new access token without the need of re-authorization of the user.</p> +<p>There are currently three different possibilities for an OAuth2 authorization server implemented:</p> +<ul> +<li>Using the contained authorization-server with username/password that are known by Liferay, no matter if Liferay is hosting the credentials itself or is attached to some central user management which it uses to authenticate users.</li> +<li>Using the contained authorization-server inside an SSO network where an existing proxy can take care of the authentication and passing authenticated user information in configurable headers to the authorization-server which then performs authorization on top.</li> +<li>Using keycloak as authorization-server. This case is not part of this wiki page and might need special configuration.</li> +</ul> +<h2 id="data-principles">Data Principles</h2> +<p>The REST API provides Hypermedia using <a href="http://stateless.co/hal_specification.html">HAL</a> (Hypertext Application Language). +The following example shows some ideas of the REST API. It can be obtained by</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +</span></span></code></pre></div><p>Note that the response below is maybe not the exact same response of your current version:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;_links&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:attachments&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/attachments{?sha1}&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:components&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/components&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenses&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenses&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:licenseinfo&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/licenseinfo&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:projects&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/projects&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:releases&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/releases&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:users&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/users&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vendors&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vendors&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;sw360:vulnerabilities&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/vulnerabilities&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;profile&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/api/profile&#34;</span> +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;curies&#34;</span>: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://dev.sw360.siemens.com/resource/docs/{rel}.html&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;name&#34;</span>: <span style="color:#c30">&#34;sw360&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;templated&#34;</span>: <span style="color:#069;font-weight:bold">true</span> +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h1 id="api-installation">API Installation</h1> +<p>Both, the <code>authorization-server</code> and the <code>resource-server</code> can be build using Maven like the rest of the project. Each is generating a Spring Boot server that can be deployed in an application container, e.g. Tomcat.</p> +<h1 id="api-configuration">API Configuration</h1> +<p>Since the <code>authorization-server</code> and the <code>resource-server</code> are Spring Boot servers, they are configured as usual via <code>/src/main/resources/application.yml</code>. In addition some configuration comes historically from <code>sw360.properties</code>. Please note that all configurations could be provided centrally in the <code>/etc/sw360/</code> directory. As such, the <code>sw360.properties</code> sits directly in <code>/etc/sw360/</code>. For rest-specific configurations the application considers the location <code>/etc/sw360/rest</code>.</p> +<h2 id="authorization-server-configuration">Authorization Server Configuration</h2> +<h3 id="special-liferay-credentials-configuration">Special Liferay Credentials Configuration</h3> +<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via Liferay username/password credentials should be possible:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>sw360:sw360-portal-server-url</td> +<td>the url of the Liferay instance</td> +<td>n/a (but could be given if environment variable is used like <code>${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080}</code>)</td> +</tr> +<tr> +<td>sw360:sw360-liferay-company-id</td> +<td>the id of the company in Liferay that sw360 is run for</td> +<td>(but could be given if environment variable is used like <code>${SW360_LIFERAY_COMPANY_ID:20155}</code>)</td> +</tr> +</tbody> +</table> +<h3 id="special-sso-configuration">Special SSO Configuration</h3> +<p>In addition to the general properties in <a href="#general-config">here</a> the following needs to be configured in the <code>application.yml</code> when the authentication via SSO should be possible:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>security:customheader:enabled</td> +<td>Flag if the components needed for SSO should be active</td> +<td>false</td> +</tr> +<tr> +<td>security:customheader:headername:intermediateauthstore</td> +<td>the name of the header that can be used for internal data transfer inside one roundtrip - it can be configured here because the proxy has to make sure that this header will not be passed from clients and will be used truly internal only</td> +<td>custom-header-auth-marker</td> +</tr> +<tr> +<td>security:customheader:headername:email</td> +<td>the name of the header that holds the email of the authenticated user (should be set be the proxy and must never be passed from clients)</td> +<td>authenticated-email</td> +</tr> +<tr> +<td>security:customheader:headername:extid</td> +<td>the name of the header that holds the extid of the authenticated user (should be set be the proxy and must never be passed from clients)</td> +<td>authenticated-extid</td> +</tr> +</tbody> +</table> +<p>:heavy_exclamation_mark: Please configure your SSO server and the proxy accordingly. In general, no unauthenticated request should reach the authorization server. And the configured headers should only be set by the proxy. If they are already contained in client requests, they must be removed!</p> +<h4 id="removing-headers-in-apache">Removing Headers in Apache</h4> +<p>In Apache you may use the <a href="https://httpd.apache.org/docs/current/mod/mod_headers.html"><code>mod_headers</code></a> module to remove headers from the client. Using the default values from the table above, at least the following directives should be present in your configuration for all requests that are routed to the <code>authorization-server</code>:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>RequestHeader unset custom-header-auth-marker +</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-email +</span></span><span style="display:flex;"><span>RequestHeader unset authenticated-extid +</span></span></code></pre></div><h3 id="a-namegeneral-configageneral-configuration"><a name="general-config"></a>General Configuration</h3> +<p>Possible properties in <code>sw360.properties</code> file are:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>backend.url</td> +<td>the url where the thrift services can be found</td> +<td>http://127.0.0.1:8080</td> +</tr> +<tr> +<td>rest.write.access.usergroup</td> +<td>the user group level (`USER</td> +<td>CLEARING_ADMIN</td> +</tr> +<tr> +<td>rest.admin.access.usergroup</td> +<td>the user group level (`USER</td> +<td>CLEARING_ADMIN</td> +</tr> +</tbody> +</table> +<p>The values in <code>sw360.properties</code> should be migrated to the <code>application.yml</code> in the future.</p> +<p>Further important properties in <code>application.yml</code> file are:</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>couchdb:url</td> +<td>the url of the CouchDB to use as client store</td> +<td>n/a</td> +</tr> +<tr> +<td>couchdb:database</td> +<td>the database name of the CouchDB database to use as client store</td> +<td>n/a</td> +</tr> +<tr> +<td>couchdb:username</td> +<td>if the CouchDB database needs authentication, enter the username here - if it does not need authentication, do not set this property at all, not even with an empty value</td> +<td>null</td> +</tr> +<tr> +<td>couchdb:password</td> +<td>if the CouchDB database needs authentication, enter the password here - if it does not need authentication, do not set this property at all, not even with an empty value</td> +<td>null</td> +</tr> +<tr> +<td>sw360:cors:allowed-origin</td> +<td>value for cross origin resource sharing</td> +<td>n/a</td> +</tr> +<tr> +<td>security:oauth2:resource:id</td> +<td>should just be the same then in the resource server</td> +<td>n/a</td> +</tr> +</tbody> +</table> +<p>After this configuration is done the normal REST service for client management should be usable. This one is only accessible for authenticated users that get the <code>ADMIN</code> authority (remember, the therefore necessary sw360 usergroup has just been configured). So the clients can be configured now.</p> +<h1 id="client-management">Client Management</h1> +<p>In the scenarios of this page, the shipped authorization server is used. So the next step is to configure a valid OAuth2 client in this authorization server. There should be one OAuth2 client per external REST API client (which in turn can have many different users). Therefore the authorization server offers a REST API for basic CRUD operations for configuring the clients that are stored in the just configured CouchDB. Since sw360-<code>ADMIN</code> privileges are needed for client management, an authentication is needed to work with this API.</p> +<p>For SSO users (basic-auth Liferay users can use other tools as well because other tools can handle basic auth - but they can also use this workflow):</p> +<ol> +<li> +<p>Open a browser with developer tools capabilities</p> +</li> +<li> +<p>Open</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/client-management +</span></span></code></pre></div><p>This page always shows the currently configured clients and can be refreshed after every manipulation of a client.</p> +</li> +<li> +<p>To add a new client, enter the following javascript in the dev tools console in the current browser tab - of course after manipulating the client data to suit your needs</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); +</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;POST&#39;, &#39;/authorization/client-management&#39;, false); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.send(JSON.stringify( +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;description&#34; : &#34;my first test client&#34;, +</span></span><span style="display:flex;"><span> &#34;authorities&#34; : [ &#34;BASIC&#34; ], +</span></span><span style="display:flex;"><span> &#34;scope&#34; : [ &#34;READ&#34; ], +</span></span><span style="display:flex;"><span> &#34;access_token_validity&#34; : 3600, +</span></span><span style="display:flex;"><span> &#34;refresh_token_validity&#34; : 3600 +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>)); +</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); +</span></span></code></pre></div></li> +<li> +<p>to manipulate an existing client, do the same but add the clientid to the data object</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> &#34;client_id&#34; : &#34;9e358ca832ce4ce99a770c7bd0f8e066&#34; +</span></span></code></pre></div></li> +<li> +<p>to remove an existing client, enter the following javascript in the dev tools console</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>xmlHttpRequest = new XMLHttpRequest(); +</span></span><span style="display:flex;"><span>xmlHttpRequest.open(&#39;DELETE&#39;, &#39;/authorization/client-management/9e358ca832ce4ce99a770c7bd0f8e066&#39;, false); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Content-Type&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.setRequestHeader(&#39;Accept&#39;, &#39;application/json&#39;); +</span></span><span style="display:flex;"><span>xmlHttpRequest.send(); +</span></span><span style="display:flex;"><span>console.log(xmlHttpRequest.responseText); +</span></span></code></pre></div></li> +</ol> +<p>This way the session cookie of the SSO login will be used for the REST calls. This might also be possible in postman or curl or similar tools if you want to try to copy cookies (depending also on the SSO configuration). As said before, if Liferay username/password credentials can be used to authenticate then a tool like postman or curl can be used for the whole process. Just pass the credentials as basic-auth.</p> +<h3 id="client-management-via-curl">Client Management via Curl</h3> +<p>The above described call to create a rest client can also be done directly via one curl call:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#033">SW360_USER</span><span style="color:#555">=[</span>admin sw360 user<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span><span style="color:#033">SW360_PW</span><span style="color:#555">=[</span>corresponding sw360 admin user password<span style="color:#555">]</span> +</span></span><span style="display:flex;"><span>curl -s -S <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --user <span style="color:#c30">&#34;</span><span style="color:#a00">${</span><span style="color:#033">SW360_USER</span><span style="color:#a00">}</span><span style="color:#c30">:</span><span style="color:#a00">${</span><span style="color:#033">SW360_PW</span><span style="color:#a00">}</span><span style="color:#c30">&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Content-Type: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> --header <span style="color:#c30">&#34;Accept: application/json&#34;</span> <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -X POST https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/client-management <span style="color:#c30;font-weight:bold">\ +</span></span></span><span style="display:flex;"><span><span style="color:#c30;font-weight:bold"></span> -d @- <span style="color:#c30">&lt;&lt;EOF +</span></span></span><span style="display:flex;"><span><span style="color:#c30">{ +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;description&#34; : &#34;my first test client&#34;, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;authorities&#34; : [ &#34;BASIC&#34; ], +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;scope&#34; : [ &#34;READ&#34; ], +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;access_token_validity&#34; : 3600, +</span></span></span><span style="display:flex;"><span><span style="color:#c30"> &#34;refresh_token_validity&#34; : 3600 +</span></span></span><span style="display:flex;"><span><span style="color:#c30">} +</span></span></span><span style="display:flex;"><span><span style="color:#c30">EOF</span> +</span></span></code></pre></div><p>This only works with the liferay basic-auth mechanism, SSO is not supported via curl.</p> +<h2 id="oauth2-access-token">OAuth2 Access Token</h2> +<p>Now with a configured client it is possible to retrieve an access token for the REST API from the authorization server. There is again a difference in SSO environments and Liferay username/password environments.</p> +<h3 id="sso-backed-access-token">SSO Backed Access Token</h3> +<p>Probably the browser has to be used again because many SSO environments are based on certificates that are read from keycards and the necessary libs are often built into the browser. So just call the URL</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/authorization/oauth/token?grant_type=password&amp;client_id=[clientid]&amp;client_secret=[clientsecret] +</span></span></code></pre></div><p>Of course the client id and the client secret should be replaced by the values of the configured client. The received response should look similar to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>From this response the value of the <code>access_token</code> and probably <code>refresh_token</code> field is the one to copy-paste for later usage.</p> +<h3 id="liferay-backed-access-token">Liferay Backed Access Token</h3> +<p>With a Liferay backed authentication all REST clients that offer basic auth support can be used. For example <code>curl</code>:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-Bash" data-lang="Bash"><span style="display:flex;"><span>curl -X POST --user <span style="color:#c30">&#39;[clientid]:[clientsecret]&#39;</span> -d <span style="color:#c30">&#39;grant_type=password&amp;username=[username]&amp;password=[password]&#39;</span> https://<span style="color:#555">[</span>hostname<span style="color:#555">]</span>:<span style="color:#555">[</span>port<span style="color:#555">]</span>/authorization/oauth/token -k +</span></span></code></pre></div><p>Example response:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;access_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiZDY4ZWY1YWEtZTQ5My00Y2YxLWI2NGQtNWE5MTdkY2M2ZTYwIiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iO5sLrqRcZfzvMP5gjaJhk3caWyZLkUesdbMfqCGy4V5rbnU9QP1LjdybY0Udh8hvAvhlpqPfaxeKe1c3-gQs5MYlqG0lNQCyWcb7NRHj8VFlwLPuJRZJNk3tybvgITVm9r14pfAXogpVE0S4KihD2W1_SoKH4NzTa2vOEG0CK4VzCLetxUlUuePxZH8ugouqbS2d0SpyeeMTm-PzxzzeTb_4ulGpg63eE1v7GvTsI23uh2WfIgHBa1GRr5jWtE0Meq-5UFCVQkhMm8P-r8wO2iuRblCu6a-bWwy7bfdj3S2VDnqSQskE2dVrC_qMs-V2AGvCV1xvlF0P8A4tgwL-w&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;token_type&#34;</span> : <span style="color:#c30">&#34;bearer&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;refresh_token&#34;</span> : <span style="color:#c30">&#34;eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOlsic3czNjAtUkVTVC1BUEkiXSwidXNlcl9uYW1lIjoiYWRtaW5Ac3czNjAub3JnIiwic2NvcGUiOlsiUkVBRCJdLCJhdGkiOiJkNjhlZjVhYS1lNDkzLTRjZjEtYjY0ZC01YTkxN2RjYzZlNjAiLCJleHAiOjE1NjM4MDYwNDQsImF1dGhvcml0aWVzIjpbIlJFQUQiXSwianRpIjoiM2VkZDcxODAtMTBlYi00Y2MwLTg0NTUtMGYwZmIyMWMwYmU0IiwiY2xpZW50X2lkIjoiMTcyMmZmYzdkZWE3MTU3OGQ5ZWE1ZTZhNmMwMDA4NzMifQ.iMGfdHWpJNseoxIk7tKCNTyC1w4_AJ4cSv6kO64_BkF54MLudvyf9uVSIHpAeHhSFdvhbjksynRqq_u78vW8ptY1la65Qx8glHz0sktWBfMDJsUA4ynU2iZbKU92f2OOf3wQRVt38-Y1mBUsDMIStyKTDeIXGT3LJr_8k5dRAGvayixaezxDFw3dWK2M6P9h-ZnfEP47HpIUZrG8cgwPmNCZ9gBXsqVnueDYZth6TaEKIvWbkZtwY0ikWKyJL2xLm78O1ii3lA5ENt5I0DTfTm8QuK_zcm679W9jF0jvwIR71fM0JSWjkBoXd2h9oLmE2CF2sFVaJor_ermk-L0LsA&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;expires_in&#34;</span> : <span style="color:#f60">3599</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;scope&#34;</span> : <span style="color:#c30">&#34;READ&#34;</span>, +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;jti&#34;</span> : <span style="color:#c30">&#34;d68ef5aa-e493-4cf1-b64d-5a917dcc6e60&#34;</span> +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>Of course, the username and password must be your user credentials and the client id and secret have to be replaced with the configured values. And again, the wanted value is the value of the field <code>access_token</code> and probably <code>refresh_token</code>.</p> +<p>More Links:</p> +<ul> +<li>OAuth2 more information: <a href="https://oauth.net/2/">https://oauth.net/2/</a></li> +<li>Decode Bearer tokens at: <a href="https://jwt.io/">https://jwt.io/</a></li> +</ul> +<h2 id="oauth2-refresh-token">OAuth2 Refresh Token</h2> +<p>The authorization server supports so called refresh tokens to generate new access tokens after they have been expired. New access tokens can be generated with the use of the <code>refresh_token</code> without further re-authorization of the user. The following url must be used:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> http://localhost/authorization/oauth/token?grant_type=refresh_token&amp;refresh_token=&lt;REFRESH_TOKEN&gt; +</span></span></code></pre></div><p>The client must pass its credentials via basic authentication. Though a user authentication is not necessary. +If you are authentication your users on a proxy, you have to configure that proxy in a way that it does not block requests to the above url. As marker the &lsquo;grant_type=refresh_token&rsquo; query parameter may be used.</p> +<h2 id="example-apache-configuration">Example Apache configuration</h2> +<p>The following example shows the relevant part for an Apache proxy to configure +authentication of the <code>authorization-server</code> properly:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-apache" data-lang="apache"><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;Location</span> <span style="color:#c30">/authorization/oauth/token</span><span style="color:#309;font-weight:bold">&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#366">Order</span> allow,deny +</span></span><span style="display:flex;"><span> <span style="color:#366">Allow</span> from <span style="color:#069;font-weight:bold">all</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;If</span> <span style="color:#c30">&#34;%{QUERY_STRING} =~ /^grant_type=refresh_token\&amp;/&#34;</span><span style="color:#309;font-weight:bold">&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># No authentication needed</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/If&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;Else&gt;</span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Configure your authentication here</span> +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&lt;/Else&gt;</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPass</span> https://localhost:8443/authorization/oauth/token +</span></span><span style="display:flex;"><span> <span style="color:#366">ProxyPassReverse</span> https://localhost:8443/authorization/oauth/token +</span></span><span style="display:flex;"><span><span style="color:#309;font-weight:bold">&lt;/Location&gt;</span> +</span></span></code></pre></div><h1 id="resource-server-configuration">Resource Server Configuration</h1> +<p>Now that access tokens can be generated, the resource server has to be configured. The same general ideas of <a href="#general-config">general config</a> apply. The properties of the <code>application.yml</code> are</p> +<table> +<thead> +<tr> +<th>Key</th> +<th>Values</th> +<th>Default</th> +</tr> +</thead> +<tbody> +<tr> +<td>sw360:thrift-server-url</td> +<td>the url where the thrift services can be found, e.g. http://localhost:8080</td> +<td></td> +</tr> +<tr> +<td>sw360:test-user-id</td> +<td>only for developing, simple test user short cut, must be pulled off for productive</td> +<td></td> +</tr> +<tr> +<td>sw360:test-user-passwors</td> +<td>see above</td> +<td></td> +</tr> +<tr> +<td>sw360:couchdb-url</td> +<td>the url of the CouhDB server for attachment handling, e.g. https://localhost:5984</td> +<td></td> +</tr> +<tr> +<td>sw360:cors:allowed-origin</td> +<td>value for cross origin resource sharing</td> +<td>n/a</td> +</tr> +</tbody> +</table> +<p>The REST API is now completely usable via an own client or testwise with integrated tools.</p> +<h1 id="tools">Tools</h1> +<p>To get data and interact with the sw360 REST API the HAL-Browser is recommended. Currently, the HAL-Browser is also deployed on the sw360 development instance, but this is likely to change once the REST API has evolved more. Currently the URL of HAL-Browser is:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api +</span></span></code></pre></div><p>An example for a screenshot is as follows:</p> +<p><img src="https://user-images.githubusercontent.com/29916928/39576770-90b2b576-4edf-11e8-9d1b-742c10d88b8e.png" alt="rest-hal-explorer"></p> +<p>When using other tools the access token has to be set as header parameter in the REST request. Please add a new header:</p> +<ul> +<li>Key: Authorization</li> +<li>As value you need to enter: <code>Bearer [ACCESS_TOKEN]</code> where <code>[ACCESS_TOKEN]</code> actually contains the token</li> +</ul> +<h2 id="example--get-a-list-of-projects">Example – Get a list of projects</h2> +<p>Here is an example how to query for all projects as HTTP GET Request. As for the resource endpoint, the request:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://sw360.org/resource/api/projects (or /resource/api/projects) +</span></span></code></pre></div><p>will return the following response:</p> +<p><img src="https://user-images.githubusercontent.com/29916928/39579586-6b1d1736-4ee7-11e8-8faf-da71c8776680.png" alt="rest-explorer2"></p> +<h1 id="api-documentation">API Documentation</h1> +<p>sw360 deploys a REST API documentation at every instance. There are the following URLs offered at each instance</p> +<table> +<thead> +<tr> +<th>URL</th> +<th>Description</th> +</tr> +</thead> +<tbody> +<tr> +<td>https://[hostname]:[port]/resource/docs/index.html</td> +<td>Small overview page</td> +</tr> +<tr> +<td>https://[hostname]:[port]/resource/docs/api-guide.html</td> +<td>The API description for the currently running server</td> +</tr> +<tr> +<td>https://[hostname]:[port]/resource/api/browser/index.html#/resource/api</td> +<td>Integrated HAL browser to directly use the API</td> +</tr> +</tbody> +</table> +<h1 id="known-problems">Known Problems</h1> +<p>If you use Nginx or Apache as request front end server there maybe some configuration caveats: The REST API objects provides self links to reference to other objects also including the protocol prefix. These links are realized on Hypertext Application Language (HAL) for example you will find in REST responses:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span><span style="color:#c30">&#34;_links&#34;</span><span style="color:#a00;background-color:#faa">:</span> { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;self&#34;</span>: { +</span></span><span style="display:flex;"><span> <span style="color:#309;font-weight:bold">&#34;href&#34;</span>: <span style="color:#c30">&#34;https://localhost:8443/resource/api/projects/065f3aa45c2683297fd1bb39296f519d&#34;</span> +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>The REST spring boot applications are using the Tomcat environment configuration to generate the HAL links. If the Tomcat is only configured as HTTP, the generated links will contain the <code>http</code> protocol and port - which is a problem if the server should be contacted over <code>https</code>only. This problem occurs, if tomcat is used together with Nginx, Apache httpd or other Web servers, which are configured to repsond only to <code>https</code>.</p> +<p>Solution is to set for example in Nginx HTTP &lsquo;X-Forward-*&rsquo; headers on a reverse proxy, for example:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">location</span> <span style="color:#c30">/</span> { +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">...</span> +</span></span><span style="display:flex;"><span> <span style="color:#c30">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Port</span> <span style="color:#f60">443</span>; +</span></span><span style="display:flex;"><span> <span style="color:#069;font-weight:bold">proxy_set_header</span> <span style="color:#c30">X-Forwarded-Proto</span> <span style="color:#c30">https</span>; +</span></span><span style="display:flex;"><span> } +</span></span></code></pre></div><p>For other Web severs, there might a similar solution.</p>Docs: Authorization Concepthttps://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ +<p>The authorization concept describes the different roles of the solution - mainly for documentation of the authorization of different roles of the sw360. It is not focusing for the roles like being a moderator, it is described on a separate page for users: <a href="https://github.com/eclipse/sw360/wiki/Dev-Role-Authorisation-Model">role and access model</a></p> +<h2 id="roles-overview">Roles Overview</h2> +<p>SW360 offers two choices for doing the roles: one is setting access rights at every record individually. Another are general roles that can be set for every user. An admin of SW360 can set user roles at the Liferay Users and Roles UI.</p> +<h4 id="setup-admin-liferay-role">Setup Admin (Liferay Role)</h4> +<p>The setup admin is the Liferay administrator, which can configure the entire liferay app, such as which portlets are shown on which page.</p> +<h4 id="sw360-admin-liferay-role">SW360 Admin (Liferay Role)</h4> +<p>The SW360 admin can change all data and promote users for more access rights, such as promoting a user to role <code>CLEARING_ADMIN</code>. So its use case is to promote users to clearing admins after some time without always asking the site administrator to do this. To enhance the <code>SW360_ADMIN</code> role to allow users of this role to promote other users&rsquo;s roles, follow these steps:</p> +<ol> +<li>Go to control panel</li> +<li>Select the <code>Users</code> section</li> +<li>To subsection <code>Roles</code></li> +<li>Select row for <code>SW360 Admin</code> and select action <code>Define permissions</code>.</li> +</ol> +<p>When defining permissions the idea is to reduce the permissions to the lowest level possible. Just allow for changing users.</p> +<h4 id="clearing-admin-liferay-role">Clearing Admin (Liferay Role)</h4> +<p>The clearing admin can change all component and release records and project records of the same group.</p> +<h4 id="security-admin-liferay-role">Security Admin (Liferay Role)</h4> +<p>In addition to the user rights, the security admin can set security vulnerabilities to irrelevant</p> +<h4 id="ecc-admin-liferay-role">ECC Admin (Liferay Role)</h4> +<p>In addition to the user rights, the ECC admin can manipulate ECC data.</p> +<h4 id="user">User</h4> +<p>A user can create, modify and delete all own (=self created) records. A user cannot change records of others</p> +<h4 id="summary">Summary</h4> +<h3 id="moderation-requests">Moderation Requests</h3> +<p>If a user with user or other access role rights is not entitled to write or change a record, a moderation request will be created. The moderation request contains the changes an will be routed for approval to the users who can write this record.</p>Docs: Configurable Property Keyshttps://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ +<h3 id="introduction">Introduction</h3> +<p>List of all applicable property files in sw360:</p> +<ul> +<li>sw360.properties</li> +<li>fossology.properties</li> +<li>couchdb.properties</li> +<li>search.properties</li> +<li>orgmapping.properties</li> +<li>databasetest.properties</li> +<li>authorization/application.yml</li> +<li>rest/application.yml</li> +</ul> +<h3 id="sw360properties-etcsw360sw360properties">SW360.properties (/etc/sw360/sw360.properties)</h3> +<p>The following table shall give an overview about the general sw360 configuration settings.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">licenseinfo.spdxparser.use-license-info-from-files</td> +<td style="text-align:left">true/false</td> +</tr> +<tr> +<td style="text-align:left">mainline.state.enabled.for.user</td> +<td style="text-align:left">true/false</td> +</tr> +<tr> +<td style="text-align:left">key.auth.email</td> +<td style="text-align:left">EMAIL</td> +</tr> +<tr> +<td style="text-align:left">key.auth.extid</td> +<td style="text-align:left">EXTID</td> +</tr> +<tr> +<td style="text-align:left">key.auth.givenname</td> +<td style="text-align:left">GIVENNAME</td> +</tr> +<tr> +<td style="text-align:left">key.auth.surname</td> +<td style="text-align:left">SURNAME</td> +</tr> +<tr> +<td style="text-align:left">key.auth.department</td> +<td style="text-align:left">DEPARTMENT</td> +</tr> +<tr> +<td style="text-align:left">backend.url</td> +<td style="text-align:left">http://127.0.0.1:8080</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.vendor.threshold</td> +<td style="text-align:left">1</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.product.threshold</td> +<td style="text-align:left">0</td> +</tr> +<tr> +<td style="text-align:left">cvesearch.cutoff</td> +<td style="text-align:left">6</td> +</tr> +<tr> +<td style="text-align:left">combined.cli.parser.external.id.correlation.key</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">schedule.cvesearch.firstOffset.seconds</td> +<td style="text-align:left">0</td> +</tr> +<tr> +<td style="text-align:left">schedule.cvesearch.interval.seconds</td> +<td style="text-align:left">&ldquo;(24<em>60</em>60)&rdquo;</td> +</tr> +<tr> +<td style="text-align:left">autostart</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">rest.write.access.usergroup</td> +<td style="text-align:left">SW360_ADMIN</td> +</tr> +<tr> +<td style="text-align:left">rest.access.token.validity.seconds</td> +<td style="text-align:left">3600</td> +</tr> +<tr> +<td style="text-align:left">rest.security.client.id</td> +<td style="text-align:left">sw360-trusted-client</td> +</tr> +<tr> +<td style="text-align:left">rest.security.client.secret</td> +<td style="text-align:left">sw360-secret</td> +</tr> +<tr> +<td style="text-align:left">programming.languages</td> +<td style="text-align:left">ActionScript,AppleScript, Asp,Bash,BASIC, C,C++,C#,Cocoa,Clojure, COBOL,ColdFusion,D, Delphi,Erlang,Fortran, Go,Groovy,Haskell, JSP,Java,JavaScript,Objective-C, Ocaml,Lisp,Perl, PHP,Python,Ruby,SQL ,SVG,Scala,SmallTalk Scheme,Tcl,XML, Node.js,JSON</td> +</tr> +<tr> +<td style="text-align:left">software.platforms</td> +<td style="text-align:left">Adobe AIR,Adobe Flash, Adobe Shockwave,Binary Runtime Environment for Wireless,Cocoa (API),Cocoa Touch,Java (software platform)</td> +</tr> +<tr> +<td style="text-align:left">operating.systems</td> +<td style="text-align:left">Android,BSD,iOS, Linux,OS X,QNX, Microsoft Windows,Windows Phone,IBM z/OS</td> +</tr> +<tr> +<td style="text-align:left">clearing.teams</td> +<td style="text-align:left">org1,org2,org3</td> +</tr> +<tr> +<td style="text-align:left">state</td> +<td style="text-align:left">Active,Phase out,Unknown</td> +</tr> +<tr> +<td style="text-align:left">project.type</td> +<td style="text-align:left">Customer Project,Internal Project,Product,Service,Inner Source</td> +</tr> +<tr> +<td style="text-align:left">project.externalkeys</td> +<td style="text-align:left">internal.id</td> +</tr> +<tr> +<td style="text-align:left">license.identifiers</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">component.categories</td> +<td style="text-align:left">framework,SDK,big-data, build-management,cloud,content, database,graphics,http, javaee,library,mail,mobile, security,testing,virtual-machine, web-framework,xml</td> +</tr> +<tr> +<td style="text-align:left">component.externalkeys</td> +<td style="text-align:left">com.github.id,com.gitlab.id,purl.id</td> +</tr> +<tr> +<td style="text-align:left">custommap.project.roles</td> +<td style="text-align:left">Stakeholder,Analyst,Contributor,Accountant,End user,Quality manager,Test manager,Technical writer,Key user</td> +</tr> +<tr> +<td style="text-align:left">custommap.component.roles</td> +<td style="text-align:left">Committer,Contributor,Expert</td> +</tr> +<tr> +<td style="text-align:left">custommap.release.roles</td> +<td style="text-align:left">Committer,Contributor,Expert</td> +</tr> +<tr> +<td style="text-align:left">custommap.release.externalIds</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">release.externalkeys</td> +<td style="text-align:left">org.maven.id,com.github.id,com.gitlab.id,purl.id</td> +</tr> +<tr> +<td style="text-align:left">projectimport.hosts</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">preferred.country.codes</td> +<td style="text-align:left">DE,AT,CH,US</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_from</td> +<td style="text-align:left">_<a href="mailto:No_Reply__@sw360.org">No_Reply__@sw360.org</a></td> +</tr> +<tr> +<td style="text-align:left">MailUtil_host</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_port</td> +<td style="text-align:left">25</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableStarttls</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableSsl</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_isAuthenticationNecessary</td> +<td style="text-align:left">true</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_login</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_password</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_enableDebug</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">MailUtil_supportMailAddress</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">defaultBegin</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">defaultEnd</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">unsubscribeNoticeBefore</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">unsubscribeNoticeAfter</td> +<td style="text-align:left">-</td> +</tr> +</tbody> +</table> +<h3 id="fossologyproperties-etcsw360fossologyproperties">fossology.properties (/etc/sw360/fossology.properties)</h3> +<p>These configuration parameters are necessary to connect to a fossology server.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">fossology.host</td> +<td style="text-align:left">localhost</td> +</tr> +<tr> +<td style="text-align:left">fossology.port</td> +<td style="text-align:left">22</td> +</tr> +<tr> +<td style="text-align:left">fossology.user</td> +<td style="text-align:left">sw360</td> +</tr> +<tr> +<td style="text-align:left">fossology.key.file</td> +<td style="text-align:left">/fossology.id_rsa</td> +</tr> +<tr> +<td style="text-align:left">fossology.key.pub.file</td> +<td style="text-align:left">[fossology.key.file] + .pub</td> +</tr> +</tbody> +</table> +<h3 id="couchdbproperties-etcsw360couchdbproperties">couchdb.properties (/etc/sw360/couchdb.properties)</h3> +<p>CouchDB and Lucene serach configuration properties.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">couchdb.url</td> +<td style="text-align:left">http://localhost:5984</td> +</tr> +<tr> +<td style="text-align:left">couchdb.database</td> +<td style="text-align:left">sw360db</td> +</tr> +<tr> +<td style="text-align:left">couchdb.user</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.password</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.userdb</td> +<td style="text-align:left">sw360users</td> +</tr> +<tr> +<td style="text-align:left">couchdb.attachments</td> +<td style="text-align:left">sw360attachments</td> +</tr> +<tr> +<td style="text-align:left">couchdb.fossologyKeys</td> +<td style="text-align:left">sw360fossologyKeys</td> +</tr> +<tr> +<td style="text-align:left">couchdb.vulnerability_management</td> +<td style="text-align:left">sw360vm</td> +</tr> +<tr> +<td style="text-align:left">lucenesearch.limit</td> +<td style="text-align:left">25</td> +</tr> +<tr> +<td style="text-align:left">lucenesearch.leading.wildcard*</td> +<td style="text-align:left">false</td> +</tr> +</tbody> +</table> +<blockquote> +<p>* If you enable lucene leading wildcards you have to enable this configuration also in couchdb-lucene.ini! Leading wildcard search is disabled as default because its a expensive operation. <em>(couchdb-lucene.ini is part of the couchdb-lucene .war package)</em> <br> +[lucene] <br> +allowLeadingWildcard=true</p> +</blockquote> +<h3 id="searchproperties-etcsw360searchproperties">search.properties (/etc/sw360/search.properties)</h3> +<p>The following table shall give an overview about the specific search properties</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">search.name.max.length</td> +<td style="text-align:left">64</td> +</tr> +</tbody> +</table> +<h3 id="orgmappingproperties-etcsw360orgmappingproperties">orgmapping.properties (/etc/sw360/orgmapping.properties)</h3> +<p>This configuration file is used to activate the sw360 orgmapping feature.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">match.prefix</td> +<td style="text-align:left">false</td> +</tr> +<tr> +<td style="text-align:left">enable.custom.mapping</td> +<td style="text-align:left">false</td> +</tr> +</tbody> +</table> +<h3 id="databasetestproperties-etcsw360databasetestproperties">databasetest.properties (/etc/sw360/databasetest.properties)</h3> +<p>Just for couchdb database test purpose.</p> +<table> +<thead> +<tr> +<th style="text-align:left">Property Key</th> +<th style="text-align:left">Default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">couch_db_url</td> +<td style="text-align:left">http://localhost:5984</td> +</tr> +<tr> +<td style="text-align:left">couch_db_database</td> +<td style="text-align:left">datahandlertestdb</td> +</tr> +<tr> +<td style="text-align:left">couchdb.username</td> +<td style="text-align:left">-</td> +</tr> +<tr> +<td style="text-align:left">couchdb.password</td> +<td style="text-align:left">-</td> +</tr> +</tbody> +</table> +<h3 id="authorizationapplicationyml-etcsw360authorizationapplicationyml">authorization/application.yml (/etc/sw360/authorization/application.yml)</h3> +<p>All of the following built-in properties can be overridden:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Port to open in standalone mode +</span></span><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8090 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Connection to the couch databases. Will be used to store client credentials +</span></span><span style="display:flex;"><span>couchdb: +</span></span><span style="display:flex;"><span> url: http://localhost:5984 +</span></span><span style="display:flex;"><span> database: sw360oauthclients +</span></span><span style="display:flex;"><span> # if your couchdb does not use authentication, pls just don&#39;t use the settings for username and password +</span></span><span style="display:flex;"><span> #username: +</span></span><span style="display:flex;"><span> #password: +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> jackson: +</span></span><span style="display:flex;"><span> serialization: +</span></span><span style="display:flex;"><span> indent_output: true +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># Common SW360 properties +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> # The url of the Liferay instance +</span></span><span style="display:flex;"><span> sw360-portal-server-url: ${SW360_PORTAL_SERVER_URL:http://127.0.0.1:8080} +</span></span><span style="display:flex;"><span> # The id of the company in Liferay that sw360 is run for +</span></span><span style="display:flex;"><span> sw360-liferay-company-id: ${SW360_LIFERAY_COMPANY_ID:20155} +</span></span><span style="display:flex;"><span> # Allowed origins that should be set in the header +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> # Configuration for enabling authorization via headers, e.g. when using SSO +</span></span><span style="display:flex;"><span> # in combination with a reverse proxy server +</span></span><span style="display:flex;"><span> customheader: +</span></span><span style="display:flex;"><span> headername: +</span></span><span style="display:flex;"><span> # You have to enable authorization by headers explicitly here +</span></span><span style="display:flex;"><span> enabled: false +</span></span><span style="display:flex;"><span> # Attention: please make sure that the proxy is removing there headers +</span></span><span style="display:flex;"><span> # if they are coming from anywhere else then the authentication server +</span></span><span style="display:flex;"><span> intermediateauthstore: custom-header-auth-marker +</span></span><span style="display:flex;"><span> email: authenticated-email +</span></span><span style="display:flex;"><span> extid: authenticated-extid +</span></span><span style="display:flex;"><span> # also available - at least in saml pre auth - are &#34;givenname&#34;, &#34;surname&#34; and &#34;department&#34; +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span></code></pre></div><h3 id="restapplicationyml-etcsw360restapplicationyml">rest/application.yml (/etc/sw360/rest/application.yml)</h3> +<p>All of the following built-in properties can be overridden:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>server: +</span></span><span style="display:flex;"><span> port: 8091 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>spring: +</span></span><span style="display:flex;"><span> http: +</span></span><span style="display:flex;"><span> multipart: +</span></span><span style="display:flex;"><span> max-file-size: 500MB +</span></span><span style="display:flex;"><span> max-request-size: 600MB +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> data: +</span></span><span style="display:flex;"><span> rest: +</span></span><span style="display:flex;"><span> base-path: /api +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span># logging: +</span></span><span style="display:flex;"><span># level: +</span></span><span style="display:flex;"><span># org.springframework.web: DEBUG +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>security: +</span></span><span style="display:flex;"><span> oauth2: +</span></span><span style="display:flex;"><span> resource: +</span></span><span style="display:flex;"><span> id: sw360-REST-API +</span></span><span style="display:flex;"><span> filter-order: 3 +</span></span><span style="display:flex;"><span> jwt: +</span></span><span style="display:flex;"><span> keyValue: | +</span></span><span style="display:flex;"><span> -----BEGIN PUBLIC KEY----- +</span></span><span style="display:flex;"><span> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApz8Cr1o5yHMv/FUdF5uy +</span></span><span style="display:flex;"><span> VptilqdWtNvw5S6Tr4IaQ4XR9QPt8nlRsjOngfG4QCcKMBWJISldFg8PlJWUBeV+ +</span></span><span style="display:flex;"><span> 6TwQUidxokl2GbO6/+QA+lz1a5Ei1Y1pcnvFeRb2pdYlH3Yg6fXMxS6QwDLk27pZ +</span></span><span style="display:flex;"><span> 5xbpSDIGISDesyaIMvwaKdhAbFW/tTb/oJY7rCPvmYLT80kJzilijJ/W01jMMSHg +</span></span><span style="display:flex;"><span> 9Yi5cCt1eU/s78co+pxHzwNXO0Ul4iRpo/CXprQCsSIsdWkJTo6btal1xzd292Da +</span></span><span style="display:flex;"><span> d+9xq499JEsNbcqLfCq8DBQ7CEz6aJjMvPkvZiCrFIGxC/Gqmw35DQ4688rbkKSJ +</span></span><span style="display:flex;"><span> PQIDAQAB +</span></span><span style="display:flex;"><span> -----END PUBLIC KEY----- +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span>sw360: +</span></span><span style="display:flex;"><span> thrift-server-url: ${SW360_THRIFT_SERVER_URL:http://localhost:8080} +</span></span><span style="display:flex;"><span> test-user-id: admin@sw360.org +</span></span><span style="display:flex;"><span> test-user-password: sw360-password +</span></span><span style="display:flex;"><span> couchdb-url: ${SW360_COUCHDB_URL:http://localhost:5984} +</span></span><span style="display:flex;"><span> cors: +</span></span><span style="display:flex;"><span> allowed-origin: ${SW360_CORS_ALLOWED_ORIGIN:#{null}} +</span></span></code></pre></div>Docs: Configuring Country Codeshttps://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ +<p>This feature is available on:</p> +<ul> +<li>projects / Owner Country</li> +<li>components / Owner Country</li> +</ul> +<p><img src="https://user-images.githubusercontent.com/29916928/36796378-551cf572-1c9d-11e8-96aa-85ce98e97ff3.jpg" alt="Country Code List"></p> +<p>Its supports preferred country codes, which are shown at the top of the country list. <br> +You can configure them by using the sw360.properties.</p> +<table> +<thead> +<tr> +<th style="text-align:center">sw360 properties key</th> +<th style="text-align:center">value</th> +<th style="text-align:center">default</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">preferred.country.codes</td> +<td style="text-align:center">(ISO 3166-1 alpha-2)</td> +<td style="text-align:center">DE,AT,CH,US</td> +</tr> +</tbody> +</table>Docs: CVE Schedulerhttps://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ +<h1 id="how-to-use-sw360-cve-schedule">How to use SW360 CVE schedule</h1> +<p>SW360 gets vulnerability information from Common Vulnerability Enumeration (CVE) data. SW360 can connect to your local cve-search server.<br> +<em>Few years ago, sw360 was able to get vulnerability information from online CVE serverr, but it is not active.</em></p> +<h2 id="install-cve-search">Install CVE-search</h2> +<p>cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs. You can choose Docker install or Native install.</p> +<h3 id="docker-installation-github-repohttpsgithubcomcve-searchcve-search-docker">Docker Installation <a href="https://github.com/cve-search/CVE-Search-Docker">Github repo</a></h3> +<p>Only clone and &ldquo;docker-compose up&rdquo;.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/CVE-Search-Docker.git +</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> CVE-Search-Docker +</span></span><span style="display:flex;"><span> $ docker-compose up +</span></span></code></pre></div><h3 id="native-installation-github-repohttpsgithubcomcve-searchcve-search">Native Installation <a href="https://github.com/cve-search/cve-search">Github repo</a></h3> +<ol> +<li>Clone source</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ git clone https://github.com/cve-search/cve-search +</span></span><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search +</span></span><span style="display:flex;"><span> $ git checkout <span style="color:#555">{</span>tag/branch<span style="color:#555">}</span> +</span></span></code></pre></div><ol start="2"> +<li>Install system requirements</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install -y &lt; requirements.system +</span></span></code></pre></div><ol start="3"> +<li>Install CVE-Search and its Python dependencies</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> pip3 install -r requirements.txt +</span></span></code></pre></div><ol start="4"> +<li>Install mongodb</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ <span style="color:#033">codename</span><span style="color:#555">=</span><span style="color:#069;font-weight:bold">$(</span>lsb_release --codename --short<span style="color:#069;font-weight:bold">)</span> +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ <span style="color:#366">echo</span> <span style="color:#c30">&#34;deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu </span><span style="color:#a00">${</span><span style="color:#033">codename</span><span style="color:#a00">}</span><span style="color:#c30">/mongodb-org/4.4 multiverse&#34;</span> | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list +</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get update +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo apt-get install -y mongodb-org +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl start mongod +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Verify status of mongodb</span> +</span></span><span style="display:flex;"><span> $ sudo systemctl status mongod +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># if all is ok, enable mongodb to start on system startup</span> +</span></span><span style="display:flex;"><span> $ sudo systemctl <span style="color:#366">enable</span> mongod +</span></span></code></pre></div><ol start="5"> +<li>Populating the database</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ sudo apt-get install redis redis-server +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic">#modify: stop-writes-on-bgsave-error yes -&gt; no</span> +</span></span><span style="display:flex;"><span> $ sudo vim /etc/redis/redis.conf +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl daemon-reload +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ sudo systemctl restart redis +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_cpe_dictionary.py -p +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_mgmt_json.py -p +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> $ ./sbin/db_updater.py -c <span style="color:#09f;font-style:italic"># This will take &gt; 45minutes on a decent machine, please be patient</span> +</span></span></code></pre></div><ol start="6"> +<li>Updating the database</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ ./sbin/db_updater.py -v +</span></span></code></pre></div><ol start="7"> +<li>Starting and stopping the web-server</li> +</ol> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Install psutil &gt;= 5.7.0</span> +</span></span><span style="display:flex;"><span> $ pip3 install psutil&gt;<span style="color:#555">=</span>5.7.0 +</span></span><span style="display:flex;"><span> +</span></span><span style="display:flex;"><span> <span style="color:#09f;font-style:italic"># Starting web server</span> +</span></span><span style="display:flex;"><span> $ python3 web/index.py +</span></span></code></pre></div><p>Default Web server: http://localhost:5000</p> +<p>To stop the server, press the <code>CTRL+C</code></p> +<p><strong>Note</strong>: By default CVE-Search takes assumptions on certain configuration aspects of the application, you can adjust</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ <span style="color:#366">cd</span> cve-search +</span></span><span style="display:flex;"><span> $ cp etc/configuration.ini.sample etc/configuration.ini +</span></span><span style="display:flex;"><span> $ vim etc/configuration.ini +</span></span></code></pre></div><h2 id="setup-sw360-with-cve-server">Setup SW360 with CVE server</h2> +<ol> +<li>Change default CVE server</li> +</ol> +<p>Change <code>cvesearch.host</code> with CVE server address.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-cvesearch/src/main/resources/cvesearch.properties +</span></span></code></pre></div><ol start="2"> +<li>Setting for schedule the CVE service</li> +</ol> +<p>The offset (first run of the update) and the interval between updates can also be adjusted.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sh" data-lang="sh"><span style="display:flex;"><span> $ vim <span style="color:#a00">${</span><span style="color:#033">SW360_DIR_INSTALL</span><span style="color:#a00">}</span>/backend/src/src-schedule/src/main/resources/sw360.properties +</span></span></code></pre></div><p>The <code>offset</code> has to be given in seconds since midnight and also the <code>interval</code> has to be entered in seconds. The default is to update the vulnerabilities by CVEsearch every night at midnight, which corresponds to an offset of 0 and an interval of 24 hours (= 86400 seconds).</p> +<p>According to the default settings, cveSearch is not auto-started with the scheduling service. If want to auto start <code>autostart = cvesearchService</code></p> +<ol start="3"> +<li>Schedule task Adminstration</li> +</ol> +<p>View and start/stop schedule</p> +<p>Click <code>Admin</code> &gt; <code>Schedule</code></p> +<h2 id="reference">Reference</h2> +<p>CVE guide: [https://cve-search.github.io/cve-search/database/database.html]</p> +<p>User Scheduling CVE Search by Admins: [https://github.com/eclipse/sw360/wiki/User-Scheduling-CVE-Search-by-Admins]</p>Docs: Dependency Network Featurehttps://www.eclipse.org/sw360/docs/userguide/dependency_network/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/dependency_network/ +<h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> +<p>To use this function, please:</p> +<ol> +<li> +<p>Build the source code and deploy.</p> +</li> +<li> +<p>Add config <strong>enable.flexible.project.release.relationship=true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> +</li> +</ol> +<p>The following changes will work when <strong>enable.flexible.project.release.relationship=true</strong> only.</p> +<ol start="3"> +<li>Use the migration script (<strong>056_migrate_project_dependency_network.py</strong>) we provided to mograte the database.</li> +</ol> +<p>Before you run the script, please change two places in the script:</p> +<p>(1) Line 30: <code>DRY_RUN = True</code> -&gt; <code>DRY_RUN = False</code></p> +<p>(2) Line 32: <code>COUCHSERVER = 'http://localhost:5984/'</code> -&gt; <code>COUCHSERVER = 'http://admin:password@localhost:5984/'</code></p> +<p><code>admin</code> and <code>password</code> should be your username and password for CouchDB.</p> +<h1 id="1-introduction"><strong>1. Introduction</strong></h1> +<p>The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.</p> +<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> +<p>This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. +Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png"/> +</figure> +<h2 id="21-the-changes-of-edit-project-gui"><strong>2.1. The changes of edit project GUI</strong></h2> +<p>In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:</p> +<h4 id="a-modify-the-add-releases-button-this-button-will-add-a-direct-dependency-release-in-the-dependency-graph-of-this-project"><strong>a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png"/> +</figure> +<h4 id="b-a-new-icon-button-to-add-a-dependency-release-to-another-dependency-release-in-the-dependency-graph-note-that-this-dependency-added-is-seen-as-the-transitive-dependency-of-this-project"><strong>b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png"/> +</figure> +<h4 id="c-a-new-icon-button-to-load-the-default-dependency-graph-of-a-dependency-release-by-importing-the-dependency-information-stored-on-the-component-page-note-that-this-button-will-load-all-dependencies-both-direct-and-transitive-ones-of-the-corresponding-dependency-release"><strong>c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png"/> +</figure> +<h4 id="d-the-combo-box-allows-the-user-to-modify-the-version-of-a-dependency"><strong>d. The combo box allows the user to modify the version of a dependency.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Select_version_box.png"/> +</figure> +<h4 id="e-the-check-dependency-network-button-will-compare-and-show-the-different-dependency-information-which-is-not-consistent-with-the-default-one-stored-on-the-component-page-by-highlighting-them-the-inconsistency-usually-happens-after-users-modified-the-dependency-graph-or-imported-an-old-project"><strong>e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png"/> +</figure> +<h2 id="23-rest-api-changes"><strong>2.3 Rest API changes</strong></h2> +<h3 id="new-rest-apis">New Rest APIs</h3> +<p><strong>a. 3.3.35. Get a single project with dependencies network</strong></p> +<p>The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> &#34;name&#34; : &#34;Emerald Web&#34;, +</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;6a8250852362462095c57535294039e4&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;TO_BE_REPLACED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;PHASEOUT&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>b. 3.3.36. Creating a project with dependencies network</strong></p> +<p>If the <strong>dependencyNetwork</strong> field is included in the request body, a dependency network will be registered for the project.</p> +<ul> +<li>Simple example request (modify releaseIds to the existing release ids in sw360):</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;TestProject1&#34;, +</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>c. 3.3.37. Update a project with dependencies network</strong></p> +<p>Same request body as &ldquo;Creating a project with dependencies network&rdquo;.</p>Docs: Export and Importhttps://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-diff" data-lang="diff"><span style="display:flex;"><span><span style="background-color:#fcc">- note that only export and import of users is active, +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- everything else is deprecated functionality. +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- The export and import functionality has not been +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- updated at some point and thus will not function +</span></span></span><span style="display:flex;"><span><span style="background-color:#fcc">- properly anymore. +</span></span></span></code></pre></div><h1 id="full-export">Full Export</h1> +<p>The easiest way to fully export the data is to copy all the .couch files of Couch-DB. Where the files are can be found out from Futon. +e.g.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/_utils/config.html +</span></span></code></pre></div><p>under</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>view_index_dir /var/lib/couchdb +</span></span></code></pre></div><p>This method of exporting has the advantage that all Ids remain the same. +An equally simple method it to use the Couch-DB replicator from Futon.</p> +<p>This method might fail when there are changes to the document structure as Ektorp might stumble over unset required or surplus fields. The method of choice here is to repair the DB (after a backup) with</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>https://github.com/couchapp/couchapp +</span></span></code></pre></div><p>and then follows the instructions from</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://harthur.github.io/costco/ +</span></span></code></pre></div><p>and</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>couchapp push . http://localhost:5984/sw360users +</span></span></code></pre></div><p>then you go to</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>http://localhost:5984/sw360users/_design/costco/index.html +</span></span></code></pre></div><p>and you can run functions like:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { +</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { +</span></span><span style="display:flex;"><span> if(doc.fullname == &#39;Homer J. Simons&#39;) { +</span></span><span style="display:flex;"><span> doc.fullname = &#39;Homer Jay Simons&#39;; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> return doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p>You can also change the names of properties, e.g.</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>function(doc) { +</span></span><span style="display:flex;"><span> if (doc.type == &#39;user&#39;) { +</span></span><span style="display:flex;"><span> if(doc.fullname ) { +</span></span><span style="display:flex;"><span> doc.fullname2 = doc.fullname; +</span></span><span style="display:flex;"><span> delete doc.fullname; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> return doc; +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><h1 id="csv-export">CSV Export</h1> +<h2 id="users">Users</h2> +<p>The export of users was already described, this is very important as this also creates the users in the liferay database. The mere export of the users.couch is not enough.</p> +<h2 id="projects">Projects</h2> +<p>There is no CSV export or import for projects currently.</p> +<h2 id="components-and-releases">Components and Releases</h2> +<p>To Export the components and releases you need to do the following: As Components and Releases are identified by their identifier ([name] or [name(version)]), these identifiers need to be unique. When importing duplicates in the identifiers are ignored and they are also not exported. -Therefore in the admin page you can check the database for such duplicates.</p> -<p>After that &ldquo;Download Component CSV&rdquo; creates a CSV with components, releases and their source attachments. +Therefore in the admin page you can check the database for such duplicates.</p> +<p>After that &ldquo;Download Component CSV&rdquo; creates a CSV with components, releases and their source attachments. The source attachments are created if the &ldquo;DownloadURL&rdquo; is a valid url. These remote-only attachments will be download once the first download request occurs. -If the URL does not exist you get an error.</p> -<p>Alternatively you can use</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java -</span></span></code></pre></div><p>to bulk download the source only attachments. -The command line call to use it from the Siemens network looks like this:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d -</span></span></code></pre></div><h2 id="attachments">Attachments</h2> -<p>Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.</p> -<p>The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.</p> -<p>This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.</p> -<p>The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.</p> -<p>If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.</p> -<p>If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.</p> -<p>In general this should only be necessary if errors have occurred. -It is a good idea to run this before you export the attachments.</p> -<h2 id="release-links">Release links</h2> -<p>Links between releases can be exported or imported. +If the URL does not exist you get an error.</p> +<p>Alternatively you can use</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>sw360/src/backend/utils/src/main/java/com/siemens/sw360/attachments/db/RemoteAttachmentDownloader.java +</span></span></code></pre></div><p>to bulk download the source only attachments. +The command line call to use it from the Siemens network looks like this:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> java -jar -Dhttp.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttps.proxyHost=proxyfarm.3dns.netz.sbs.de -Dhttp.proxyPort=84 -Dhttps.proxyPort=84 /home/siemagrant/.m2/repository/com/siemens/sw360/backend-utils/0.1.1-SNAPSHOT/backend-utils-0.1.1-SNAPSHOT-jar-with-dependencies.jar -d +</span></span></code></pre></div><h2 id="attachments">Attachments</h2> +<p>Here we have a mixed strategy, as there is a CSV export for the attachments, which only stores the meta information about the files. The files themselves need to be brought into a new instance via the sw360attachments.couch database.</p> +<p>The ids of the attachments are also in the CSV, so they are not portable without the sw360attachments.couch. This is meant as a form of recovery, but it should not be used on an instance that has been worked on, so only a fresh set up.</p> +<p>This will overwrite the auto generated attachments from the component CSV if the have the same URL as one of the imported attachments. This feature is needed to render the procedure idempotent.</p> +<p>The admin interface provides the possibility to delete attachment contents that do not have a project, component or release with an attachment that references it.</p> +<p>If you copy the sw360attachments.couch to your instance and then click this before you import than the db should be empty afterwards.</p> +<p>If there was no error after importing the csv, running this job should yield no deletions if there was no error and the exported attachments where complete.</p> +<p>In general this should only be necessary if errors have occurred. +It is a good idea to run this before you export the attachments.</p> +<h2 id="release-links">Release links</h2> +<p>Links between releases can be exported or imported. Because release links are stored in maps, the procedure is idempotent by construction. -The old links are overwritten with the imported data.</p> -<h2 id="suggested-order-for-exports">Suggested Order for Exports</h2> -<ol> -<li>Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)</li> -<li>Clean up the attachments</li> -<li>Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)</li> -<li>Export the Users, Components, Attachment Infos and release links</li> -<li>copy the sw360attachments.couch, this might be a huge files</li> -</ol> -<h2 id="suggested-order-for-imports">Suggested Order for Imports</h2> -<h3 id="on-a-fresh-installation">On a fresh installation</h3> -<ol> -<li>Copy the sw360attachments.couch in its place</li> -<li>Start the licenses importer</li> -<li>restart the backend to make the design documents available and boot the frontend</li> -<li>Import the users</li> -<li>Import the component CSV</li> -<li>Import the Attachment Infos</li> -<li>Import the Release Link Infos.</li> -</ol> -<h3 id="regular-maintenance-operations">Regular Maintenance Operations</h3> -<ol> -<li>Run the attachments clean up</li> -<li>Resolve name crashes with the search for duplicate Identifiers</li> -</ol> -<h3 id="imports-on-a-running-instance">Imports on a running instance</h3> -<ol> -<li>New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.</li> -<li>Users can be added via CSV.</li> -<li>Release links can be added via CSV, duplicates overwrite existing links</li> -</ol> -<p>Attachments should not be imported on a running instance! +The old links are overwritten with the imported data.</p> +<h2 id="suggested-order-for-exports">Suggested Order for Exports</h2> +<ol> +<li>Freeze the application, so that others can not change the data at the moment (By external means, like closing a port forwarding)</li> +<li>Clean up the attachments</li> +<li>Look for duplicate identifiers and resolve conflicts (Important as duplicates do not get exported or imported)</li> +<li>Export the Users, Components, Attachment Infos and release links</li> +<li>copy the sw360attachments.couch, this might be a huge files</li> +</ol> +<h2 id="suggested-order-for-imports">Suggested Order for Imports</h2> +<h3 id="on-a-fresh-installation">On a fresh installation</h3> +<ol> +<li>Copy the sw360attachments.couch in its place</li> +<li>Start the licenses importer</li> +<li>restart the backend to make the design documents available and boot the frontend</li> +<li>Import the users</li> +<li>Import the component CSV</li> +<li>Import the Attachment Infos</li> +<li>Import the Release Link Infos.</li> +</ol> +<h3 id="regular-maintenance-operations">Regular Maintenance Operations</h3> +<ol> +<li>Run the attachments clean up</li> +<li>Resolve name crashes with the search for duplicate Identifiers</li> +</ol> +<h3 id="imports-on-a-running-instance">Imports on a running instance</h3> +<ol> +<li>New components can be imported via the CSV at any time. Duplicates to existing components will be ignored, but there is a log message.</li> +<li>Users can be added via CSV.</li> +<li>Release links can be added via CSV, duplicates overwrite existing links</li> +</ol> +<p>Attachments should not be imported on a running instance! This should not break much, as without the entries in the couchDB there will be no import. But potentially remote-only Attachments get deleted. -Nevertheless this scenario is not intended and maybe there are unforeseen side effects.</p> -<h2 id="troubleshooting">Troubleshooting</h2> -<h4 id="import-failing-in-the-backend-no-department">Import failing in the Backend: No Department</h4> -<p>The import fails with some error message that a user does not have a department?</p> -<ol> -<li>First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.</li> -<li>If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the &ldquo;sw360users&rdquo; database in couchdb.</li> -<li>Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.</li> -</ol> - - - - - - Docs: Initial Setup of Liferay 6.2 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ - - - - <h3 id="liferay-administrator-steps">Liferay administrator steps</h3> -<p>This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the <a href="https://github.com/sw360/sw360vagrant">sw360vagrant</a> or the <a href="https://github.com/sw360/sw360chores">sw360chores</a> deployment, the default setup user credentials are <code>setup@sw360.org</code> with the unsafe password <code>sw360fossy</code>.</p> -<ol> -<li> -<p>Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)</p> -</li> -<li> -<p>Go to</p> -<p>Menu Admin -&gt; Item Control Panel -&gt; Section Users, Password Policies -&gt; Default Password Policy -&gt; Actions -&gt; Edit</p> -</li> -<li> -<p>Then</p> -<p>uncheck <code>Change Required</code> and then -save</p> -</li> -<li> -<p>Then we need to grant new users the right to see SW360</p> -<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Default User Associations</p> -<p>check <code>Apply to Existing Users</code> -write in Sites: <code>SW360 </code> -save (on the right)</p> -</li> -<li> -<p>Do not allow stranger to create accounts &hellip;</p> -<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Authentication</p> -<p>uncheck <code>Allow strangers to create ...</code> -uncheck <code>Allow strangers to verify ...</code> -save (on the right)</p> -</li> -<li> -<p>Then, to deactivate self registration</p> -<p>Control Panel -&gt; Authentication -&gt; remove checkmarks for creating accounts by strangers -save (on the right)</p> -<p>Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)</p> -</li> -<li> -<p>Then we go to</p> -<p>Admin -&gt; Pages</p> -</li> -<li> -<p>and import the lar files from</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>frontend/configuration/public_pages.lar -</span></span><span style="display:flex;"><span>frontend/configuration/private_pages.lar -</span></span></code></pre></div><p>for the respective pages, using the tabs <code>Public Pages</code> and <code>Private Pages</code>. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.</p> -</li> -<li> -<p>( DO NOT CHECK Pages -&gt; Change -&gt; Delete Missing Pages)</p> -<p>We check on first page</p> -<p>Application Configuration -&gt; Choose Applications (leave all checked)</p> -<p>Permissions -&gt; Permissions</p> -<p>Permissions -&gt; Permissions Assigned to Roles</p> -<p>=&gt; Click Continue</p> -</li> -<li> -<p>We check on second page of the import agent:</p> -<p>Update Data -&gt; Mirror with overwriting</p> -<p>Authorship of the Content -&gt; Use the Current User as Author</p> -</li> -<li> -<p>If this was successful we can go to</p> -<p>Private Pages -&gt; users</p> -</li> -<li> -<p>We can then import a csv file that looks like that</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash -</span></span><span style="display:flex;"><span> user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK -</span></span></code></pre></div></li> -</ol> -<p>Note that</p> -<pre><code>1. The GID must be unique +Nevertheless this scenario is not intended and maybe there are unforeseen side effects.</p> +<h2 id="troubleshooting">Troubleshooting</h2> +<h4 id="import-failing-in-the-backend-no-department">Import failing in the Backend: No Department</h4> +<p>The import fails with some error message that a user does not have a department?</p> +<ol> +<li>First of all, the importing admin requires a group assignment. Otherwise the adding component action will fail.</li> +<li>If a group is added to the admin, not that in addition to the Liferay group setting, this information must be also placed into the &ldquo;sw360users&rdquo; database in couchdb.</li> +<li>Note that changes to groups and similar things will require a restart of the Liferay server (=tomcat). Otherwise the user caching kicks in and might not reflect all updates.</li> +</ol>Docs: Initial Setup of Liferay 6.2 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ +<h3 id="liferay-administrator-steps">Liferay administrator steps</h3> +<p>This part describes how to setup a new liferay instance after you went through the initial Liferay setup: create an admin account, confirm the license and terms and fill out your personal details. Alternatively in the <a href="https://github.com/sw360/sw360vagrant">sw360vagrant</a> or the <a href="https://github.com/sw360/sw360chores">sw360chores</a> deployment, the default setup user credentials are <code>setup@sw360.org</code> with the unsafe password <code>sw360fossy</code>.</p> +<ol> +<li> +<p>Login as setup administrator (if you are using the default unsafe password, you should replace it on productive instances)</p> +</li> +<li> +<p>Go to</p> +<p>Menu Admin -&gt; Item Control Panel -&gt; Section Users, Password Policies -&gt; Default Password Policy -&gt; Actions -&gt; Edit</p> +</li> +<li> +<p>Then</p> +<p>uncheck <code>Change Required</code> and then +save</p> +</li> +<li> +<p>Then we need to grant new users the right to see SW360</p> +<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Default User Associations</p> +<p>check <code>Apply to Existing Users</code> +write in Sites: <code>SW360 </code> +save (on the right)</p> +</li> +<li> +<p>Do not allow stranger to create accounts &hellip;</p> +<p>Control Panel -&gt; Configuration -&gt; Users(on the right) -&gt; Authentication</p> +<p>uncheck <code>Allow strangers to create ...</code> +uncheck <code>Allow strangers to verify ...</code> +save (on the right)</p> +</li> +<li> +<p>Then, to deactivate self registration</p> +<p>Control Panel -&gt; Authentication -&gt; remove checkmarks for creating accounts by strangers +save (on the right)</p> +<p>Note, disabling self registration is required because the current Liferay self registration does not create accounts in the backend service. (hence using the importer is required)</p> +</li> +<li> +<p>Then we go to</p> +<p>Admin -&gt; Pages</p> +</li> +<li> +<p>and import the lar files from</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>frontend/configuration/public_pages.lar +</span></span><span style="display:flex;"><span>frontend/configuration/private_pages.lar +</span></span></code></pre></div><p>for the respective pages, using the tabs <code>Public Pages</code> and <code>Private Pages</code>. Please note that the provided *.lar files are for Liferay 6.2 GA5 only (fun!). If you run a different liferay version, you will need to add the portlets manually until the *.lar files are updated manually.</p> +</li> +<li> +<p>( DO NOT CHECK Pages -&gt; Change -&gt; Delete Missing Pages)</p> +<p>We check on first page</p> +<p>Application Configuration -&gt; Choose Applications (leave all checked)</p> +<p>Permissions -&gt; Permissions</p> +<p>Permissions -&gt; Permissions Assigned to Roles</p> +<p>=&gt; Click Continue</p> +</li> +<li> +<p>We check on second page of the import agent:</p> +<p>Update Data -&gt; Mirror with overwriting</p> +<p>Authorship of the Content -&gt; Use the Current User as Author</p> +</li> +<li> +<p>If this was successful we can go to</p> +<p>Private Pages -&gt; users</p> +</li> +<li> +<p>We can then import a csv file that looks like that</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span> GivenName,Lastname,Email,Department,UserGroup,GID,isMale,PasswdHash +</span></span><span style="display:flex;"><span> user last name, user first name, first.last@sw360.org,TOP ORG CODE TEAM,USER,SW360_0004,true,AAAAoAAB9ACem9mZj9zptlEjFSMEF5MdOSUzgyxFDmKDGQDK +</span></span></code></pre></div></li> +</ol> +<p>Note that</p> +<pre><code>1. The GID must be unique 1. The hash here means &quot;t&quot; 1. The GID is called external Id in the thrift-based datamodel -</code></pre> -<h3 id="some-notes-and-troubleshooting">Some notes and troubleshooting</h3> -<h4 id="check-liferay-configuration-options">Check Liferay Configuration Options</h4> -<p>There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:</p> -<ul> -<li>Auto login or self registration functionality</li> -<li>Site statistics</li> -<li>Password policies</li> -<li>Configurability options</li> -<li>many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options.</li> -</ul> -<h4 id="liferay-crashes-at-startup-with-exception-dockbar">Liferay crashes at startup with exception: Dockbar</h4> -<p>If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem &hellip;).</p> -<h4 id="strange-behavior">Strange behavior</h4> -<p>If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;$CATALINA_OPTS -Xms2048m -Xmx2048m -</span></span><span style="display:flex;"><span>- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m -</span></span><span style="display:flex;"><span>- -XX:MaxPermSize=512m&#34; -</span></span></code></pre></div><p>if you run Java prior to 8.</p> -<h4 id="surfing-to-the-main-page-shows-blank-page-with-exception-message">Surfing to the main page shows blank page with exception message</h4> -<p>If the &ldquo;null pointer page&rdquo; shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).</p> - - - - - - Docs: Initial Setup of Liferay 7.2 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ - - - - <h1 id="starting-sw360-for-the-first-time">Starting SW360 for the First Time</h1> -<p>So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.</p> -<p>Until then, some tasks need to be done manually, after everything has been built up:</p> -<ul> -<li>import *.lar files</li> -<li>set password policies not to change after first login (it is annoying when developing)</li> -<li>set the default area to be SW360 when users login to liferay</li> -<li>apply some more settings, like users cannot create accounts on their own</li> -</ul> -<h1 id="setup-login">Setup Login</h1> -<p>After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png"/> -</figure> - -<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png"/> -</figure> - -<h1 id="user-settings-in-sw360">User Settings in SW360</h1> -<p>Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users &gt; Password Policies and disable <code>change Required</code> if you wish to do so. Click on Save to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt; <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png"/> -</figure> - -<p>Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png"/> -</figure> - -<h1 id="import-lar-files">Import *.lar Files</h1> -<p>Then, in the <code>SW360</code> area &gt; <code>Publishing</code> &gt; <code>Import</code> klick on the plus sign in order to import the *.lar file for public pages.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png"/> -</figure> - -<p>Overwriting and the write as current user needs to be selected.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png"/> -</figure> - -<p>After successful importing the following view should appear.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png"/> -</figure> - -<p>The same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png"/> -</figure> - -<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshots.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png"/> -</figure> - -<p>Importing permissions &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png"/> -</figure> - -<p>Mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png"/> -</figure> - -<p>Then the successful result should be shown like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png"/> -</figure> - -<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> -<p>Assuming you are still logged in, the main view of SW360 looks as follows:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png"/> -</figure> - -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png"/> -</figure> - -<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png"/> -</figure> - -<p>You can find a user file to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view.</p> -<h1 id="real-login">Real Login</h1> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png"/> -</figure> - -<p>After the successful login, SW360 will look as in the following screenshot.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png"/> -</figure> - -<p>For example, click on <code>Projects</code> to see that no projects have been created so far &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png"/> -</figure> - - - - - - - Docs: Initial Setup of Liferay 7.3 and sw360 - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ - - - - <p>After successful installation, the vagrant ends like the following terminal output:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png"/> -</figure> - -<p>Then if you open the server with the URL <code>https://localhost:8443/</code> the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png"/> -</figure> - -<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> -<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png"/> -</figure> - -<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png"/> -</figure> - -<h1 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h1> -<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png"/> -</figure> - -<p>In this area, go for Security &gt; Password Policies:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png"/> -</figure> - -<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png"/> -</figure> - -<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png"/> -</figure> - -<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png"/> -</figure> - -<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png"/> -</figure> - -<p>Finally, sice Liferay 7.3 some of the bundled modules need to be activated:</p> -<ul> -<li>jquery</li> -<li>font awesome</li> -</ul> -<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png"/> -</figure> - -<p>Do the same for Font Awesome:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png"/> -</figure> - -<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> -<h1 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h1> -<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> -<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png"/> -</figure> - -<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png"/> -</figure> - -<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png"/> -</figure> - -<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png"/> -</figure> - -<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> -<p>After successful importing, the same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png"/> -</figure> - -<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png"/> -</figure> - -<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png"/> -</figure> - -<p>You can close the left menu area by clicking on the upper left icon:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png"/> -</figure> - -<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> -<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png"/> -</figure> - -<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> -<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png"/> -</figure> - -<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png"/> -</figure> - -<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png"/> -</figure> - -<h1 id="real-login">Real Login</h1> -<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png"/> -</figure> - -<p>After the successful login, SW360 will look as follows.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png"/> -</figure> - - - - - - - +</code></pre> +<h3 id="some-notes-and-troubleshooting">Some notes and troubleshooting</h3> +<h4 id="check-liferay-configuration-options">Check Liferay Configuration Options</h4> +<p>There are plenty of useful settings to setup for your instance - you should check them depending on your desired use. Just a few examples, you could disable or enable:</p> +<ul> +<li>Auto login or self registration functionality</li> +<li>Site statistics</li> +<li>Password policies</li> +<li>Configurability options</li> +<li>many more, it makes sense to browse the Liferay Admin area (in the optimal case, using the setup-admin login) and check all the options.</li> +</ul> +<h4 id="liferay-crashes-at-startup-with-exception-dockbar">Liferay crashes at startup with exception: Dockbar</h4> +<p>If the dockbar error occurs, the file named in the error log must be replaced with an original one, because it is corrupted. Note that this represents a bug of the Liferay 6.2 (search in your favorite search engine for dockbar liferay problem &hellip;).</p> +<h4 id="strange-behavior">Strange behavior</h4> +<p>If the server has problems in terms of long running requests, maybe the memory setting is not allright, consider:</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>CATALINA_OPTS=&#34;$CATALINA_OPTS -Xms2048m -Xmx2048m +</span></span><span style="display:flex;"><span>- -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m +</span></span><span style="display:flex;"><span>- -XX:MaxPermSize=512m&#34; +</span></span></code></pre></div><p>if you run Java prior to 8.</p> +<h4 id="surfing-to-the-main-page-shows-blank-page-with-exception-message">Surfing to the main page shows blank page with exception message</h4> +<p>If the &ldquo;null pointer page&rdquo; shows up (just a simple white page saying a null pointer exception occurred), remove the hsql folder inside the data folder from the liferay distro (shutdown before and restart after).</p>Docs: Initial Setup of Liferay 7.2 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ +<h1 id="starting-sw360-for-the-first-time">Starting SW360 for the First Time</h1> +<p>So, the vagrant setup has deployed sw360, but unfortunately, there is some major issue: With Liferay, certain configuration need to be applied manually in the UI. If you would know how to import *.lar files and apply some setting from the command line (without implementing an approach based on HTML testing frameworks, like selenium), please let us know.</p> +<p>Until then, some tasks need to be done manually, after everything has been built up:</p> +<ul> +<li>import *.lar files</li> +<li>set password policies not to change after first login (it is annoying when developing)</li> +<li>set the default area to be SW360 when users login to liferay</li> +<li>apply some more settings, like users cannot create accounts on their own</li> +</ul> +<h1 id="setup-login">Setup Login</h1> +<p>After successful installation, the screen should look like this. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.38.53.png"/> +</figure> +<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.06.png"/> +</figure> +<h1 id="user-settings-in-sw360">User Settings in SW360</h1> +<p>Go into the control panel area which can be unfold by clicking in the upper left corner. In this area, go for Users &gt; Password Policies and disable <code>change Required</code> if you wish to do so. Click on Save to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.39.56.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt; <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.43.32.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.46.49.png"/> +</figure> +<p>Depending on your preferences make appropriate selections according to the screenshot. It is not advisable to allow users to self register in order to access the SW360 data.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.47.03.png"/> +</figure> +<h1 id="import-lar-files">Import *.lar Files</h1> +<p>Then, in the <code>SW360</code> area &gt; <code>Publishing</code> &gt; <code>Import</code> klick on the plus sign in order to import the *.lar file for public pages.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.49.41.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.10.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.14.png"/> +</figure> +<p>Overwriting and the write as current user needs to be selected.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.51.21.png"/> +</figure> +<p>After successful importing the following view should appear.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.23.png"/> +</figure> +<p>The same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.36.png"/> +</figure> +<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshots.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.52.58.png"/> +</figure> +<p>Importing permissions &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.01.png"/> +</figure> +<p>Mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.53.04.png"/> +</figure> +<p>Then the successful result should be shown like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.14.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear. Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.38.png"/> +</figure> +<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> +<p>Assuming you are still logged in, the main view of SW360 looks as follows:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.54.55.png"/> +</figure> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.00.png"/> +</figure> +<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.12.png"/> +</figure> +<p>You can find a user file to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.38.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.55.59.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view.</p> +<h1 id="real-login">Real Login</h1> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between users.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.06.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.16.png"/> +</figure> +<p>After the successful login, SW360 will look as in the following screenshot.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.56.33.png"/> +</figure> +<p>For example, click on <code>Projects</code> to see that no projects have been created so far &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-01-24_14.57.08.png"/> +</figure>Docs: Initial Setup of Liferay 7.3 and sw360https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ +<p>After successful installation, the vagrant ends like the following terminal output:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.07.32.png"/> +</figure> +<p>Then if you open the server with the URL <code>https://localhost:8443/</code> the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.12.png"/> +</figure> +<p>Note that the actual image changes with every liferay version. If there is weird html output without images and plain text, then likely some port settings did not work and the pages generated have wrong URLs inside.</p> +<p>Sign in_the icon_the upper left corner. If you did not change the values in <code>configuration.rb</code>the default login is <code>setup@sw360.org</code> and <code>sw360fossy</code>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.26.png"/> +</figure> +<p>After login the sw360 is not setup, thus the server does not display much, but a screen like the following:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.33.png"/> +</figure> +<h1 id="user-and-login-settings-in-liferay">User and Login Settings in Liferay</h1> +<p>Go into the control panel area by clicking the items icon (nine small cubes) in the upper right corner and select the control panel tab:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.41.png"/> +</figure> +<p>In this area, go for Security &gt; Password Policies:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.53.png"/> +</figure> +<p>Edit this password policy and disable <code>change Required</code> if you wish to do so. Click on Save_the bottom of the page to save the selection.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.09.59.png"/> +</figure> +<p>Then, go: in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>Users</code> &gt;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.17.png"/> +</figure> +<p>In this area, select <code>Default User Associations</code> to enter SW360 and apply it also to existing users. Click on Save to save the selection:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.30.png"/> +</figure> +<p>Then, in <code>Configuration</code> &gt; <code>Instance Settings</code> &gt; <code>User Authentication</code> &gt; <code>General</code> to disable all kind of auto login to make sure only authenticated users can log in. You may want to switch off the e-mail verification, because for most of the development times it will not be of much value.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.10.50.png"/> +</figure> +<p>Finally, sice Liferay 7.3 some of the bundled modules need to be activated:</p> +<ul> +<li>jquery</li> +<li>font awesome</li> +</ul> +<p>In oder to do this, please select from the <code>Configuration</code> &gt; <code>System Settings</code> &gt; <code>Third Party</code> and go to jquery, select the enablement and click on Update:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.08.png"/> +</figure> +<p>Do the same for Font Awesome:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.13.png"/> +</figure> +<p>Note that you need to reload the browser or load a new browser window to take changes to effect.</p> +<h1 id="setup-sw360-for-liferay-import-lar-files">Setup SW360 for Liferay: Import *.lar Files</h1> +<p>For the setup of SW360 in Liferay, the portal description files, <code>*.lar</code> files need not be imported. there is no way except from doing this in the UI. If we are wrong with this, please let us know, because it is very annoying that these ever occurring steps cannot be automated with Liferay.</p> +<p>In order to go ahead, switch to the <code>SW360</code> area where you can apply site settings:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.20.png"/> +</figure> +<p>The go into &gt; <code>Publishing</code> &gt; <code>Import</code> which shows like this:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.11.25.png"/> +</figure> +<p>Then, click on the plus sign in order to import the *.lar file for public pages. You will find the lar files in the <a href="https://github.com/eclipse/sw360/tree/master/frontend/configuration">frontend/configuration</a> folder of the sw360 repository.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.15.png"/> +</figure> +<p>As for import settings, follow the selection as shown on the screenshot. It is very important that for the <code>PublicPages.lar</code> file the selection <code>Public Pages</code> is made.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.26.png"/> +</figure> +<p>Importing permission makes sure that pages are visible according to users rights. For public pages, it is irrelevant_the moment. Overwriting and the write as current user needs to be selected.</p> +<p>After successful importing, the same steps shall be repeated for the <code>PrivatePages.lar</code> file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.48.png"/> +</figure> +<p>Make sure that <code>Private Pages</code> is selected. Follow the other selections made as shown on the screenshot &hellip; importing permissions &hellip; mirror with overwriting, use the current author &hellip;</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.23.53.png"/> +</figure> +<p>If you click then the liferay logo_the upper left corner where the SW360 is, you will return to the application and the following screen should appear:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.18.png"/> +</figure> +<p>You can close the left menu area by clicking on the upper left icon:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.21.png"/> +</figure> +<p>Click <code>Start</code> to open the private pages. You are still logged in, so the setup account is used to view the pages.</p> +<p><strong>Important</strong> The setup account does not belong to a group. Thus, not all view are functional because they require a group membership to work correctly.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.31.png"/> +</figure> +<h1 id="import-user-accounts-for-testing">Import User Accounts for Testing</h1> +<p>Click the SW360 <code>Admin</code> menu which is_the right and selection the <code>User</code> item.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.48.png"/> +</figure> +<p>At the bottom of that view, select a User file to import for testing. Skip it if you will create users differently. You can find a <a href="https://github.com/sw360/sw360vagrant/blob/master/shared/test_users_with_passwords_12345.csv">user account import file</a> to import in the <code>sw360vagrant</code> project in the folder <code>shared</code>. After the user have been imported successfully, they should appear in the table view.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.53.png"/> +</figure> +<p>After the user have been imported successfully, they should appear in the table view. You can logout for now and use one of the just added accounts (see below):</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.24.58.png"/> +</figure> +<h1 id="real-login">Real Login</h1> +<p>One example user is <code>user@sw360.org</code> with the password <code>12345</code>. Note that in the import file with the example accounts, the passwort is provided with a hash. If you would like to generate new (salted) hashes, you can change your password and export the user list using the same portlet where you have imported the users. This functionality can be also used to migrate accounts between servers.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.25.07.png"/> +</figure> +<p>After the successful login, SW360 will look as follows.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/deploy73/2020-08-13_20.27.32.png"/> +</figure> \ No newline at end of file diff --git a/docs/userguide/bestpractices/component-naming/index.html b/docs/userguide/bestpractices/component-naming/index.html index 126c1cb..b0f5d08 100644 --- a/docs/userguide/bestpractices/component-naming/index.html +++ b/docs/userguide/bestpractices/component-naming/index.html @@ -1,880 +1,94 @@ - - - - - - - - - - - - - - - - - - - - -Naming a Component | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Naming a Component

    - -
    - - - - - - - - - - - - - -
    -

    The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.

    -

    Usage and Handling of Components

    -
      -
    • If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell
      • -
    • Uploading source packages / actual software as attachment makes sense at the release, not at the component
      • -
    • If you have created a component and release entry, you can go ahead and assign a vendor to a release.
      • -
    -

    This very clear approach enables a number of issues, please keep the following goals in mind:

    -
      -
    • Duplicate entries need to be removed
      • -
    • Separating vendor from components names and release tags brings clarity to component naming
      • -
    • Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation
      • -
    • Having the clear modelling of data enables better search and filtering abilities of the component catalogue.
      • -
    -

    Checklist

    -
      -
    • Does the component already exist on SW360 (think about possible different names)?
      • -
    • What is the name of the component homepage?
      • -
    • What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!
      • -
    • How is component called on repositories like Maven, NuGet, etc.?
      • -
    • Take care: use the name and not the id!
      • -
    • Search SW360 for the component repository id.
      • -
    • Search SW360 for all possible name variations.
      • -
    • Ask your local software clearing expert for help.
      • -
    -

    Naming a Component - Special Cases

    -

    .Net Component from GitHub

    -

    draft_30 In some case it is difficult to determine the real name of a component, like for example Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore). In these cases it might be the best way to use that package name as specified on Nuget, in this case Microsoft.EntityFrameworkCore.

    -

    Java Components

    -

    The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.

    -

    Examples:

    - -

    Do not use jar names or Gradle/Maven artifactIds, like ‘spring-framework’. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-.jar (which is only a subset of the Spring Framework)!

    -

    Hierarchical Java components:

    -

    Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for ‘Spring Framework’ there is one repository https://github.com/spring-projects/spring-framework with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.

    -

    In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like ‘Thymeleaf Spring 5 Integration’ above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like ‘Thymeleaf Spring Integration’) and have seprate releases for the subset (‘3.0.9.RELEASE Spring 5’).

    -

    Identifying a (new or existing) SW360 component for a java archive:

    -

    Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).

    -

    Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.

    -

    Component Scope

    -

    We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.

    -

    Example

    -

    There is a Java component called Logback ( https://logback.qos.ch/). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In SW360 there should be only one component Logback! It is confusing to have also “Logback core”, “logback-core”, “logback core”, “logback classic” and “logback-classic”.

    -

    Naming a Component – Bad Examples

    -

    Json.Net

    -

    There is a component that is available on NuGet by the name ‘Json.NET’ and the id ‘Newtonsoft.Json’. On the component homepage http://www.newtonsoft.com/json it is called ‘Json.NET’.

    -

    Just some examples of naming and how it could be improved:

    -
      -
    • 14 x Vendor = ‘Open Source Software’, Name = ‘Json.NET’ => wrong!
      • -
    • 1 x Vendor = ‘Newtonsoft’, Name = ‘Json.NET (COTS)’ => wrong!
      • -
    • 2 x Vendor = ‘NuGet Gallery’, Name = Json.NET’ => wrong!
      • -
    • 1 x Vendor = ‘CodePlex’, Name = Json.NET’ => wrong!
      • -
    • 4 x Vendor = ‘Open Source Software’, Name = ‘Newtonsoft Json.NET’ => wrong!
      • -
    -

    The proper identification (Vendor = ‘Newtonsoft’, Name = ‘Json.NET’) has to be used!

    -

    Oracle JavaBeans Activation Framework

    -

    Just some examples of naming and how it could be improved:

    -
      -
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Activation’ => wrong!
      • -
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Oracle JavaBeans Activation Framework’
      • -
    -

    Oracle Java Mail

    -

    Just some examples of naming and how it could be improved:

    -
      -
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Mail’ => wrong!
      • -
    • 5 x Vendor = ‘Open Source Software’, Name = ‘Oracle JavaMail API’ => wrong!
      • -
    • 4 x Vendor = ‘Oracle’, Name = ‘Oracle JavaMail API’
      • -
    -

    Moment.js

    -

    Just some examples of naming and how it could be improved:

    -
      -
    • 7 x Vendor = ‘GitHub’, Name = ‘moment’ => wrong!
      • -
    • 2 x Vendor = ‘Open Source Software’, Name = ‘moment’ => wrong!
      • -
    • 2 x Vendor = ‘Open Source Software’, Name = ‘Moment JS’ => wrong!
      • -
    • 3 x Vendor = ‘Open Source Software’, Name = ‘MomentJS’ => wrong!
      • -
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Moment.js’
      • -
    -

    Just look on the community homepage: there is the name in bold letters: -Moment.js – consider this name.

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Naming a Component | Eclipse SW360 +

    Naming a Component

    The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.

    Usage and Handling of Components

    • If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell
    • Uploading source packages / actual software as attachment makes sense at the release, not at the component
    • If you have created a component and release entry, you can go ahead and assign a vendor to a release.

    This very clear approach enables a number of issues, please keep the following goals in mind:

    • Duplicate entries need to be removed
    • Separating vendor from components names and release tags brings clarity to component naming
    • Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation
    • Having the clear modelling of data enables better search and filtering abilities of the component catalogue.

    Checklist

    • Does the component already exist on SW360 (think about possible different names)?
    • What is the name of the component homepage?
    • What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!
    • How is component called on repositories like Maven, NuGet, etc.?
    • Take care: use the name and not the id!
    • Search SW360 for the component repository id.
    • Search SW360 for all possible name variations.
    • Ask your local software clearing expert for help.

    Naming a Component - Special Cases

    .Net Component from GitHub

    draft_30 In some case it is difficult to determine the real name of a component, like for example Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore). In these cases it might be the best way to use that package name as specified on Nuget, in this case Microsoft.EntityFrameworkCore.

    Java Components

    The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.

    Examples:

    Do not use jar names or Gradle/Maven artifactIds, like ‘spring-framework’. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-.jar (which is only a subset of the Spring Framework)!

    Hierarchical Java components:

    Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for ‘Spring Framework’ there is one repository https://github.com/spring-projects/spring-framework with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.

    In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like ‘Thymeleaf Spring 5 Integration’ above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like ‘Thymeleaf Spring Integration’) and have seprate releases for the subset (‘3.0.9.RELEASE Spring 5’).

    Identifying a (new or existing) SW360 component for a java archive:

    Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).

    Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.

    Component Scope

    We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.

    Example

    There is a Java component called Logback ( https://logback.qos.ch/). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In SW360 there should be only one component Logback! It is confusing to have also “Logback core”, “logback-core”, “logback core”, “logback classic” and “logback-classic”.

    Naming a Component – Bad Examples

    Json.Net

    There is a component that is available on NuGet by the name ‘Json.NET’ and the id ‘Newtonsoft.Json’. On the component homepage http://www.newtonsoft.com/json it is called ‘Json.NET’.

    Just some examples of naming and how it could be improved:

    • 14 x Vendor = ‘Open Source Software’, Name = ‘Json.NET’ => wrong!
    • 1 x Vendor = ‘Newtonsoft’, Name = ‘Json.NET (COTS)’ => wrong!
    • 2 x Vendor = ‘NuGet Gallery’, Name = Json.NET’ => wrong!
    • 1 x Vendor = ‘CodePlex’, Name = Json.NET’ => wrong!
    • 4 x Vendor = ‘Open Source Software’, Name = ‘Newtonsoft Json.NET’ => wrong!

    The proper identification (Vendor = ‘Newtonsoft’, Name = ‘Json.NET’) has to be used!

    Oracle JavaBeans Activation Framework

    Just some examples of naming and how it could be improved:

    • 3 x Vendor = ‘Open Source Software’, Name = ‘Activation’ => wrong!
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Oracle JavaBeans Activation Framework’

    Oracle Java Mail

    Just some examples of naming and how it could be improved:

    • 3 x Vendor = ‘Open Source Software’, Name = ‘Mail’ => wrong!
    • 5 x Vendor = ‘Open Source Software’, Name = ‘Oracle JavaMail API’ => wrong!
    • 4 x Vendor = ‘Oracle’, Name = ‘Oracle JavaMail API’

    Moment.js

    Just some examples of naming and how it could be improved:

    • 7 x Vendor = ‘GitHub’, Name = ‘moment’ => wrong!
    • 2 x Vendor = ‘Open Source Software’, Name = ‘moment’ => wrong!
    • 2 x Vendor = ‘Open Source Software’, Name = ‘Moment JS’ => wrong!
    • 3 x Vendor = ‘Open Source Software’, Name = ‘MomentJS’ => wrong!
    • 3 x Vendor = ‘Open Source Software’, Name = ‘Moment.js’

    Just look on the community homepage: there is the name in bold letters: +Moment.js – consider this name.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/bestpractices/good-record-creation-structure/index.html b/docs/userguide/bestpractices/good-record-creation-structure/index.html index 003f20e..8c20a1c 100644 --- a/docs/userguide/bestpractices/good-record-creation-structure/index.html +++ b/docs/userguide/bestpractices/good-record-creation-structure/index.html @@ -1,949 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Record Creation | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Record Creation

    - -
    - - - - - - - - - - - - - -
    -

    How to Create (Component) Entries?

    -

    In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:

    -
      -
    • What is the name of the vendor, the name of the component and what is the release designator?
      • -
    • For the Vendor -
        -
      • Does a CPE entry exist? - -
        • -
      • A CPE does not exist? -
          -
        • Who is the copyright holder: an organization? -
            -
          • Use this organization name without “inc”, “Gmbh”, etc.
            • -
          -
          • -
        • A person -
            -
          • Look at the CPE dictionaries for example
            • -
          • They use first name last name with “_”, for example “Wedge_Antilles
            • -
          -
          • -
        -
        • -
      -
      • -
    • For a component -
        -
      • Again, does a CPE entry exist?
        • -
      • Separate Component name from release designation
        • -
      -
      • -
    • For a release -
        -
      • Do not repeat the component name
        • -
      • Use the release designation as provided by the software package
        • -
      • Avoid prefixes, such as “version”, “v” etc
        • -
      -
      • -
    • For special cases: -
        -
      • If you upload a part of a release software package, create a separate release for this
        • -
      • For example “2.0-MODIFIED”
        • -
      • Consider that leaving items out from a software release is actually a modification
        • -
      -
      • -
    -

    How to Create Vendors

    -

    In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real “manufacturer” independently from where you download it.

    -

    There are different cases:

    -
      -
    1. -

      COTS:

      -
        -
      • -

        Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)

        -
        • -
      • -

        You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.

        -
        • -
      • -

        Consider the following link: https://nvd.nist.gov/products/cpe/search

        -
        • -
      • -

        Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.

        -
        • -
      • -

        General rule: Vendor is meant to be manufacturing party not distributing / delivering party.

        -
        • -
      -
      2. -
    2. -

      Freeware

      -
        -
      • Problem is that freeware has an author, but also different “vendors” in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.
        • -
      -
      3. -
    3. -

      OSS:

      -
        -
      • -

        Community name, e.g. zlib project for zlib.

        -
        • -
      • -

        Or the org name of the github orgname or sourceforge group name

        -
        • -
      • -

        Do not use “Github” or “Sourceforge” as vendor

        -
        • -
      • -

        However, foundations, publishing the software would be a vendor, e.g. “Apache”, “Eclipse”

        -
        • -
      • -

        But eclipse has a github organization anyway, for example

        -
        • -
      • -

        With single author projects should you take the author name. A “john_doe” from John Doe as short name.

        -
        • -
      -
      4. -
    -

    Note that very release has its own vendor. as a consequence:

    -
      -
    • There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.
      • -
    -

    Naming a Vendor

    -

    Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.

    -

    Required information:

    -
      -
    • Full name - The full name of the company, organization or person.
      • -
    • Short name - A good short name, compatible to CPE (see section 8.3)
      • -
    • URL - The URL of the organization or a URL where we can get more information about a person.
      • -
    -

    How to find a (good) vendor name?

    -

    Some guidelines

    -
      -
    • If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that’s most probably the right vendor name.
      • -
    • If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that’s is the right vendor name.
      • -
    • If there is only a single person developing the component, then this is the vendor.
      • -
    • If there is a GitHub organization name or person name available, use this one.
      • -
    • No vendor names are: ‘Open Source Software’, ‘NuGet Gallery’, ‘CodePlex’, ‘Codeguru’, ‘Stack Overflow’, ‘CodeProject’, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.
      • -
    -

    Examples

    -

    Microsoft

    -

    Full name = Microsoft Corporation

    -

    Short name = Microsoft

    -

    URL = www.microsoft.com

    -

    Apache

    -

    Full name = Apache Software Foundation

    -

    Short name = Apache

    -

    URL = http://www.apache.org/

    -

    Constantin Titarenko

    -

    Full name = Constantin Titarenko

    -

    Short name = constantin_titarenko (Note the underscore!)

    -

    URL = https://github.com/titarenko

    -

    How to determine the CPE?

    -

    The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.

    -

    Syntax of a CPE Entry

    -

    The syntax of a CPE entry is defined as:

    -

    cpe:<CPE-Version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>

    -

    CPE-Version refers to the CPE naming format version. We will always use version 2.3

    -

    part refers to the type of the component (a = application, o = operating system, h =hardware device)

    -

    vendor refers to the vendor or author of the component. Only small letters are allowed.

    -

    product refers to the name of the product. Only small letters are allowed.

    -

    version refers to the version of the product.

    -

    update refers to the updates of this specific version

    -

    edition and language can be used to specify more details

    -

    Non-existing or unknown party can get replaced by the placeholder ‘*’.

    -

    Note: only small letters are allowed. Spaces have to be replaced by underlines ‘_’.

    -

    Examples

    -

    Microsoft .Net Framework, version 1.0 SP2

    -

    cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*

    -

    Apache ActiveMQ, version 4.0

    -

    cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*

    -

    Apache log4net, version 1.2.9 beta

    -

    cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*

    -

    Oracle Java Runtime, version 1.7.0, update 51

    -

    cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Record Creation | Eclipse SW360 +

    Record Creation

    How to Create (Component) Entries?

    In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:

    • What is the name of the vendor, the name of the component and what is the release designator?
    • For the Vendor
    • For a component
      • Again, does a CPE entry exist?
      • Separate Component name from release designation
    • For a release
      • Do not repeat the component name
      • Use the release designation as provided by the software package
      • Avoid prefixes, such as “version”, “v” etc
    • For special cases:
      • If you upload a part of a release software package, create a separate release for this
      • For example “2.0-MODIFIED”
      • Consider that leaving items out from a software release is actually a modification

    How to Create Vendors

    In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real “manufacturer” independently from where you download it.

    There are different cases:

    1. COTS:

      • Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)

      • You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.

      • Consider the following link: https://nvd.nist.gov/products/cpe/search

      • Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.

      • General rule: Vendor is meant to be manufacturing party not distributing / delivering party.

    2. Freeware

      • Problem is that freeware has an author, but also different “vendors” in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.

    3. OSS:

      • Community name, e.g. zlib project for zlib.

      • Or the org name of the github orgname or sourceforge group name

      • Do not use “Github” or “Sourceforge” as vendor

      • However, foundations, publishing the software would be a vendor, e.g. “Apache”, “Eclipse”

      • But eclipse has a github organization anyway, for example

      • With single author projects should you take the author name. A “john_doe” from John Doe as short name.

    Note that very release has its own vendor. as a consequence:

    • There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.

    Naming a Vendor

    Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.

    Required information:

    • Full name - The full name of the company, organization or person.
    • Short name - A good short name, compatible to CPE (see section 8.3)
    • URL - The URL of the organization or a URL where we can get more information about a person.

    How to find a (good) vendor name?

    Some guidelines

    • If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that’s most probably the right vendor name.
    • If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that’s is the right vendor name.
    • If there is only a single person developing the component, then this is the vendor.
    • If there is a GitHub organization name or person name available, use this one.
    • No vendor names are: ‘Open Source Software’, ‘NuGet Gallery’, ‘CodePlex’, ‘Codeguru’, ‘Stack Overflow’, ‘CodeProject’, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.

    Examples

    Microsoft

    Full name = Microsoft Corporation

    Short name = Microsoft

    URL = www.microsoft.com

    Apache

    Full name = Apache Software Foundation

    Short name = Apache

    URL = http://www.apache.org/

    Constantin Titarenko

    Full name = Constantin Titarenko

    Short name = constantin_titarenko (Note the underscore!)

    URL = https://github.com/titarenko

    How to determine the CPE?

    The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.

    Syntax of a CPE Entry

    The syntax of a CPE entry is defined as:

    cpe:<CPE-Version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>

    CPE-Version refers to the CPE naming format version. We will always use version 2.3

    part refers to the type of the component (a = application, o = operating system, h =hardware device)

    vendor refers to the vendor or author of the component. Only small letters are allowed.

    product refers to the name of the product. Only small letters are allowed.

    version refers to the version of the product.

    update refers to the updates of this specific version

    edition and language can be used to specify more details

    Non-existing or unknown party can get replaced by the placeholder ‘*’.

    Note: only small letters are allowed. Spaces have to be replaced by underlines ‘_’.

    Examples

    Microsoft .Net Framework, version 1.0 SP2

    cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*

    Apache ActiveMQ, version 4.0

    cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*

    Apache log4net, version 1.2.9 beta

    cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*

    Oracle Java Runtime, version 1.7.0, update 51

    cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/bestpractices/index.html b/docs/userguide/bestpractices/index.html index 8c7d786..b5101c9 100644 --- a/docs/userguide/bestpractices/index.html +++ b/docs/userguide/bestpractices/index.html @@ -1,945 +1,92 @@ - - - - - - - - - - - - - - - - - - - - - -SW360 Best Practices | Eclipse SW360 -SW360 Best Practices | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 Best Practices

    - -
    - - - - - - - - - - - - - -
    -

    SW360 Usage and Handling of Components

    -

    The above mentioned data model has consequences for the usage of SW360:

    -
      -
    • If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell
      • -
    • Uploading source packages / actual software as attachment makes sense at the release, not at the component
      • -
    • If you have created a component and release entry, you can go ahead and assign a vendor to a release.
      • -
    -

    This very clear approach enables a number of issues, please keep the following goals in mind:

    -
      -
    • Duplicate entries need to be removed
      • -
    • Separating vendor from components names and release tags brings clarity to component naming
      • -
    • Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation
      • -
    • Having the clear modeling of data enables better search and filtering abilities of the component catalogue.
      • -
    -

    How to Create (Component) Entries?

    -

    In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:

    -
      -
    • What is the name of the vendor, the name of the component and what is the release designator?
      • -
    • For the Vendor -
        -
      • Does a CPE entry exist? - -
        • -
      • A CPE does not exist? -
          -
        • Who is the copyright holder: an organization? -
            -
          • Use this organization name without “inc”, “Gmbh”, etc.
            • -
          -
          • -
        • A person -
            -
          • Look at the CPE dictionaries for example
            • -
          • They use first name last name with “_”, for example “Wedge_Antilles
            • -
          -
          • -
        -
        • -
      -
      • -
    • For a component -
        -
      • Again, does a CPE entry exist?
        • -
      • Separate Component name from release designation
        • -
      -
      • -
    • For a release -
        -
      • Do not repeat the component name
        • -
      • Use the release designation as provided by the software package
        • -
      • Avoid prefixes, such as “version”, “v” etc
        • -
      -
      • -
    • For special cases: -
        -
      • If you upload a part of a release software package, create a separate release for this
        • -
      • For example “2.0-MODIFIED”
        • -
      • Consider that leaving items out from a software release is actually a modification
        • -
      -
      • -
    -

    How to Create Vendors

    -

    In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real “manufacturer” independently from where you download it.

    -

    There are different cases:

    -
      -
    1. -

      COTS:

      -
        -
      • -

        Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)

        -
        • -
      • -

        You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.

        -
        • -
      • -

        Consider the following link: https://nvd.nist.gov/products/cpe/search

        -
        • -
      • -

        Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.

        -
        • -
      • -

        General rule: Vendor is meant to be manufacturing party not distributing / delivering party.

        -
        • -
      -
      2. -
    2. -

      Freeware

      -
        -
      • Problem is that freeware has an author, but also different “vendors” in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.
        • -
      -
      3. -
    3. -

      OSS:

      -
        -
      • -

        Community name, e.g. zlib project for zlib.

        -
        • -
      • -

        Or the org name of the github orgname or sourceforge group name

        -
        • -
      • -

        Do not use “Github” or “Sourceforge” as vendor

        -
        • -
      • -

        However, foundations, publishing the software would be a vendor, e.g. “Apache”, “Eclipse”

        -
        • -
      • -

        But eclipse has a github organization anyway, for example

        -
        • -
      • -

        With single author projects should you take the author name. A “john_doe” from John Doe as short name.

        -
        • -
      -
      4. -
    -

    Note that very release has its own vendor. as a consequence:

    -
      -
    • There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.
      • -
    - -
    - - - - - - - - -
    - - -
    -
    - Workflows -
    -

    SW360 User Workflows

    -
    - - -
    -
    - Naming a Component -
    -

    -
    - - -
    -
    - Attachment File Types -
    -

    -
    - - -
    -
    - Record Creation -
    -

    -
    - - -
    -
    - License Naming -
    -

    -
    - - -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +If you create a component entry, most …"> +

    SW360 Best Practices

    SW360 Usage and Handling of Components

    The above mentioned data model has consequences for the usage of SW360:

    • If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell
    • Uploading source packages / actual software as attachment makes sense at the release, not at the component
    • If you have created a component and release entry, you can go ahead and assign a vendor to a release.

    This very clear approach enables a number of issues, please keep the following goals in mind:

    • Duplicate entries need to be removed
    • Separating vendor from components names and release tags brings clarity to component naming
    • Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation
    • Having the clear modeling of data enables better search and filtering abilities of the component catalogue.

    How to Create (Component) Entries?

    In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:

    • What is the name of the vendor, the name of the component and what is the release designator?
    • For the Vendor
    • For a component
      • Again, does a CPE entry exist?
      • Separate Component name from release designation
    • For a release
      • Do not repeat the component name
      • Use the release designation as provided by the software package
      • Avoid prefixes, such as “version”, “v” etc
    • For special cases:
      • If you upload a part of a release software package, create a separate release for this
      • For example “2.0-MODIFIED”
      • Consider that leaving items out from a software release is actually a modification

    How to Create Vendors

    In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real “manufacturer” independently from where you download it.

    There are different cases:

    1. COTS:

      • Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)

      • You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.

      • Consider the following link: https://nvd.nist.gov/products/cpe/search

      • Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.

      • General rule: Vendor is meant to be manufacturing party not distributing / delivering party.

    2. Freeware

      • Problem is that freeware has an author, but also different “vendors” in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.

    3. OSS:

      • Community name, e.g. zlib project for zlib.

      • Or the org name of the github orgname or sourceforge group name

      • Do not use “Github” or “Sourceforge” as vendor

      • However, foundations, publishing the software would be a vendor, e.g. “Apache”, “Eclipse”

      • But eclipse has a github organization anyway, for example

      • With single author projects should you take the author name. A “john_doe” from John Doe as short name.

    Note that very release has its own vendor. as a consequence:

    • There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.
    Workflows

    SW360 User Workflows

    Naming a Component

    Attachment File Types

    Record Creation

    License Naming

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/bestpractices/index.xml b/docs/userguide/bestpractices/index.xml index 77e02e4..05c329b 100644 --- a/docs/userguide/bestpractices/index.xml +++ b/docs/userguide/bestpractices/index.xml @@ -1,667 +1,578 @@ - - - Eclipse SW360 – SW360 Best Practices - https://www.eclipse.org/sw360/docs/userguide/bestpractices/ - Recent content in SW360 Best Practices on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Workflows - https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ - - - - <p>This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.</p> -<h3 id="create-component-and-release">Create Component and Release</h3> -<p>So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.</p> -<p>Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.</p> -<p>The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png"/> -</figure> - -<h3 id="create-a-project">Create a Project</h3> -<p>A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term &lsquo;project&rsquo; is used also for subsuming the term &lsquo;product&rsquo;.</p> -<p>As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.</p> -<p>In the diagram, the &ldquo;clearing process&rdquo; is mentioned, because the clearing process affects the software components of a project. The main approach is the following:</p> -<ul> -<li>A project responsible sets up a project with used releases.</li> -<li>For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.</li> -<li>Once analyses for all releases are complete, the &ldquo;clearing process&rdquo; is finished for this project.</li> -</ul> -<p>A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:</p> -<ul> -<li>Visibility level</li> -<li>Project contacts</li> -<li>Important Dates for the project</li> -</ul> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-add-project.png"/> -</figure> - -<h3 id="moderation">Moderation</h3> -<p>The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):</p> -<ul> -<li>The creator of a document (document is a project entry, a release entry etc)</li> -<li>Admins</li> -<li>Clearing admins</li> -<li>Moderators of this document</li> -<li>Other special roles, such as project responsible</li> -</ul> -<p>Please see the page <a href="https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/" title="Dev Role">about the Role Authorization Model</a> for more information.</p> -<p>If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:</p> -<ul> -<li>The creator of a document (document is a project entry, a release entry etc)</li> -<li>Admins</li> -<li>Clearing admins</li> -<li>Moderators of this document</li> -</ul> -<p>The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-moderation.png"/> -</figure> - - - - - - - Docs: Naming a Component - https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ - - - - <p><strong>The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.</strong></p> -<h2 id="usage-and-handling-of-components">Usage and Handling of Components</h2> -<ul> -<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> -<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> -<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> -</ul> -<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> -<ul> -<li>Duplicate entries need to be removed</li> -<li>Separating vendor from components names and release tags brings clarity to component naming</li> -<li>Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation</li> -<li>Having the clear modelling of data enables better search and filtering abilities of the component catalogue.</li> -</ul> -<h2 id="checklist">Checklist</h2> -<ul> -<li>Does the component already exist on SW360 (think about possible different names)?</li> -<li>What is the name of the component homepage?</li> -<li>What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!</li> -<li>How is component called on repositories like Maven, NuGet, etc.?</li> -<li>Take care: use the name and not the id!</li> -<li>Search SW360 for the component repository id.</li> -<li>Search SW360 for all possible name variations.</li> -<li>Ask your local software clearing expert for help.</li> -</ul> -<h2 id="naming-a-component---special-cases">Naming a Component - Special Cases</h2> -<h3 id="net-component-from-github">.Net Component from GitHub</h3> -<p><img src="SW360_NamingaComponentimage/draft_30.png" alt="draft_30"> In some case it is difficult to determine the real name of a component, like for example <em>Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)</em>. In these cases it might be the best way to use that package name as specified on Nuget, in this case <strong>Microsoft.EntityFrameworkCore</strong>.</p> -<h3 id="java-components">Java Components</h3> -<p>The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.</p> -<p>Examples:</p> -<ul> -<li>&lsquo;Spring Framework&rsquo; (from project home page <a href="https://spring.io/projects"><span style="color:red">↗</span> https://spring.io/projects</a> or also from source code repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a>)</li> -<li>&lsquo;Spring Data Redis&rsquo; (from project home page <a href="https://spring.io/projects/spring-data"><span style="color:red">↗</span> https://spring.io/projects/spring-data</a> or also from source code repository <a href="https://github.com/spring-projects/spring-data-redis"><span style="color:red">↗</span> https://github.com/spring-projects/spring-data-redis</a>)</li> -<li>&lsquo;Thymeleaf&rsquo; (from project home page <a href="https://www.thymeleaf.org/"><span style="color:red">↗</span> https://www.thymeleaf.org/</a>; source code repository <a href="https://github.com/thymeleaf/thymeleaf"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf</a>)</li> -<li>&lsquo;Thymeleaf Spring 5 Integration&rsquo; (from project home page <a href="https://www.thymeleaf.org/download.html"><span style="color:red">↗</span> https://www.thymeleaf.org/download.html</a> or source code repository page <a href="https://github.com/thymeleaf/thymeleaf-spring"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf-spring</a> → <a href="https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5"><span style="color:red">↗</span> thymeleaf-spring5</a></li> -<li>&lsquo;Commons Codec&rsquo; (from project home page <a href="https://commons.apache.org/proper/commons-codec/"><span style="color:red">↗</span> https://commons.apache.org/proper/commons-codec/</a> or source code repository page <a href="https://github.com/apache/commons-codec"><span style="color:red">↗</span> https://github.com/apache/commons-codec</a>) [or better &lsquo;Apache Commons Codec&rsquo;? But &lsquo;Apache&rsquo; is already the vendor&rsquo;]</li> -</ul> -<p>Do not use jar names or Gradle/Maven artifactIds, like &lsquo;spring-framework&rsquo;. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-<version>.jar (which is only a subset of the Spring Framework)!</p> -<p>Hierarchical Java components:</p> -<p>Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for &lsquo;Spring Framework&rsquo; there is one repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a> with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.</p> -<p>In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like &lsquo;Thymeleaf Spring 5 Integration&rsquo; above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like &lsquo;Thymeleaf Spring Integration&rsquo;) and have seprate releases for the subset (&lsquo;3.0.9.RELEASE Spring 5&rsquo;).</p> -<p>Identifying a (new or existing) SW360 component for a java archive:</p> -<p>Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).</p> -<p><em>Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.</em></p> -<h2 id="component-scope">Component Scope</h2> -<p>We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.</p> -<h3 id="example">Example</h3> -<p>There is a Java component called Logback (<a href="https://logback.qos.ch/"><span style="color:red">↗</span> https://logback.qos.ch/</a>). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In <strong>SW360 there should be only one component Logback!</strong> It is confusing to have also &ldquo;Logback core&rdquo;, &ldquo;logback-core&rdquo;, &ldquo;logback core&rdquo;, &ldquo;logback classic&rdquo; and &ldquo;logback-classic&rdquo;.</p> -<h2 id="naming-a-component--span-stylecolorredbad-examplesspan">Naming a Component – <span style="color:red">Bad Examples</span></h2> -<h3 id="jsonnet">Json.Net</h3> -<p>There is a component that is available on NuGet by the name &lsquo;Json.NET&rsquo; and the id &lsquo;Newtonsoft.Json&rsquo;. On the component homepage <a href="http://www.newtonsoft.com/json"><span style="color:red">↗</span> http://www.newtonsoft.com/json</a> it is called &lsquo;Json.NET&rsquo;.</p> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>14 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>1 x Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET (COTS)&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;NuGet Gallery&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>1 x Vendor = &lsquo;CodePlex&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>4 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Newtonsoft Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> -</ul> -<p>The proper identification (Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET&rsquo;) has to be used!</p> -<h3 id="oracle-javabeans-activation-framework">Oracle JavaBeans Activation Framework</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Activation&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaBeans Activation Framework&rsquo;</li> -</ul> -<h3 id="oracle-java-mail">Oracle Java Mail</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Mail&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>5 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>4 x Vendor = &lsquo;Oracle&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo;</li> -</ul> -<h3 id="momentjs">Moment.js</h3> -<p>Just some examples of naming and how it could be improved:</p> -<ul> -<li>7 x Vendor = &lsquo;GitHub&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment JS&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;MomentJS&rsquo; =&gt; <strong>wrong</strong>!</li> -<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment.js&rsquo;</li> -</ul> -<p>Just look on the community homepage: there is the name in bold letters: -Moment.js – consider this name.</p> - - - - - - Docs: Attachment File Types - https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ - - - - <p>SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.</p> -<p>Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.</p> -<p>In summary, the following the types currently are as follows:</p> -<table> -<thead> -<tr> -<th style="text-align:left">Type name</th> -<th style="text-align:left">Functionality</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:left">SOURCE</td> -<td style="text-align:left">for sending to tools</td> -<td style="text-align:left">Source packages of a release as found on the Internet</td> -</tr> -<tr> -<td style="text-align:left">COMPONENT_LICENSE_INFO_XML</td> -<td style="text-align:left">for project documentation generation</td> -<td style="text-align:left">An XML-based description of the licenses and coprights involved</td> -</tr> -<tr> -<td style="text-align:left">DESIGN</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just nomenclature to name this not document</td> -</tr> -<tr> -<td style="text-align:left">REQUIREMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just a general placeholder for an attachment</td> -</tr> -<tr> -<td style="text-align:left">DOCUMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just a general placeholder for an attachment</td> -</tr> -<tr> -<td style="text-align:left">CLEARING_REPORT</td> -<td style="text-align:left">Setting clearing status</td> -<td style="text-align:left">Reporting information for component license state</td> -</tr> -<tr> -<td style="text-align:left">COMPONENT_LICENSE_INFO_COMBINED</td> -<td style="text-align:left">(should be) for project documentation generation</td> -<td style="text-align:left">Multiple components with component license information</td> -</tr> -<tr> -<td style="text-align:left">SCAN_RESULT_REPORT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just description what scanners found without conclusions</td> -</tr> -<tr> -<td style="text-align:left">SCAN_RESULT_REPORT_XML</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Just description what scanners found without conclusions in XML</td> -</tr> -<tr> -<td style="text-align:left">SOURCE_SELF</td> -<td style="text-align:left">(should be) for sending to tools</td> -<td style="text-align:left">Source packages build self, because not available in the Internet</td> -</tr> -<tr> -<td style="text-align:left">BINARY</td> -<td style="text-align:left">future: for sending to tool doing binary analysis</td> -<td style="text-align:left">Binary from the publisher</td> -</tr> -<tr> -<td style="text-align:left">BINARY_SELF</td> -<td style="text-align:left">future: for sending to tool doing binary analysis</td> -<td style="text-align:left">Self built binary</td> -</tr> -<tr> -<td style="text-align:left">DECISION_REPORT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Decision information ref. the component</td> -</tr> -<tr> -<td style="text-align:left">LEGAL_EVALUATION</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Internally created legal evaluation</td> -</tr> -<tr> -<td style="text-align:left">LICENSE_AGREEMENT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">Document describing the license agreement</td> -</tr> -<tr> -<td style="text-align:left">SCREENSHOT</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">If licensing information is captured with screenshot</td> -</tr> -<tr> -<td style="text-align:left">OTHER</td> -<td style="text-align:left">n.a.</td> -<td style="text-align:left">If not document</td> -</tr> -</tbody> -</table> - - - - - - Docs: Record Creation - https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ - - - - <h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> -<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> -<ul> -<li>What is the name of the vendor, the name of the component and what is the release designator?</li> -<li>For the Vendor -<ul> -<li>Does a CPE entry exist? -<ul> -<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> -<li>Use the same writing as found in the CPE dictionary</li> -</ul> -</li> -<li>A CPE does not exist? -<ul> -<li>Who is the copyright holder: an organization? -<ul> -<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> -</ul> -</li> -<li>A person -<ul> -<li>Look at the CPE dictionaries for example</li> -<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> -</ul> -</li> -</ul> -</li> -</ul> -</li> -<li>For a component -<ul> -<li>Again, does a CPE entry exist?</li> -<li>Separate Component name from release designation</li> -</ul> -</li> -<li>For a release -<ul> -<li>Do not repeat the component name</li> -<li>Use the release designation as provided by the software package</li> -<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> -</ul> -</li> -<li>For special cases: -<ul> -<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> -<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> -<li>Consider that leaving items out from a software release is actually a modification</li> -</ul> -</li> -</ul> -<h2 id="how-to-create-vendors">How to Create Vendors</h2> -<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> -<p>There are different cases:</p> -<ol> -<li> -<p>COTS:</p> -<ul> -<li> -<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> -</li> -<li> -<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> -</li> -<li> -<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> -</li> -<li> -<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> -</li> -<li> -<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> -</li> -</ul> -</li> -<li> -<p>Freeware</p> -<ul> -<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> -</ul> -</li> -<li> -<p>OSS:</p> -<ul> -<li> -<p>Community name, e.g. zlib project for zlib.</p> -</li> -<li> -<p>Or the org name of the github orgname or sourceforge group name</p> -</li> -<li> -<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> -</li> -<li> -<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> -</li> -<li> -<p>But eclipse has a github organization anyway, for example</p> -</li> -<li> -<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> -</li> -</ul> -</li> -</ol> -<p>Note that very release has its own vendor. as a consequence:</p> -<ul> -<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> -</ul> -<h2 id="naming-a-vendor">Naming a Vendor</h2> -<p>Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.</p> -<p>Required information:</p> -<ul> -<li><strong>Full name</strong> - The full name of the company, organization or person.</li> -<li><strong>Short name</strong> - A good short name, compatible to CPE (see section 8.3)</li> -<li><strong>URL</strong> - The URL of the organization or a URL where we can get more information about a person.</li> -</ul> -<h3 id="how-to-find-a-good-vendor-name">How to find a (good) vendor name?</h3> -<p>Some guidelines</p> -<ul> -<li>If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that&rsquo;s most probably the right vendor name.</li> -<li>If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that&rsquo;s is the right vendor name.</li> -<li>If there is only a single person developing the component, then this is the vendor.</li> -<li>If there is a GitHub organization name or person name available, use this one.</li> -<li><strong>No vendor names are</strong>: &lsquo;Open Source Software&rsquo;, &lsquo;NuGet Gallery&rsquo;, &lsquo;CodePlex&rsquo;, &lsquo;Codeguru&rsquo;, &lsquo;Stack Overflow&rsquo;, &lsquo;CodeProject&rsquo;, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.</li> -</ul> -<h3 id="examples">Examples</h3> -<h4 id="microsoft">Microsoft</h4> -<p>Full name = Microsoft Corporation</p> -<p>Short name = Microsoft</p> -<p>URL = <a href="https://www.microsoft.com/en-in/"><span style="color:red">↗</span> www.microsoft.com</a></p> -<h4 id="apache">Apache</h4> -<p>Full name = Apache Software Foundation</p> -<p>Short name = Apache</p> -<p>URL = <a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org/</a></p> -<h4 id="constantin-titarenko">Constantin Titarenko</h4> -<p>Full name = Constantin Titarenko</p> -<p>Short name = constantin_titarenko (Note the underscore!)</p> -<p>URL = <a href="https://github.com/titarenko"><span style="color:red">↗</span> https://github.com/titarenko</a></p> -<h2 id="how-to-determine-the-cpe">How to determine the CPE?</h2> -<p>The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.</p> -<h3 id="syntax-of-a-cpe-entry">Syntax of a CPE Entry</h3> -<p>The syntax of a CPE entry is defined as:</p> -<p><code>cpe:&lt;CPE-Version&gt;:&lt;part&gt;:&lt;vendor&gt;:&lt;product&gt;:&lt;version&gt;:&lt;update&gt;:&lt;edition&gt;:&lt;language&gt;</code></p> -<p><strong>CPE-Version</strong> refers to the CPE naming format version. We will always use version 2.3</p> -<p><strong>part</strong> refers to the type of the component (a = application, o = operating system, h =hardware device)</p> -<p><strong>vendor</strong> refers to the vendor or author of the component. Only small letters are allowed.</p> -<p><strong>product</strong> refers to the name of the product. Only small letters are allowed.</p> -<p><strong>version</strong> refers to the version of the product.</p> -<p><strong>update</strong> refers to the updates of this specific version</p> -<p><strong>edition</strong> and <strong>language</strong> can be used to specify more details</p> -<p>Non-existing or unknown party can get replaced by the placeholder &lsquo;*&rsquo;.</p> -<p><strong>Note</strong>: only small letters are allowed. Spaces have to be replaced by underlines &lsquo;_&rsquo;.</p> -<h3 id="examples-1">Examples</h3> -<p><strong>Microsoft .Net Framework, version 1.0 SP2</strong></p> -<p><code>cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*</code></p> -<p><strong>Apache ActiveMQ, version 4.0</strong></p> -<p><code>cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*</code></p> -<p><strong>Apache log4net, version 1.2.9 beta</strong></p> -<p><code>cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*</code></p> -<p><strong>Oracle Java Runtime, version 1.7.0, update 51</strong></p> -<p><code>cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*</code></p> - - - - - - Docs: License Naming - https://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/ - - - - <h2 id="guidelines">Guidelines</h2> -<p>Generally the license naming should conform with the SPDX Spec and the SPDX License List</p> -<p>Please see the &ldquo;License List Fields&rdquo; from <a href="https://spdx.org/spdx-license-list/license-list-overview#fields"><span style="color:red">↗</span> https://spdx.org/spdx-license-list/license-list-overview#fields</a></p> -<p>where there is especially for identifier:</p> -<h4 id="license-or-exception-identifier-aka-spdx-short-identifier">License or Exception Identifier (aka &ldquo;SPDX Short Identifier&rdquo;)</h4> -<p>Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere</p> -<ul> -<li>Short identifiers have no spaces in them</li> -<li>Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception</li> -<li>Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format</li> -<li>Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.)</li> -<li>Short identifiers should be as short in length as possible while staying consistent with all other naming criteria</li> -</ul> -<p>This lead to expressions like &ldquo;Apache-2.0&rdquo; or &ldquo;GPL-2.0&rdquo;.</p> -<h2 id="license-exceptions">License Exceptions</h2> -<p>As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report.</p> -<p>Class Path Exception</p> -<p>Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination.</p> -<p>As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may</p> -<h2 id="dual-licenses">Dual Licenses</h2> -<p>There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses.</p> -<p>Consider the following example:</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/dual_license.png"/> -</figure> - -<p>The fact that it is &ldquo;LGPL-3.0+&rdquo; is confusing for these texts. It should be changed to the following:</p> -<ul> -<li>The License results shall be changed &ldquo;Dual-License&rdquo;. This is among other things required, to have the obligation to understand that for this component a license must be chosen</li> -<li>In the acknowledgement, there shall be documented which license decision comes is documented</li> -<li>For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out.</li> -</ul> -<h2 id="quick-checklist">Quick Checklist</h2> -<ul> -<li>Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes</li> -<li>Consider existing SPDX short names</li> -<li>Do not use &ldquo;Or later&rdquo; but &ldquo;+&rdquo; or &ldquo;-or-later&rdquo;</li> -<li>For triple licensing, use prefix &ldquo;Triple&rdquo;</li> -<li>ERASE COMMENT CHARACTERS! also erase prefix spaces at every line</li> -<li>Preserve paragraphs and line breaks</li> -<li>Avid markup in the license text except it is part of the licensing</li> -</ul> -<h2 id="multi-dual--licensing">Multi (DUAL-) Licensing</h2> -<ul> -<li>VERY Important, as conclusion, use the FOSSology &ldquo;Dual-license&rdquo;, please do not consider your own candidate just designating &ldquo;Dual License&rdquo; (because OR operators will not work in reporting)</li> -<li>For Dual License texts use prefix &ldquo;Dual-&rdquo;</li> -<li>For Triple, use &ldquo;Triple-&rdquo; (and for more &ldquo;Quadruple-&rdquo;)</li> -<li>For Dual Licensing, use alphabetical order to name the licenses</li> -<li>SPDX provides the rule to have this merged with &ldquo;OR&rdquo; (in capital letters) like &ldquo;Dual-MIT-OR-BSD&rdquo;</li> -</ul> -<h2 id="examples-for-renaming">Examples for Renaming</h2> -<table> -<thead> -<tr> -<th>Example Licence Short Name</th> -<th>Corrected Licence Short Name</th> -<th>Remarks</th> -</tr> -</thead> -<tbody> -<tr> -<td>BSD-3-Clause-Farin Urlaub</td> -<td>BSD-3-Clause-farin-urlaub</td> -<td>no empty spaces</td> -</tr> -<tr> -<td>GPL-2.0+_Variant Old address</td> -<td>GPL-2.0+-variant-old-address</td> -<td>no underscore</td> -</tr> -<tr> -<td>&ndash;Freeware</td> -<td>Freeware-variant-dumbumchong</td> -<td>no prefix dashes</td> -</tr> -<tr> -<td>BSD-3-Clause\IBM</td> -<td>&hellip;</td> -<td>do not use slashes (back and forward)</td> -</tr> -<tr> -<td>Permission Notice Gordon Sumner</td> -<td>HPND-gordon-sumner</td> -<td>consider SPDX shot name &ldquo;HPND&rdquo; for permission notice</td> -</tr> -<tr> -<td>BSD-3-Clause_Ajax.org B.V.</td> -<td>BSD-3-Clause-ajax</td> -<td></td> -</tr> -<tr> -<td>BSD-3-Clause_Yahoo! Inc</td> -<td>BSD-3-Clause-yahoo</td> -<td></td> -</tr> -<tr> -<td>BSD-2-Clause CISCO</td> -<td>BSD-2-Clause-cisco</td> -<td></td> -</tr> -<tr> -<td>&ndash;zlib-style</td> -<td>Zlib-variant-01</td> -<td>This license could be deleted anyway. (no text)</td> -</tr> -<tr> -<td>woodstock</td> -<td>Woodstok-Reference-Disclaimer</td> -<td>1. All short names shall begin with capital letter,<br>2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer.</td> -</tr> -<tr> -<td>Visual Studio SDK license terms</td> -<td>Microsoft-Visual-Studio-SDK-2015</td> -<td>looking at the text, it is from the 2015 version of the SDK</td> -</tr> -<tr> -<td>Trip MPL GPL Apache</td> -<td>Triple-Apache-2.0-LGPL-2.1-MPL-1.1</td> -<td>(looking at the text it was LGPL in fact)</td> -</tr> -<tr> -<td>&ndash;FIPL-1.0</td> -<td>FIPL-1.0</td> -<td>Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG.</td> -</tr> -<tr> -<td>Qt License Agreement_CEM</td> -<td>Qt-reference-commercial</td> -<td>In this case, it was reference text only and also only pointing to the commercial licensees only.</td> -</tr> -<tr> -<td>&ndash;Beer-ware-license-CEM01</td> -<td><code>Beerware</code></td> -<td>The text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there</td> -</tr> -<tr> -<td>FundsXpress License</td> -<td>FXL</td> -<td>Either FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it.</td> -</tr> -<tr> -<td>GFDL - 1.2+</td> -<td>GFDL-1.2+</td> -<td>just without spaces please</td> -</tr> -<tr> -<td>lgpl 2.1 J</td> -<td>LGPL-2.1-header</td> -<td>(was a header in this case, because lic text is already there) What does J mean? - no J needed</td> -</tr> -<tr> -<td>MIT !</td> -<td><em>do not use candidate licenses</em></td> -<td>Actual text was: &ldquo;This program is made available under the terms of the MIT License.&rdquo; - actually, not a license text!</td> -</tr> -<tr> -<td>Note</td> -<td><em>do not use this with candidates</em></td> -<td>Actual text was: &ldquo;(&ldquo;See <a href="http://oxyplot.codeplex.com"><span style="color:red">↗</span> http://oxyplot.codeplex.com</a> for more information.&rdquo;)&rdquo;</td> -</tr> -<tr> -<td>Permission_Notice_Timothy O&rsquo;Malley</td> -<td>HPND-omalley</td> -<td>do not use special chars, do use SPDX identfiers</td> -</tr> -</tbody> -</table> -<h2 id="notice-file">Notice File</h2> -<p>The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license.</p> -<p><code>== NOTICE file corresponding to the section 4 d of ==</code></p> -<p><code>== the Apache License, Version 2.0, ==</code></p> -<p><code>== in this case for the Apache Ant distribution. ==</code></p> -<p>=========================================================================</p> -<p><code>This product includes software developed by</code></p> -<p><code>The Apache Software Foundation</code> (<a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org</a>).</p> -<p><code>This product includes also software developed by :</code></p> -<ul> -<li><code>the W3C consortium</code> (<a href="http://www.w3c.org"><span style="color:red">↗</span> http://www.w3c.org</a>),</li> -<li><code>the SAX project</code> (<a href="http://www.saxproject.org"><span style="color:red">↗</span> http://www.saxproject.org</a>)</li> -</ul> -<p><code>Please read the different LICENSE files present in the root directory of this distribution.</code></p> -<h2 id="open-questions">Open Questions</h2> -<ul> -<li>How to deal with notice files</li> -</ul> -<p>(1) <a href="https://spdx.org/spdx-specification-21-web-version"><span style="color:red">↗</span> https://spdx.org/spdx-specification-21-web-version</a></p> - - - - - - +Eclipse SW360 – SW360 Best Practiceshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/Recent content in SW360 Best Practices on Eclipse SW360Hugo -- gohugo.ioDocs: Workflowshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ +<p>This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.</p> +<h3 id="create-component-and-release">Create Component and Release</h3> +<p>So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.</p> +<p>Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.</p> +<p>The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/worklfow-adding-component-and-release-to-a-project.png"/> +</figure> +<h3 id="create-a-project">Create a Project</h3> +<p>A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term &lsquo;project&rsquo; is used also for subsuming the term &lsquo;product&rsquo;.</p> +<p>As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.</p> +<p>In the diagram, the &ldquo;clearing process&rdquo; is mentioned, because the clearing process affects the software components of a project. The main approach is the following:</p> +<ul> +<li>A project responsible sets up a project with used releases.</li> +<li>For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.</li> +<li>Once analyses for all releases are complete, the &ldquo;clearing process&rdquo; is finished for this project.</li> +</ul> +<p>A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:</p> +<ul> +<li>Visibility level</li> +<li>Project contacts</li> +<li>Important Dates for the project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-add-project.png"/> +</figure> +<h3 id="moderation">Moderation</h3> +<p>The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):</p> +<ul> +<li>The creator of a document (document is a project entry, a release entry etc)</li> +<li>Admins</li> +<li>Clearing admins</li> +<li>Moderators of this document</li> +<li>Other special roles, such as project responsible</li> +</ul> +<p>Please see the page <a href="https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/" title="Dev Role">about the Role Authorization Model</a> for more information.</p> +<p>If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:</p> +<ul> +<li>The creator of a document (document is a project entry, a release entry etc)</li> +<li>Admins</li> +<li>Clearing admins</li> +<li>Moderators of this document</li> +</ul> +<p>The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/workflow/workflow-moderation.png"/> +</figure>Docs: Naming a Componenthttps://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ +<p><strong>The name is the most important criteria to identify software components. Unfortunately there is no common naming scheme available.</strong></p> +<h2 id="usage-and-handling-of-components">Usage and Handling of Components</h2> +<ul> +<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> +<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> +<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> +</ul> +<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> +<ul> +<li>Duplicate entries need to be removed</li> +<li>Separating vendor from components names and release tags brings clarity to component naming</li> +<li>Interaction with other systems is a must today. As such we need to support external ids such as the CPE standard which also implement this 3-parts separation</li> +<li>Having the clear modelling of data enables better search and filtering abilities of the component catalogue.</li> +</ul> +<h2 id="checklist">Checklist</h2> +<ul> +<li>Does the component already exist on SW360 (think about possible different names)?</li> +<li>What is the name of the component homepage?</li> +<li>What is the name of the community? Please note that repositories like Maven, GitHub, CodePlex, - CodeGuru are not vendors in our understanding!</li> +<li>How is component called on repositories like Maven, NuGet, etc.?</li> +<li>Take care: use the name and not the id!</li> +<li>Search SW360 for the component repository id.</li> +<li>Search SW360 for all possible name variations.</li> +<li>Ask your local software clearing expert for help.</li> +</ul> +<h2 id="naming-a-component---special-cases">Naming a Component - Special Cases</h2> +<h3 id="net-component-from-github">.Net Component from GitHub</h3> +<p><img src="SW360_NamingaComponentimage/draft_30.png" alt="draft_30"> In some case it is difficult to determine the real name of a component, like for example <em>Microsoft Entity Framework for .Net Core (or Entity Framework Core or Aspnet EntityFrameworkCore or ASP.NET EntityFrameworkCore)</em>. In these cases it might be the best way to use that package name as specified on Nuget, in this case <strong>Microsoft.EntityFrameworkCore</strong>.</p> +<h3 id="java-components">Java Components</h3> +<p>The name of a Java component should be how it is called by the Java community. Typically this is the name as it can be found on the project homepage or on the source code repository page.</p> +<p>Examples:</p> +<ul> +<li>&lsquo;Spring Framework&rsquo; (from project home page <a href="https://spring.io/projects"><span style="color:red">↗</span> https://spring.io/projects</a> or also from source code repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a>)</li> +<li>&lsquo;Spring Data Redis&rsquo; (from project home page <a href="https://spring.io/projects/spring-data"><span style="color:red">↗</span> https://spring.io/projects/spring-data</a> or also from source code repository <a href="https://github.com/spring-projects/spring-data-redis"><span style="color:red">↗</span> https://github.com/spring-projects/spring-data-redis</a>)</li> +<li>&lsquo;Thymeleaf&rsquo; (from project home page <a href="https://www.thymeleaf.org/"><span style="color:red">↗</span> https://www.thymeleaf.org/</a>; source code repository <a href="https://github.com/thymeleaf/thymeleaf"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf</a>)</li> +<li>&lsquo;Thymeleaf Spring 5 Integration&rsquo; (from project home page <a href="https://www.thymeleaf.org/download.html"><span style="color:red">↗</span> https://www.thymeleaf.org/download.html</a> or source code repository page <a href="https://github.com/thymeleaf/thymeleaf-spring"><span style="color:red">↗</span> https://github.com/thymeleaf/thymeleaf-spring</a> → <a href="https://github.com/thymeleaf/thymeleaf-spring/tree/3.0-master/thymeleaf-spring5"><span style="color:red">↗</span> thymeleaf-spring5</a></li> +<li>&lsquo;Commons Codec&rsquo; (from project home page <a href="https://commons.apache.org/proper/commons-codec/"><span style="color:red">↗</span> https://commons.apache.org/proper/commons-codec/</a> or source code repository page <a href="https://github.com/apache/commons-codec"><span style="color:red">↗</span> https://github.com/apache/commons-codec</a>) [or better &lsquo;Apache Commons Codec&rsquo;? But &lsquo;Apache&rsquo; is already the vendor&rsquo;]</li> +</ul> +<p>Do not use jar names or Gradle/Maven artifactIds, like &lsquo;spring-framework&rsquo;. Main reason is that from such a name one cannot see if this component is a whole component (here the Spring Framework) or only the Java archive spring-framework-<version>.jar (which is only a subset of the Spring Framework)!</p> +<p>Hierarchical Java components:</p> +<p>Java components often consist of multiple subcomponents (typically jars) where the sources are stored in a hierarchical structure in the source code repoistory. E.g. for &lsquo;Spring Framework&rsquo; there is one repository <a href="https://github.com/spring-projects/spring-framework"><span style="color:red">↗</span> https://github.com/spring-projects/spring-framework</a> with several sub folders for individual jars. In general for such cases there should be only one (main) component in SW360 covering all the subcomponents.</p> +<p>In some exceptional cases one wants to do the clearing only for one subcomponent or a subset of a hierarchical components. In such a case one can either add the name of the sub component to the component name to mark the subset (like &lsquo;Thymeleaf Spring 5 Integration&rsquo; above, showing that only the Spring 5 related is covered, and not Spring 3 or 4) or one could use the name of the top level component (like &lsquo;Thymeleaf Spring Integration&rsquo;) and have seprate releases for the subset (&lsquo;3.0.9.RELEASE Spring 5&rsquo;).</p> +<p>Identifying a (new or existing) SW360 component for a java archive:</p> +<p>Java developers typically have to start with a Java archive which they want to add to a product, or with the related Gradle/Maven coordinates (groupId/artifactId/version). Possible ways to identify the related component (name) are: examine the related pom.xml or the MANIFEST.MF file of the jar. There one can often find more information like the community homepage or source code repository URL from which then again to determine the component (name).</p> +<p><em>Unfortunately SW360 does not provide any support here (besides searching for the artifactId and thus hopefully find the related component). It would be a good idea to store also the Gradle/Maven coordinates of Java binaries with the SW360 components and make them searchable (note: multiple artifactIds per component need to be supported!) and/or to also upload and store the binaries of a registerd SW360 component (or at least the file hashes) and provide additional functionality to identify an unknown binary by uploading the same to SW360.</em></p> +<h2 id="component-scope">Component Scope</h2> +<p>We base software clearing for open source components on the scan of the source code. If there is only one common source code for a group of components, then it does not make sense to have a lot of distinct (sub)component that all point to a common source.</p> +<h3 id="example">Example</h3> +<p>There is a Java component called Logback (<a href="https://logback.qos.ch/"><span style="color:red">↗</span> https://logback.qos.ch/</a>). There is only one singe source (and binary) archive available from the original authors. This archive contains three Java libraries: logback-core.jar, logback-access.jar and logback-classic.jar. In <strong>SW360 there should be only one component Logback!</strong> It is confusing to have also &ldquo;Logback core&rdquo;, &ldquo;logback-core&rdquo;, &ldquo;logback core&rdquo;, &ldquo;logback classic&rdquo; and &ldquo;logback-classic&rdquo;.</p> +<h2 id="naming-a-component--span-stylecolorredbad-examplesspan">Naming a Component – <span style="color:red">Bad Examples</span></h2> +<h3 id="jsonnet">Json.Net</h3> +<p>There is a component that is available on NuGet by the name &lsquo;Json.NET&rsquo; and the id &lsquo;Newtonsoft.Json&rsquo;. On the component homepage <a href="http://www.newtonsoft.com/json"><span style="color:red">↗</span> http://www.newtonsoft.com/json</a> it is called &lsquo;Json.NET&rsquo;.</p> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>14 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>1 x Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET (COTS)&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;NuGet Gallery&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>1 x Vendor = &lsquo;CodePlex&rsquo;, Name = Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>4 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Newtonsoft Json.NET&rsquo; =&gt; <strong>wrong</strong>!</li> +</ul> +<p>The proper identification (Vendor = &lsquo;Newtonsoft&rsquo;, Name = &lsquo;Json.NET&rsquo;) has to be used!</p> +<h3 id="oracle-javabeans-activation-framework">Oracle JavaBeans Activation Framework</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Activation&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaBeans Activation Framework&rsquo;</li> +</ul> +<h3 id="oracle-java-mail">Oracle Java Mail</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Mail&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>5 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>4 x Vendor = &lsquo;Oracle&rsquo;, Name = &lsquo;Oracle JavaMail API&rsquo;</li> +</ul> +<h3 id="momentjs">Moment.js</h3> +<p>Just some examples of naming and how it could be improved:</p> +<ul> +<li>7 x Vendor = &lsquo;GitHub&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;moment&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>2 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment JS&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;MomentJS&rsquo; =&gt; <strong>wrong</strong>!</li> +<li>3 x Vendor = &lsquo;Open Source Software&rsquo;, Name = &lsquo;Moment.js&rsquo;</li> +</ul> +<p>Just look on the community homepage: there is the name in bold letters: +Moment.js – consider this name.</p>Docs: Attachment File Typeshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ +<p>SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.</p> +<p>Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.</p> +<p>In summary, the following the types currently are as follows:</p> +<table> +<thead> +<tr> +<th style="text-align:left">Type name</th> +<th style="text-align:left">Functionality</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:left">SOURCE</td> +<td style="text-align:left">for sending to tools</td> +<td style="text-align:left">Source packages of a release as found on the Internet</td> +</tr> +<tr> +<td style="text-align:left">COMPONENT_LICENSE_INFO_XML</td> +<td style="text-align:left">for project documentation generation</td> +<td style="text-align:left">An XML-based description of the licenses and coprights involved</td> +</tr> +<tr> +<td style="text-align:left">DESIGN</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just nomenclature to name this not document</td> +</tr> +<tr> +<td style="text-align:left">REQUIREMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just a general placeholder for an attachment</td> +</tr> +<tr> +<td style="text-align:left">DOCUMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just a general placeholder for an attachment</td> +</tr> +<tr> +<td style="text-align:left">CLEARING_REPORT</td> +<td style="text-align:left">Setting clearing status</td> +<td style="text-align:left">Reporting information for component license state</td> +</tr> +<tr> +<td style="text-align:left">COMPONENT_LICENSE_INFO_COMBINED</td> +<td style="text-align:left">(should be) for project documentation generation</td> +<td style="text-align:left">Multiple components with component license information</td> +</tr> +<tr> +<td style="text-align:left">SCAN_RESULT_REPORT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just description what scanners found without conclusions</td> +</tr> +<tr> +<td style="text-align:left">SCAN_RESULT_REPORT_XML</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Just description what scanners found without conclusions in XML</td> +</tr> +<tr> +<td style="text-align:left">SOURCE_SELF</td> +<td style="text-align:left">(should be) for sending to tools</td> +<td style="text-align:left">Source packages build self, because not available in the Internet</td> +</tr> +<tr> +<td style="text-align:left">BINARY</td> +<td style="text-align:left">future: for sending to tool doing binary analysis</td> +<td style="text-align:left">Binary from the publisher</td> +</tr> +<tr> +<td style="text-align:left">BINARY_SELF</td> +<td style="text-align:left">future: for sending to tool doing binary analysis</td> +<td style="text-align:left">Self built binary</td> +</tr> +<tr> +<td style="text-align:left">DECISION_REPORT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Decision information ref. the component</td> +</tr> +<tr> +<td style="text-align:left">LEGAL_EVALUATION</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Internally created legal evaluation</td> +</tr> +<tr> +<td style="text-align:left">LICENSE_AGREEMENT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">Document describing the license agreement</td> +</tr> +<tr> +<td style="text-align:left">SCREENSHOT</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">If licensing information is captured with screenshot</td> +</tr> +<tr> +<td style="text-align:left">OTHER</td> +<td style="text-align:left">n.a.</td> +<td style="text-align:left">If not document</td> +</tr> +</tbody> +</table>Docs: Record Creationhttps://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ +<h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> +<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> +<ul> +<li>What is the name of the vendor, the name of the component and what is the release designator?</li> +<li>For the Vendor +<ul> +<li>Does a CPE entry exist? +<ul> +<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> +<li>Use the same writing as found in the CPE dictionary</li> +</ul> +</li> +<li>A CPE does not exist? +<ul> +<li>Who is the copyright holder: an organization? +<ul> +<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> +</ul> +</li> +<li>A person +<ul> +<li>Look at the CPE dictionaries for example</li> +<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> +</ul> +</li> +</ul> +</li> +</ul> +</li> +<li>For a component +<ul> +<li>Again, does a CPE entry exist?</li> +<li>Separate Component name from release designation</li> +</ul> +</li> +<li>For a release +<ul> +<li>Do not repeat the component name</li> +<li>Use the release designation as provided by the software package</li> +<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> +</ul> +</li> +<li>For special cases: +<ul> +<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> +<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> +<li>Consider that leaving items out from a software release is actually a modification</li> +</ul> +</li> +</ul> +<h2 id="how-to-create-vendors">How to Create Vendors</h2> +<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> +<p>There are different cases:</p> +<ol> +<li> +<p>COTS:</p> +<ul> +<li> +<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> +</li> +<li> +<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> +</li> +<li> +<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> +</li> +<li> +<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> +</li> +<li> +<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> +</li> +</ul> +</li> +<li> +<p>Freeware</p> +<ul> +<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> +</ul> +</li> +<li> +<p>OSS:</p> +<ul> +<li> +<p>Community name, e.g. zlib project for zlib.</p> +</li> +<li> +<p>Or the org name of the github orgname or sourceforge group name</p> +</li> +<li> +<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> +</li> +<li> +<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> +</li> +<li> +<p>But eclipse has a github organization anyway, for example</p> +</li> +<li> +<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> +</li> +</ul> +</li> +</ol> +<p>Note that very release has its own vendor. as a consequence:</p> +<ul> +<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> +</ul> +<h2 id="naming-a-vendor">Naming a Vendor</h2> +<p>Each release of a component has a vendor or community. Having unambiguous vendor names is very helpful for managing 3rd party software components.</p> +<p>Required information:</p> +<ul> +<li><strong>Full name</strong> - The full name of the company, organization or person.</li> +<li><strong>Short name</strong> - A good short name, compatible to CPE (see section 8.3)</li> +<li><strong>URL</strong> - The URL of the organization or a URL where we can get more information about a person.</li> +</ul> +<h3 id="how-to-find-a-good-vendor-name">How to find a (good) vendor name?</h3> +<p>Some guidelines</p> +<ul> +<li>If there is a company (Microsoft, Oracle, Pivotal, etc.) behind the component, that&rsquo;s most probably the right vendor name.</li> +<li>If there is an well known open source community (Apache, Eclipse, etc.) behind the component, that&rsquo;s is the right vendor name.</li> +<li>If there is only a single person developing the component, then this is the vendor.</li> +<li>If there is a GitHub organization name or person name available, use this one.</li> +<li><strong>No vendor names are</strong>: &lsquo;Open Source Software&rsquo;, &lsquo;NuGet Gallery&rsquo;, &lsquo;CodePlex&rsquo;, &lsquo;Codeguru&rsquo;, &lsquo;Stack Overflow&rsquo;, &lsquo;CodeProject&rsquo;, etc. as these or only platform, where vendors can offer the projects and these name do not help to identify projects.</li> +</ul> +<h3 id="examples">Examples</h3> +<h4 id="microsoft">Microsoft</h4> +<p>Full name = Microsoft Corporation</p> +<p>Short name = Microsoft</p> +<p>URL = <a href="https://www.microsoft.com/en-in/"><span style="color:red">↗</span> www.microsoft.com</a></p> +<h4 id="apache">Apache</h4> +<p>Full name = Apache Software Foundation</p> +<p>Short name = Apache</p> +<p>URL = <a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org/</a></p> +<h4 id="constantin-titarenko">Constantin Titarenko</h4> +<p>Full name = Constantin Titarenko</p> +<p>Short name = constantin_titarenko (Note the underscore!)</p> +<p>URL = <a href="https://github.com/titarenko"><span style="color:red">↗</span> https://github.com/titarenko</a></p> +<h2 id="how-to-determine-the-cpe">How to determine the CPE?</h2> +<p>The Common Platform Enumeration (CPE) is used to have an unambiguous identification of a specific component release. This information is especially needed to find matching security vulnerability information.</p> +<h3 id="syntax-of-a-cpe-entry">Syntax of a CPE Entry</h3> +<p>The syntax of a CPE entry is defined as:</p> +<p><code>cpe:&lt;CPE-Version&gt;:&lt;part&gt;:&lt;vendor&gt;:&lt;product&gt;:&lt;version&gt;:&lt;update&gt;:&lt;edition&gt;:&lt;language&gt;</code></p> +<p><strong>CPE-Version</strong> refers to the CPE naming format version. We will always use version 2.3</p> +<p><strong>part</strong> refers to the type of the component (a = application, o = operating system, h =hardware device)</p> +<p><strong>vendor</strong> refers to the vendor or author of the component. Only small letters are allowed.</p> +<p><strong>product</strong> refers to the name of the product. Only small letters are allowed.</p> +<p><strong>version</strong> refers to the version of the product.</p> +<p><strong>update</strong> refers to the updates of this specific version</p> +<p><strong>edition</strong> and <strong>language</strong> can be used to specify more details</p> +<p>Non-existing or unknown party can get replaced by the placeholder &lsquo;*&rsquo;.</p> +<p><strong>Note</strong>: only small letters are allowed. Spaces have to be replaced by underlines &lsquo;_&rsquo;.</p> +<h3 id="examples-1">Examples</h3> +<p><strong>Microsoft .Net Framework, version 1.0 SP2</strong></p> +<p><code>cpe:2.3:a:microsoft:.net_framework:1.0:sp2:*:*:*:*:*:*</code></p> +<p><strong>Apache ActiveMQ, version 4.0</strong></p> +<p><code>cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*</code></p> +<p><strong>Apache log4net, version 1.2.9 beta</strong></p> +<p><code>cpe:2.3:a:apache:log4net:1.2.9_beta:*:*:*:*:*:*:*</code></p> +<p><strong>Oracle Java Runtime, version 1.7.0, update 51</strong></p> +<p><code>cpe:2.3:a:oracle:jre:1.7.0:update_51:*:*:*:*:*:*</code></p>Docs: License Naminghttps://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/ +<h2 id="guidelines">Guidelines</h2> +<p>Generally the license naming should conform with the SPDX Spec and the SPDX License List</p> +<p>Please see the &ldquo;License List Fields&rdquo; from <a href="https://spdx.org/spdx-license-list/license-list-overview#fields"><span style="color:red">↗</span> https://spdx.org/spdx-license-list/license-list-overview#fields</a></p> +<p>where there is especially for identifier:</p> +<h4 id="license-or-exception-identifier-aka-spdx-short-identifier">License or Exception Identifier (aka &ldquo;SPDX Short Identifier&rdquo;)</h4> +<p>Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere</p> +<ul> +<li>Short identifiers have no spaces in them</li> +<li>Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception</li> +<li>Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format</li> +<li>Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.)</li> +<li>Short identifiers should be as short in length as possible while staying consistent with all other naming criteria</li> +</ul> +<p>This lead to expressions like &ldquo;Apache-2.0&rdquo; or &ldquo;GPL-2.0&rdquo;.</p> +<h2 id="license-exceptions">License Exceptions</h2> +<p>As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report.</p> +<p>Class Path Exception</p> +<p>Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination.</p> +<p>As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may</p> +<h2 id="dual-licenses">Dual Licenses</h2> +<p>There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses.</p> +<p>Consider the following example:</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/dual_license.png"/> +</figure> +<p>The fact that it is &ldquo;LGPL-3.0+&rdquo; is confusing for these texts. It should be changed to the following:</p> +<ul> +<li>The License results shall be changed &ldquo;Dual-License&rdquo;. This is among other things required, to have the obligation to understand that for this component a license must be chosen</li> +<li>In the acknowledgement, there shall be documented which license decision comes is documented</li> +<li>For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out.</li> +</ul> +<h2 id="quick-checklist">Quick Checklist</h2> +<ul> +<li>Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes</li> +<li>Consider existing SPDX short names</li> +<li>Do not use &ldquo;Or later&rdquo; but &ldquo;+&rdquo; or &ldquo;-or-later&rdquo;</li> +<li>For triple licensing, use prefix &ldquo;Triple&rdquo;</li> +<li>ERASE COMMENT CHARACTERS! also erase prefix spaces at every line</li> +<li>Preserve paragraphs and line breaks</li> +<li>Avid markup in the license text except it is part of the licensing</li> +</ul> +<h2 id="multi-dual--licensing">Multi (DUAL-) Licensing</h2> +<ul> +<li>VERY Important, as conclusion, use the FOSSology &ldquo;Dual-license&rdquo;, please do not consider your own candidate just designating &ldquo;Dual License&rdquo; (because OR operators will not work in reporting)</li> +<li>For Dual License texts use prefix &ldquo;Dual-&rdquo;</li> +<li>For Triple, use &ldquo;Triple-&rdquo; (and for more &ldquo;Quadruple-&rdquo;)</li> +<li>For Dual Licensing, use alphabetical order to name the licenses</li> +<li>SPDX provides the rule to have this merged with &ldquo;OR&rdquo; (in capital letters) like &ldquo;Dual-MIT-OR-BSD&rdquo;</li> +</ul> +<h2 id="examples-for-renaming">Examples for Renaming</h2> +<table> +<thead> +<tr> +<th>Example Licence Short Name</th> +<th>Corrected Licence Short Name</th> +<th>Remarks</th> +</tr> +</thead> +<tbody> +<tr> +<td>BSD-3-Clause-Farin Urlaub</td> +<td>BSD-3-Clause-farin-urlaub</td> +<td>no empty spaces</td> +</tr> +<tr> +<td>GPL-2.0+_Variant Old address</td> +<td>GPL-2.0+-variant-old-address</td> +<td>no underscore</td> +</tr> +<tr> +<td>&ndash;Freeware</td> +<td>Freeware-variant-dumbumchong</td> +<td>no prefix dashes</td> +</tr> +<tr> +<td>BSD-3-Clause\IBM</td> +<td>&hellip;</td> +<td>do not use slashes (back and forward)</td> +</tr> +<tr> +<td>Permission Notice Gordon Sumner</td> +<td>HPND-gordon-sumner</td> +<td>consider SPDX shot name &ldquo;HPND&rdquo; for permission notice</td> +</tr> +<tr> +<td>BSD-3-Clause_Ajax.org B.V.</td> +<td>BSD-3-Clause-ajax</td> +<td></td> +</tr> +<tr> +<td>BSD-3-Clause_Yahoo! Inc</td> +<td>BSD-3-Clause-yahoo</td> +<td></td> +</tr> +<tr> +<td>BSD-2-Clause CISCO</td> +<td>BSD-2-Clause-cisco</td> +<td></td> +</tr> +<tr> +<td>&ndash;zlib-style</td> +<td>Zlib-variant-01</td> +<td>This license could be deleted anyway. (no text)</td> +</tr> +<tr> +<td>woodstock</td> +<td>Woodstok-Reference-Disclaimer</td> +<td>1. All short names shall begin with capital letter,<br>2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer.</td> +</tr> +<tr> +<td>Visual Studio SDK license terms</td> +<td>Microsoft-Visual-Studio-SDK-2015</td> +<td>looking at the text, it is from the 2015 version of the SDK</td> +</tr> +<tr> +<td>Trip MPL GPL Apache</td> +<td>Triple-Apache-2.0-LGPL-2.1-MPL-1.1</td> +<td>(looking at the text it was LGPL in fact)</td> +</tr> +<tr> +<td>&ndash;FIPL-1.0</td> +<td>FIPL-1.0</td> +<td>Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG.</td> +</tr> +<tr> +<td>Qt License Agreement_CEM</td> +<td>Qt-reference-commercial</td> +<td>In this case, it was reference text only and also only pointing to the commercial licensees only.</td> +</tr> +<tr> +<td>&ndash;Beer-ware-license-CEM01</td> +<td><code>Beerware</code></td> +<td>The text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there</td> +</tr> +<tr> +<td>FundsXpress License</td> +<td>FXL</td> +<td>Either FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it.</td> +</tr> +<tr> +<td>GFDL - 1.2+</td> +<td>GFDL-1.2+</td> +<td>just without spaces please</td> +</tr> +<tr> +<td>lgpl 2.1 J</td> +<td>LGPL-2.1-header</td> +<td>(was a header in this case, because lic text is already there) What does J mean? - no J needed</td> +</tr> +<tr> +<td>MIT !</td> +<td><em>do not use candidate licenses</em></td> +<td>Actual text was: &ldquo;This program is made available under the terms of the MIT License.&rdquo; - actually, not a license text!</td> +</tr> +<tr> +<td>Note</td> +<td><em>do not use this with candidates</em></td> +<td>Actual text was: &ldquo;(&ldquo;See <a href="http://oxyplot.codeplex.com"><span style="color:red">↗</span> http://oxyplot.codeplex.com</a> for more information.&rdquo;)&rdquo;</td> +</tr> +<tr> +<td>Permission_Notice_Timothy O&rsquo;Malley</td> +<td>HPND-omalley</td> +<td>do not use special chars, do use SPDX identfiers</td> +</tr> +</tbody> +</table> +<h2 id="notice-file">Notice File</h2> +<p>The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license.</p> +<p><code>== NOTICE file corresponding to the section 4 d of ==</code></p> +<p><code>== the Apache License, Version 2.0, ==</code></p> +<p><code>== in this case for the Apache Ant distribution. ==</code></p> +<p>=========================================================================</p> +<p><code>This product includes software developed by</code></p> +<p><code>The Apache Software Foundation</code> (<a href="http://www.apache.org/"><span style="color:red">↗</span> http://www.apache.org</a>).</p> +<p><code>This product includes also software developed by :</code></p> +<ul> +<li><code>the W3C consortium</code> (<a href="http://www.w3c.org"><span style="color:red">↗</span> http://www.w3c.org</a>),</li> +<li><code>the SAX project</code> (<a href="http://www.saxproject.org"><span style="color:red">↗</span> http://www.saxproject.org</a>)</li> +</ul> +<p><code>Please read the different LICENSE files present in the root directory of this distribution.</code></p> +<h2 id="open-questions">Open Questions</h2> +<ul> +<li>How to deal with notice files</li> +</ul> +<p>(1) <a href="https://spdx.org/spdx-specification-21-web-version"><span style="color:red">↗</span> https://spdx.org/spdx-specification-21-web-version</a></p> \ No newline at end of file diff --git a/docs/userguide/bestpractices/license-naming/index.html b/docs/userguide/bestpractices/license-naming/index.html index b1831c8..adddefd 100644 --- a/docs/userguide/bestpractices/license-naming/index.html +++ b/docs/userguide/bestpractices/license-naming/index.html @@ -1,980 +1,100 @@ - - - - - - - - - - - - - - - - - - - - -License Naming | Eclipse SW360 -License Naming | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    License Naming

    - -
    - - - - - - - - - - - - - -
    -

    Guidelines

    -

    Generally the license naming should conform with the SPDX Spec and the SPDX License List

    -

    Please see the “License List Fields” from https://spdx.org/spdx-license-list/license-list-overview#fields

    -

    where there is especially for identifier:

    -

    License or Exception Identifier (aka “SPDX Short Identifier”)

    -

    Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere

    -
      -
    • Short identifiers have no spaces in them
      • -
    • Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception
      • -
    • Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format
      • -
    • Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.)
      • -
    • Short identifiers should be as short in length as possible while staying consistent with all other naming criteria
      • -
    -

    This lead to expressions like “Apache-2.0” or “GPL-2.0”.

    -

    License Exceptions

    -

    As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report.

    -

    Class Path Exception

    -

    Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination.

    -

    As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may

    -

    Dual Licenses

    -

    There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses.

    -

    Consider the following example:

    - -
    - -
    - -

    The fact that it is “LGPL-3.0+” is confusing for these texts. It should be changed to the following:

    -
      -
    • The License results shall be changed “Dual-License”. This is among other things required, to have the obligation to understand that for this component a license must be chosen
      • -
    • In the acknowledgement, there shall be documented which license decision comes is documented
      • -
    • For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out.
      • -
    -

    Quick Checklist

    -
      -
    • Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes
      • -
    • Consider existing SPDX short names
      • -
    • Do not use “Or later” but “+” or “-or-later”
      • -
    • For triple licensing, use prefix “Triple”
      • -
    • ERASE COMMENT CHARACTERS! also erase prefix spaces at every line
      • -
    • Preserve paragraphs and line breaks
      • -
    • Avid markup in the license text except it is part of the licensing
      • -
    -

    Multi (DUAL-) Licensing

    -
      -
    • VERY Important, as conclusion, use the FOSSology “Dual-license”, please do not consider your own candidate just designating “Dual License” (because OR operators will not work in reporting)
      • -
    • For Dual License texts use prefix “Dual-”
      • -
    • For Triple, use “Triple-” (and for more “Quadruple-”)
      • -
    • For Dual Licensing, use alphabetical order to name the licenses
      • -
    • SPDX provides the rule to have this merged with “OR” (in capital letters) like “Dual-MIT-OR-BSD”
      • -
    -

    Examples for Renaming

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Example Licence Short NameCorrected Licence Short NameRemarks
    BSD-3-Clause-Farin UrlaubBSD-3-Clause-farin-urlaubno empty spaces
    GPL-2.0+_Variant Old addressGPL-2.0+-variant-old-addressno underscore
    –FreewareFreeware-variant-dumbumchongno prefix dashes
    BSD-3-Clause\IBMdo not use slashes (back and forward)
    Permission Notice Gordon SumnerHPND-gordon-sumnerconsider SPDX shot name “HPND” for permission notice
    BSD-3-Clause_Ajax.org B.V.BSD-3-Clause-ajax
    BSD-3-Clause_Yahoo! IncBSD-3-Clause-yahoo
    BSD-2-Clause CISCOBSD-2-Clause-cisco
    –zlib-styleZlib-variant-01This license could be deleted anyway. (no text)
    woodstockWoodstok-Reference-Disclaimer1. All short names shall begin with capital letter,
    2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer.
    Visual Studio SDK license termsMicrosoft-Visual-Studio-SDK-2015looking at the text, it is from the 2015 version of the SDK
    Trip MPL GPL ApacheTriple-Apache-2.0-LGPL-2.1-MPL-1.1(looking at the text it was LGPL in fact)
    –FIPL-1.0FIPL-1.0Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG.
    Qt License Agreement_CEMQt-reference-commercialIn this case, it was reference text only and also only pointing to the commercial licensees only.
    –Beer-ware-license-CEM01BeerwareThe text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there
    FundsXpress LicenseFXLEither FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it.
    GFDL - 1.2+GFDL-1.2+just without spaces please
    lgpl 2.1 JLGPL-2.1-header(was a header in this case, because lic text is already there) What does J mean? - no J needed
    MIT !do not use candidate licensesActual text was: “This program is made available under the terms of the MIT License.” - actually, not a license text!
    Notedo not use this with candidatesActual text was: “(“See http://oxyplot.codeplex.com for more information.”)”
    Permission_Notice_Timothy O’MalleyHPND-omalleydo not use special chars, do use SPDX identfiers
    -

    Notice File

    -

    The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license.

    -

    == NOTICE file corresponding to the section 4 d of ==

    -

    == the Apache License, Version 2.0, ==

    -

    == in this case for the Apache Ant distribution. ==

    -

    =========================================================================

    -

    This product includes software developed by

    -

    The Apache Software Foundation ( http://www.apache.org).

    -

    This product includes also software developed by :

    - -

    Please read the different LICENSE files present in the root directory of this distribution.

    -

    Open Questions

    -
      -
    • How to deal with notice files
      • -
    -

    (1) https://spdx.org/spdx-specification-21-web-version

    - - - -
    - Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +License or Exception Identifier (aka “SPDX Short Identifier”) Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere"> +

    License Naming

    Guidelines

    Generally the license naming should conform with the SPDX Spec and the SPDX License List

    Please see the “License List Fields” from https://spdx.org/spdx-license-list/license-list-overview#fields

    where there is especially for identifier:

    License or Exception Identifier (aka “SPDX Short Identifier”)

    Short identifier to be used to identify a license or exception match to licenses or exceptions contained on the SPDX License List in the context of an SPDX file, in source file, or elsewhere

    • Short identifiers have no spaces in them
    • Short identifiers consist of an abbreviation based on a common short name or acronym for the license or exception
    • Where applicable, the abbreviation will be followed by a dash and then the version number, in X.Y format
    • Where applicable, and if possible, the short identifier should be harmonised with other well-known open source naming sources (i.e., OSI, Fedora, etc.)
    • Short identifiers should be as short in length as possible while staying consistent with all other naming criteria

    This lead to expressions like “Apache-2.0” or “GPL-2.0”.

    License Exceptions

    As a provisoric handling advise, the exception text shall be combined with the license text as a license entry. This ensures that license and exception appear together in the clearing report.

    Class Path Exception

    Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination.

    As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may

    Dual Licenses

    There is the need to have a dual license text. FOSSology offers the dual license tag for this. The idea is to use this tag also for more than two licenses.

    Consider the following example:

    The fact that it is “LGPL-3.0+” is confusing for these texts. It should be changed to the following:

    • The License results shall be changed “Dual-License”. This is among other things required, to have the obligation to understand that for this component a license must be chosen
    • In the acknowledgement, there shall be documented which license decision comes is documented
    • For the referring files, also the different other licenses must be added as conclusions, so the texts are printed out.

    Quick Checklist

    • Shortname: No spaces, No slashses, No unserscore or similar spcial charaters, just use dashes
    • Consider existing SPDX short names
    • Do not use “Or later” but “+” or “-or-later”
    • For triple licensing, use prefix “Triple”
    • ERASE COMMENT CHARACTERS! also erase prefix spaces at every line
    • Preserve paragraphs and line breaks
    • Avid markup in the license text except it is part of the licensing

    Multi (DUAL-) Licensing

    • VERY Important, as conclusion, use the FOSSology “Dual-license”, please do not consider your own candidate just designating “Dual License” (because OR operators will not work in reporting)
    • For Dual License texts use prefix “Dual-”
    • For Triple, use “Triple-” (and for more “Quadruple-”)
    • For Dual Licensing, use alphabetical order to name the licenses
    • SPDX provides the rule to have this merged with “OR” (in capital letters) like “Dual-MIT-OR-BSD”

    Examples for Renaming

    Example Licence Short NameCorrected Licence Short NameRemarks
    BSD-3-Clause-Farin UrlaubBSD-3-Clause-farin-urlaubno empty spaces
    GPL-2.0+_Variant Old addressGPL-2.0+-variant-old-addressno underscore
    –FreewareFreeware-variant-dumbumchongno prefix dashes
    BSD-3-Clause\IBMdo not use slashes (back and forward)
    Permission Notice Gordon SumnerHPND-gordon-sumnerconsider SPDX shot name “HPND” for permission notice
    BSD-3-Clause_Ajax.org B.V.BSD-3-Clause-ajax
    BSD-3-Clause_Yahoo! IncBSD-3-Clause-yahoo
    BSD-2-Clause CISCOBSD-2-Clause-cisco
    –zlib-styleZlib-variant-01This license could be deleted anyway. (no text)
    woodstockWoodstok-Reference-Disclaimer1. All short names shall begin with capital letter,
    2. (not shown), the license text is not a license text actually, but just a reference in a header with disclaimer.
    Visual Studio SDK license termsMicrosoft-Visual-Studio-SDK-2015looking at the text, it is from the 2015 version of the SDK
    Trip MPL GPL ApacheTriple-Apache-2.0-LGPL-2.1-MPL-1.1(looking at the text it was LGPL in fact)
    –FIPL-1.0FIPL-1.0Double dash is an old thing coming from mainline ops. Currently there is no similar convention known for FOSSologyNG.
    Qt License Agreement_CEMQt-reference-commercialIn this case, it was reference text only and also only pointing to the commercial licensees only.
    –Beer-ware-license-CEM01BeerwareThe text says actually revision 42, revision 42 is a joke. It must be checked if the license is already there
    FundsXpress LicenseFXLEither FundsXpress or FXL because the point is to have a short name and thus, it would make sense to shorten it.
    GFDL - 1.2+GFDL-1.2+just without spaces please
    lgpl 2.1 JLGPL-2.1-header(was a header in this case, because lic text is already there) What does J mean? - no J needed
    MIT !do not use candidate licensesActual text was: “This program is made available under the terms of the MIT License.” - actually, not a license text!
    Notedo not use this with candidatesActual text was: “(“See http://oxyplot.codeplex.com for more information.”)”
    Permission_Notice_Timothy O’MalleyHPND-omalleydo not use special chars, do use SPDX identfiers

    Notice File

    The following text is not a license statement nor a reference to licensing but a notice file in the sense of the apache 2.0 license. As such, it is not suitable for being collected as a license.

    == NOTICE file corresponding to the section 4 d of ==

    == the Apache License, Version 2.0, ==

    == in this case for the Apache Ant distribution. ==

    =========================================================================

    This product includes software developed by

    The Apache Software Foundation ( http://www.apache.org).

    This product includes also software developed by :

    Please read the different LICENSE files present in the root directory of this distribution.

    Open Questions

    • How to deal with notice files

    (1) https://spdx.org/spdx-specification-21-web-version

    Last modified June 28, 2022: feat(docs): Add docs from main sw360 (85ce57e)
    + + + \ No newline at end of file diff --git a/docs/userguide/bestpractices/user-attachment-file-types/index.html b/docs/userguide/bestpractices/user-attachment-file-types/index.html index d052d3b..3c5f7bf 100644 --- a/docs/userguide/bestpractices/user-attachment-file-types/index.html +++ b/docs/userguide/bestpractices/user-attachment-file-types/index.html @@ -1,870 +1,95 @@ - - - - - - - - - - - - - - - - - - - - -Attachment File Types | Eclipse SW360 - - -Attachment File Types | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Attachment File Types

    - -
    - - - - - - - - - - - - - -
    -

    SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.

    -

    Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.

    -

    In summary, the following the types currently are as follows:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Type nameFunctionalityDescription
    SOURCEfor sending to toolsSource packages of a release as found on the Internet
    COMPONENT_LICENSE_INFO_XMLfor project documentation generationAn XML-based description of the licenses and coprights involved
    DESIGNn.a.Just nomenclature to name this not document
    REQUIREMENTn.a.Just a general placeholder for an attachment
    DOCUMENTn.a.Just a general placeholder for an attachment
    CLEARING_REPORTSetting clearing statusReporting information for component license state
    COMPONENT_LICENSE_INFO_COMBINED(should be) for project documentation generationMultiple components with component license information
    SCAN_RESULT_REPORTn.a.Just description what scanners found without conclusions
    SCAN_RESULT_REPORT_XMLn.a.Just description what scanners found without conclusions in XML
    SOURCE_SELF(should be) for sending to toolsSource packages build self, because not available in the Internet
    BINARYfuture: for sending to tool doing binary analysisBinary from the publisher
    BINARY_SELFfuture: for sending to tool doing binary analysisSelf built binary
    DECISION_REPORTn.a.Decision information ref. the component
    LEGAL_EVALUATIONn.a.Internally created legal evaluation
    LICENSE_AGREEMENTn.a.Document describing the license agreement
    SCREENSHOTn.a.If licensing information is captured with screenshot
    OTHERn.a.If not document
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +In summary, the following the types currently are as follows:"> +

    Attachment File Types

    SW360 maintains attachments for projects, components and releases. Currently, SW360 cannot automatically detect these types and is dependent on that users select the appropriate type accordingly. If not, some functionality will not properly kick of that uses such attachments.

    Also, maybe some of the types are redundant by now and are just legacy ideas that should be reviewed after two years now.

    In summary, the following the types currently are as follows:

    Type nameFunctionalityDescription
    SOURCEfor sending to toolsSource packages of a release as found on the Internet
    COMPONENT_LICENSE_INFO_XMLfor project documentation generationAn XML-based description of the licenses and coprights involved
    DESIGNn.a.Just nomenclature to name this not document
    REQUIREMENTn.a.Just a general placeholder for an attachment
    DOCUMENTn.a.Just a general placeholder for an attachment
    CLEARING_REPORTSetting clearing statusReporting information for component license state
    COMPONENT_LICENSE_INFO_COMBINED(should be) for project documentation generationMultiple components with component license information
    SCAN_RESULT_REPORTn.a.Just description what scanners found without conclusions
    SCAN_RESULT_REPORT_XMLn.a.Just description what scanners found without conclusions in XML
    SOURCE_SELF(should be) for sending to toolsSource packages build self, because not available in the Internet
    BINARYfuture: for sending to tool doing binary analysisBinary from the publisher
    BINARY_SELFfuture: for sending to tool doing binary analysisSelf built binary
    DECISION_REPORTn.a.Decision information ref. the component
    LEGAL_EVALUATIONn.a.Internally created legal evaluation
    LICENSE_AGREEMENTn.a.Document describing the license agreement
    SCREENSHOTn.a.If licensing information is captured with screenshot
    OTHERn.a.If not document
    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/bestpractices/workflows/index.html b/docs/userguide/bestpractices/workflows/index.html index 40badc6..1a85eb2 100644 --- a/docs/userguide/bestpractices/workflows/index.html +++ b/docs/userguide/bestpractices/workflows/index.html @@ -1,830 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -Workflows | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Workflows

    -
    SW360 User Workflows
    -
    - - - - - - - - - - - - - -
    -

    This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.

    -

    Create Component and Release

    -

    So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.

    -

    Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.

    -

    The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.

    - -
    - -
    - -

    Create a Project

    -

    A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term ‘project’ is used also for subsuming the term ‘product’.

    -

    As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.

    -

    In the diagram, the “clearing process” is mentioned, because the clearing process affects the software components of a project. The main approach is the following:

    -
      -
    • A project responsible sets up a project with used releases.
      • -
    • For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.
      • -
    • Once analyses for all releases are complete, the “clearing process” is finished for this project.
      • -
    -

    A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:

    -
      -
    • Visibility level
      • -
    • Project contacts
      • -
    • Important Dates for the project
      • -
    - -
    - -
    - -

    Moderation

    -

    The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):

    -
      -
    • The creator of a document (document is a project entry, a release entry etc)
      • -
    • Admins
      • -
    • Clearing admins
      • -
    • Moderators of this document
      • -
    • Other special roles, such as project responsible
      • -
    -

    Please see the page about the Role Authorization Model for more information.

    -

    If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:

    -
      -
    • The creator of a document (document is a project entry, a release entry etc)
      • -
    • Admins
      • -
    • Clearing admins
      • -
    • Moderators of this document
      • -
    -

    The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.

    - -
    - -
    - - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Workflows | Eclipse SW360 +

    Workflows

    SW360 User Workflows

    This page is one of the basic user workflow documentation pages. It can give orientation how the sw360 can be used - as guidance or orientation. There is no particular need to follow these workflows, it is just one way. Workflows are shown as flow charts.

    Create Component and Release

    So, the user would like to create an entry for zlib-1.2.8 for example in sw360. The main thing to know (see page basic concepts)is that sw360 separates releases from components: the release is the zlib-1.2.8 but the component is the zlib. By this approach, components as a kind of container type in sw360, holding several releases.

    Therefore, for a new component the user needs to create a component entry first, and then add a release to it. Just adding a release will not work. If a component with a different release already exists, the users add a release to the existing component.

    The intended roles for this can be a developer that would like to start caring for an OSS component or release. In addition a project owner / project owner can care for the components and releases part of the product or process.

    Create a Project

    A project is a structure to keep track on releases inside project, as well as other projects. Please note that a project can be also a product, depending on the type of business. the use of the term ‘project’ is used also for subsuming the term ‘product’.

    As for the integration case with the OSS software FOSSology, the project view allows for an overview, which of the used components have been analyzed with FOSSology already.

    In the diagram, the “clearing process” is mentioned, because the clearing process affects the software components of a project. The main approach is the following:

    • A project responsible sets up a project with used releases.
    • For the releases that were not analyzed before, the project responsible requests a clearing - source files can be transferred to FOSSology.
    • Once analyses for all releases are complete, the “clearing process” is finished for this project.

    A project it self does not need much information, it is just about the name and the version. Note that some of the information is like to be set at that time:

    • Visibility level
    • Project contacts
    • Important Dates for the project

    Moderation

    The moderation is the basic way of applying changes if the document is not created by someone else. In sw360 the following person can edit documents right away (without moderation request):

    • The creator of a document (document is a project entry, a release entry etc)
    • Admins
    • Clearing admins
    • Moderators of this document
    • Other special roles, such as project responsible

    Please see the page about the Role Authorization Model for more information.

    If the user who wishes to change a document and is not one of these, the moderator workflow kicks in. Then changes applied to the document are not really applied, but are sent to a moderator. Moderators are:

    • The creator of a document (document is a project entry, a release entry etc)
    • Admins
    • Clearing admins
    • Moderators of this document

    The moderator can review, approve or decline the request. Then, the requesting user can delete the request. The moderator request workflow is shown below.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/components/index.html b/docs/userguide/components/index.html index bb06a18..9fb1de4 100644 --- a/docs/userguide/components/index.html +++ b/docs/userguide/components/index.html @@ -1,1233 +1,103 @@ - - - - - - - - - - - - - - - - - - - - -Components | Eclipse SW360 -Components | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Components

    - -
    - - - - - - - - - - - - - -
    -

    2.0 Components

    -

    2.01 Introduction

    -

    The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.

    -

    To open a component page, click Components tab from the main menu. -You can find a particular component with Advanced Search, you can also add and edit components in this page.

    - -
    - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Sl.No.Description
    1Advanced Search
    2Add Component
    3Import SPDX BOM
    4Export Spreadsheet
    5Component List
    -

    2.02 Component List

    -

    On the component page, you can view all the components that are relevant to you. The components are listed with the following information:

    -
      -
    • Vendor: Vendor is organization which is selling the component or the community which is hosting the component.
      • -
    • Component Name: All components are listed by their names.
      • -
    • Main Licenses: The list of main licenses available for a component are displayed.
      • -
    • Component Type: Lists all the components by their type. For more information on component types, refer to A. General Info.
      • -
    • Actions: You can perform the following actions for a component: - - - - - - - - - - - - - - - - - -
      ActionDescription
      -
      - -
      -      		To edit a component
      -
      - -
      -      		To delete the component from SW360.
      -
      • -
    -

    NOTE: CLICK ON -

    - -
    - TO SORT LICENSE INFORMATION ALPHABETICALLY.

    - -

    Advanced Search dialogue box is used to search for a particular component.

    -
      -
    1. Search the component with Component Name and Categories.
      2. -
    2. Search the component with Component Type. Select the component type from the drop-down list. For more information on the component types, refer to A. General Information.
      3. -
    3. Search components with their coding Languages, Software Platforms, Operating Systems, Vendors and Main Licenses.
      4. -
    4. Search components with Created by (Email).
      5. -
    5. You can use Created on field to search for the components created on specific dates or specific time frames.
      6. -
    -

    2.04 Add Component

    -

    To add a new component, click Add Component from the component page, this will redirect you to another page where you can add component summary information.

    -

    1. Summary

    -

    A. General Information

    -

    NOTE: FIELDS MARKED "*" ARE MANDATORY. -

    -
      -
    1. Enter the Name of the component you want to create.
      -NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.
      2. -
    2. Select the Component Type from the drop-down list. -
        -
      • OSS: Open-Source Software
        • -
      • COTS: Commercial off-the-shelf
        • -
      • Internal: Internally used
        • -
      • Inner Source: OSS within a particular organization
        • -
      • Services: Developed as a service
        • -
      • Freeware: Software that is available free of cost
        • -
      • Code snippet: A small code which shows how to accomplish a specific task
        • -
      -
      3. -
    3. The field Created by is set automatically to the creator/owner of the component.
      4. -
    4. Click on Default Vendor field. -
        -
      • This opens a dialogue box, use the type field to search for the vendors.
        • -
      • Select the vendors
        • -
      • Click on Select Vendor.
        • -
      -
      5. -
    5. When you start typing in the Categories field, a list of categories that match are displayed to choose from.
      6. -
    6. Enter the Homepage URL, this is the web address for your component.
      7. -
    7. Enter a Short Description for your component.
      8. -
    8. Enter the Blog URL, this is the web address for the blog of your component.
      9. -
    9. Modified on date will be set automatically.
      10. -
    10. Enter the Wiki URL, this is web address for the wiki page of your component.
      11. -
    11. Modified by will be set automatically.
      12. -
    12. Enter the Mailing List URL, this is the web address of the mailing list of your component.
      13. -
    -

    B. Roles

    -

    -
      -
    1. -

      Component owner holds the component. Click on the field to select Component Owner.

      -
        -
      • This opens a dialogue box, use the type field to search for the Component Owner.
        • -
      • Select the users
        • -
      • Click on Select Users.
        • -
      -

      -
      2. -
    2. -

      Select a country from the list to assign as Owner Country.

      -
      3. -
    3. -

      Enter the Owner Accounting Unit.

      -
      4. -
    4. -

      Moderator is the user responsible for the component. Click on the field to select moderators.

      -
        -
      • This opens a dialogue box, use the type field to search for the moderator.
        • -
      • Select the users
        • -
      • Click on Select Users.
        • -
      -
      5. -
    -

    NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.

    -
      -
    1. Enter the Owner Billing Group.
      2. -
    -

    C. Additional Roles

    -

    To assign more roles to your project, use Click to Add Additional Roles.

    -

    -
      -
    1. -

      Select the type of role from the drop-down list.

      -
        -
      • Committer
        • -
      • Contributor
        • -
      • Expert
        • -
      -
      2. -
    2. -

      Enter Email address of the responsible personnel. To add multiple additional roles, repeat the same -procedure.

      -

      -
      3. -
    3. -

      To delete an additional role, click on .

      -
      4. -
    -

    D. External Ids

    -

    For more information on how to add an External ID for your component, refer to E. External Ids.

    -

    E. Additional Data

    -

    For more information on how to add an Additional Data for your component, refer to F. Additional Data.

    -

    After all the summary information is filled click on Create Component, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:

    -
      -
    • Releases
      • -
    • Attachments
      • -
    -

    2. Releases

    -

    A release is a specific version of a component. To add Release information for your component:

    -
      -
    1. -

      Click on Releases.

      -

      -
      2. -
    2. -

      Then click on Add Releases. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information

      -
        -
      • Summary
        • -
      • Linked Releases
        • -
      -
      3. -
    -

    A. Summary

    -

    NOTE: FIELDS MARKED "*" ARE MANDATORY.

    -

    -
      -
    1. Click on the field to select the Vendor for your component. This opens a dialogue box, search and select the vendor and click on Select Vendor.
      2. -
    2. Enter the Programming Languages used for the release.
      3. -
    3. Name for the release will be auto generated from the name given to the component.
      4. -
    4. Enter the Operating Systems used for the release.
      5. -
    5. Enter the Version for the release.
      6. -
    6. Enter the CPE (Common Platform Enumeration) ID for the release.
      7. -
    -

    -
      -
    1. -

      Enter the Software Platforms for the release.

      -
      2. -
    2. -

      Click on the field Other License to set other license information for the release. This opens a dialogue box, search and select the licenses and click on Select Licenses.

      -
      3. -
    3. -

      Set Release Date.

      -
      4. -
    4. -

      Enter the Source Code Download URL. This is the web address from where source code of the release can be downloaded.

      -
      5. -
    5. -

      Click on the field Main License to set other license information for the release. This opens a dialogue box, search and select the licenses and click on Select Licenses.

      -
      6. -
    6. -

      Enter Binary Download URL. This is the web address from where binary of the release can be downloaded.

      -
      7. -
    7. -

      Clearing state will be set to “new” by default.

      -
      8. -
    8. -

      Select the value for the Release Mainline State from the drop-down list.

      -
        -
      • Open: No license clearing
        • -
      • Mainline: Permissive license with no specific obligations
        • -
      • Specific: Permissive license with additional obligations with standard obligations
        • -
      • Phaseout: Not used anymore
        • -
      • Denied: Not to be used because of a specific reason
        • -
      -
      9. -
    9. -

      Created on is set automatically.

      -

      -
      10. -
    10. -

      Created by is set automatically.

      -
      11. -
    11. -

      Modified on is set automatically.

      -
      12. -
    12. -

      Click on the field to select Contributors. This opens a dialogue box, search and select the contributors and click on Select Users.

      -
      13. -
    13. -

      Modified by is set automatically.

      -
      14. -
    14. -

      Moderator is the user responsible for the release. Click on the field to select moderators.

      -
        -
      • This opens a dialogue box, use the type field to search for the moderator.
        • -
      • Select the users
        • -
      • Click on Select Users.
        • -
      -
      15. -
    -

    Additional Roles, refer to 3. Additional Roles.

    -

    External Ids, refer to 4. External Ids.

    -

    Additional Data, refer to 5. Additional Data.

    -

    Release Repository

    -

    You can add a release repository URL for your release. To add a release repository:

    -
      -
    1. -

      Select the Repository Type from the drop-down list.

      -
      2. -
    2. -

      Enter the Repository URL.

      -


      -
      3. -
    -

    B. Linked Releases

    -

    To add linked releases to your release, click on linked releases. For more information, refer to B. Linking Releases.

    -

    Click on Create Release to add more information for this release.

    -

    C. Clearing Details

    -

    Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. -To add clearing information to your release, click on Clearing Details.

    -

    -
      -
    • Check the boxes for all applicable clearing details.
      • -
    • Enter the applicable data for Scanned and Clearing Standard. For e.g., date or specific version of your License Scanner.
      • -
    • Enter External URL for the release.
      • -
    • Add Comments.
      • -
    -

    Request Information

    -

    -

    To request more information regarding the release, follow the procedure:

    -
      -
    • Enter Request ID and Additional request Info.
      • -
    • Set Evaluation Start and Evaluation End date.
      • -
    -

    Supplemental Information

    -

    -

    You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.

    -
      -
    • Enter External Supplier Id and the count of Vulnerabilities.
      • -
    -

    D. ECC Details

    -

    NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.

    -

    -

    To enter ECC details for a release click on ECC Details.

    -
      -
    • Select the ECC Status from the drop-down list. -
        -
      • Open
        • -
      • In progress
        • -
      • Approved
        • -
      • Rejected
        • -
      -
      • -
    • Add ECC Comment, if required.
      • -
    • Enter Ausfuhrliste, this is a German ECC number.
      • -
    • Enter ECCN and Material Index Number.
      • -
    • Assessor Contact Person, Assessor Department and Assessment date will be set automatically.
      • -
    -

    E. Attachments

    -

    You can add or modify the attachments to your release. To add attachments, click on Attachments on the left. For more information on how to add attachments to the release, refer to 1.06 Edit project.

    -

    -

    After entering all the release information, click on Update Release.

    -

    To delete the release, click on Delete Release.

    -

    If you do not want to create a release, click on Cancel.

    -

    2.05 Edit Component

    -
      -
    1. Search for the components you want to edit or navigate from the component list.
      2. -
    2. Click on from the actions column. You can also edit a component by clicking on the component and then clicking on Edit Component.
      3. -
    3. You can view summary, releases, and attachment information of the component.
      4. -
    4. Click on Summary to edit component summary information. For more information on the fields to edit, refer to 1. Summary.
      5. -
    5. Click on Releases to view all the releases that are linked to the component. If you want to add more releases to the component click on Add Releases at the bottom of the list. For more information on how to add a release, refer to 2. Releases.
      6. -
    6. Click on Attachments to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of 1.06 Edit project.
      7. -
    7. To update the new component information, click on Update Component.
      8. -
    8. To delete the component, click on Delete Component.
      9. -
    9. If you do not want to edit the component, click on Cancel.
      10. -
    -

    2.06 View Component

    -

    To open a view mode for a component:

    -
      -
    1. Search for the components you want to edit or navigate from the component list.
      2. -
    2. Click on the component name.
      3. -
    3. You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.
      4. -
    4. You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.
      5. -
    -

    A. Merge

    -

    This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. -To merge a component with another, click on Merge. This action will redirect you to another page where you can:

    -
      -
    1. Choose the from the list of components that should be merged into the current one.
      2. -
    2. Merge the data from the source into the target component.
      3. -
    3. Check the merged component and confirm the merge.
      4. -
    -

    B. Split

    -

    This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.

    -

    To Split a component, click on Split. This action will redirect you to another page where you can:

    -
      -
    1. Choose a target component into which the current component needs to split.
      2. -
    2. Split the data from current component to the target component.
      3. -
    3. Check the split version of the component and confirm the split.
      4. -
    -

    C. Subscribe

    -

    You can Subscribe to a component to get notified with emails when any changes are made to the component.

    -

    To not get notified for a particular component, click Unsubscribe.

    -

    D. View Component Information

    -

    You can view component information by navigating the navigation tree.

    -
      -
    1. To view component summary, click on Summary. To edit summary information for the component, refer to 2.05 Edit Component.
      2. -
    2. Click on Release Overview to view all the releases for the component. To edit details for any of the linked releases click on -from the actions column, this will redirect you to a release view page where you can view the following: -
        -
      • Release Summary
        • -
      • Linked Releases
        • -
      • Clearing Details
        • -
      • ECC details
        • -
      • Attachments
        • -
      • Vulnerabilities
        • -
      • Change Log
        • -
      -
      3. -
    -

    For more information on these sections, refer to 2. Releases.

    -

    Clearing Details

    -

    You can view the following clearing information for the release in view mode:

    -
      -
    • SPDX Attachments
      • -
    • Assessment Summary info
      • -
    -

    SPDX Attachments

    -

    SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.

    -

    -
      -
    • Click on Show license info to view main license Ids and Other license ids.
      • -
    -

    -
      -
    • If you want to add this data to the current release, click on Add data to this release.
      • -
    -

    Assessment Summary Info

    -

    You can view if the clearing expert has added any summary in the clearing report.

    -
      -
    • To view the summary, click on Show Assessment Summary info.
      • -
    • If there are multiple approved releases, this section will display text “multiple approved CLI found in release”.
      • -
    -

    Vulnerabilities

    -

    All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.

    -

    -
      -
    1. Click on Vulnerability on the left to view all the linked vulnerabilities for this release/component.
      2. -
    2. You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.
      3. -
    3. To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.
      4. -
    -

    Change Log

    -

    You can see all the changes that are done for the release/component in change log section.

    -

    -
      -
    1. To view all the changes done for the release click on Change Log.
      2. -
    2. You can now view change date, change log id, change type and user.
      3. -
    3. Click on to view all the changes done for a change log id.
      4. -
    4. Click on to view the moderation request details for a change log id.
      5. -
    -

    2.07 Import SPDX BOM

    -

    For more information on importing SBOM, refer to 1.05 Import SBOM.

    -

    2.08 Export Spreadsheet

    -

    For more information on exporting spreadsheet, refer to 1.13 Export Spreadsheet.

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Sl.No. Description 1 Advanced Search 2 Add Component 3 Import SPDX BOM 4 Export Spreadsheet 5 Component List 2."> +

    Components

    2.0 Components

    2.01 Introduction

    The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.

    To open a component page, click Components tab from the main menu. +You can find a particular component with Advanced Search, you can also add and edit components in this page.

    Sl.No.Description
    1Advanced Search
    2Add Component
    3Import SPDX BOM
    4Export Spreadsheet
    5Component List

    2.02 Component List

    On the component page, you can view all the components that are relevant to you. The components are listed with the following information:

    • Vendor: Vendor is organization which is selling the component or the community which is hosting the component.
    • Component Name: All components are listed by their names.
    • Main Licenses: The list of main licenses available for a component are displayed.
    • Component Type: Lists all the components by their type. For more information on component types, refer to A. General Info.
    • Actions: You can perform the following actions for a component:
      ActionDescription
      		To edit a component
      		To delete the component from SW360.

    NOTE: CLICK ON

    TO SORT LICENSE INFORMATION ALPHABETICALLY.

    Advanced Search dialogue box is used to search for a particular component.

    1. Search the component with Component Name and Categories.
    2. Search the component with Component Type. Select the component type from the drop-down list. For more information on the component types, refer to A. General Information.
    3. Search components with their coding Languages, Software Platforms, Operating Systems, Vendors and Main Licenses.
    4. Search components with Created by (Email).
    5. You can use Created on field to search for the components created on specific dates or specific time frames.

    2.04 Add Component

    To add a new component, click Add Component from the component page, this will redirect you to another page where you can add component summary information.

    1. Summary

    A. General Information

    NOTE: FIELDS MARKED "*" ARE MANDATORY. +

    1. Enter the Name of the component you want to create.
      NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.
    2. Select the Component Type from the drop-down list.
      • OSS: Open-Source Software
      • COTS: Commercial off-the-shelf
      • Internal: Internally used
      • Inner Source: OSS within a particular organization
      • Services: Developed as a service
      • Freeware: Software that is available free of cost
      • Code snippet: A small code which shows how to accomplish a specific task
    3. The field Created by is set automatically to the creator/owner of the component.
    4. Click on Default Vendor field.
      • This opens a dialogue box, use the type field to search for the vendors.
      • Select the vendors
      • Click on Select Vendor.
    5. When you start typing in the Categories field, a list of categories that match are displayed to choose from.
    6. Enter the Homepage URL, this is the web address for your component.
    7. Enter a Short Description for your component.
    8. Enter the Blog URL, this is the web address for the blog of your component.
    9. Modified on date will be set automatically.
    10. Enter the Wiki URL, this is web address for the wiki page of your component.
    11. Modified by will be set automatically.
    12. Enter the Mailing List URL, this is the web address of the mailing list of your component.

    B. Roles

    1. Component owner holds the component. Click on the field to select Component Owner.

      • This opens a dialogue box, use the type field to search for the Component Owner.
      • Select the users
      • Click on Select Users.

    2. Select a country from the list to assign as Owner Country.

    3. Enter the Owner Accounting Unit.

    4. Moderator is the user responsible for the component. Click on the field to select moderators.

      • This opens a dialogue box, use the type field to search for the moderator.
      • Select the users
      • Click on Select Users.

    NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.

    1. Enter the Owner Billing Group.

    C. Additional Roles

    To assign more roles to your project, use Click to Add Additional Roles.

    1. Select the type of role from the drop-down list.

      • Committer
      • Contributor
      • Expert

    2. Enter Email address of the responsible personnel. To add multiple additional roles, repeat the same +procedure.

    3. To delete an additional role, click on .

    D. External Ids

    For more information on how to add an External ID for your component, refer to E. External Ids.

    E. Additional Data

    For more information on how to add an Additional Data for your component, refer to F. Additional Data.

    After all the summary information is filled click on Create Component, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:

    • Releases
    • Attachments

    2. Releases

    A release is a specific version of a component. To add Release information for your component:

    1. Click on Releases.

    2. Then click on Add Releases. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information

      • Summary
      • Linked Releases

    A. Summary

    NOTE: FIELDS MARKED "*" ARE MANDATORY.

    1. Click on the field to select the Vendor for your component. This opens a dialogue box, search and select the vendor and click on Select Vendor.
    2. Enter the Programming Languages used for the release.
    3. Name for the release will be auto generated from the name given to the component.
    4. Enter the Operating Systems used for the release.
    5. Enter the Version for the release.
    6. Enter the CPE (Common Platform Enumeration) ID for the release.

    1. Enter the Software Platforms for the release.

    2. Click on the field Other License to set other license information for the release. This opens a dialogue box, search and select the licenses and click on Select Licenses.

    3. Set Release Date.

    4. Enter the Source Code Download URL. This is the web address from where source code of the release can be downloaded.

    5. Click on the field Main License to set other license information for the release. This opens a dialogue box, search and select the licenses and click on Select Licenses.

    6. Enter Binary Download URL. This is the web address from where binary of the release can be downloaded.

    7. Clearing state will be set to “new” by default.

    8. Select the value for the Release Mainline State from the drop-down list.

      • Open: No license clearing
      • Mainline: Permissive license with no specific obligations
      • Specific: Permissive license with additional obligations with standard obligations
      • Phaseout: Not used anymore
      • Denied: Not to be used because of a specific reason

    9. Created on is set automatically.

    10. Created by is set automatically.

    11. Modified on is set automatically.

    12. Click on the field to select Contributors. This opens a dialogue box, search and select the contributors and click on Select Users.

    13. Modified by is set automatically.

    14. Moderator is the user responsible for the release. Click on the field to select moderators.

      • This opens a dialogue box, use the type field to search for the moderator.
      • Select the users
      • Click on Select Users.

    Additional Roles, refer to 3. Additional Roles.

    External Ids, refer to 4. External Ids.

    Additional Data, refer to 5. Additional Data.

    Release Repository

    You can add a release repository URL for your release. To add a release repository:

    1. Select the Repository Type from the drop-down list.

    2. Enter the Repository URL.


    B. Linked Releases

    To add linked releases to your release, click on linked releases. For more information, refer to B. Linking Releases.

    Click on Create Release to add more information for this release.

    C. Clearing Details

    Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. +To add clearing information to your release, click on Clearing Details.

    • Check the boxes for all applicable clearing details.
    • Enter the applicable data for Scanned and Clearing Standard. For e.g., date or specific version of your License Scanner.
    • Enter External URL for the release.
    • Add Comments.

    Request Information

    To request more information regarding the release, follow the procedure:

    • Enter Request ID and Additional request Info.
    • Set Evaluation Start and Evaluation End date.

    Supplemental Information

    You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.

    • Enter External Supplier Id and the count of Vulnerabilities.

    D. ECC Details

    NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.

    To enter ECC details for a release click on ECC Details.

    • Select the ECC Status from the drop-down list.
      • Open
      • In progress
      • Approved
      • Rejected
    • Add ECC Comment, if required.
    • Enter Ausfuhrliste, this is a German ECC number.
    • Enter ECCN and Material Index Number.
    • Assessor Contact Person, Assessor Department and Assessment date will be set automatically.

    E. Attachments

    You can add or modify the attachments to your release. To add attachments, click on Attachments on the left. For more information on how to add attachments to the release, refer to 1.06 Edit project.

    After entering all the release information, click on Update Release.

    To delete the release, click on Delete Release.

    If you do not want to create a release, click on Cancel.

    2.05 Edit Component

    1. Search for the components you want to edit or navigate from the component list.
    2. Click on from the actions column. You can also edit a component by clicking on the component and then clicking on Edit Component.
    3. You can view summary, releases, and attachment information of the component.
    4. Click on Summary to edit component summary information. For more information on the fields to edit, refer to 1. Summary.
    5. Click on Releases to view all the releases that are linked to the component. If you want to add more releases to the component click on Add Releases at the bottom of the list. For more information on how to add a release, refer to 2. Releases.
    6. Click on Attachments to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of 1.06 Edit project.
    7. To update the new component information, click on Update Component.
    8. To delete the component, click on Delete Component.
    9. If you do not want to edit the component, click on Cancel.

    2.06 View Component

    To open a view mode for a component:

    1. Search for the components you want to edit or navigate from the component list.
    2. Click on the component name.
    3. You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.
    4. You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.

    A. Merge

    This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. +To merge a component with another, click on Merge. This action will redirect you to another page where you can:

    1. Choose the from the list of components that should be merged into the current one.
    2. Merge the data from the source into the target component.
    3. Check the merged component and confirm the merge.

    B. Split

    This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.

    To Split a component, click on Split. This action will redirect you to another page where you can:

    1. Choose a target component into which the current component needs to split.
    2. Split the data from current component to the target component.
    3. Check the split version of the component and confirm the split.

    C. Subscribe

    You can Subscribe to a component to get notified with emails when any changes are made to the component.

    To not get notified for a particular component, click Unsubscribe.

    D. View Component Information

    You can view component information by navigating the navigation tree.

    1. To view component summary, click on Summary. To edit summary information for the component, refer to 2.05 Edit Component.
    2. Click on Release Overview to view all the releases for the component. To edit details for any of the linked releases click on +from the actions column, this will redirect you to a release view page where you can view the following:
      • Release Summary
      • Linked Releases
      • Clearing Details
      • ECC details
      • Attachments
      • Vulnerabilities
      • Change Log

    For more information on these sections, refer to 2. Releases.

    Clearing Details

    You can view the following clearing information for the release in view mode:

    • SPDX Attachments
    • Assessment Summary info

    SPDX Attachments

    SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.

    • Click on Show license info to view main license Ids and Other license ids.

    • If you want to add this data to the current release, click on Add data to this release.

    Assessment Summary Info

    You can view if the clearing expert has added any summary in the clearing report.

    • To view the summary, click on Show Assessment Summary info.
    • If there are multiple approved releases, this section will display text “multiple approved CLI found in release”.

    Vulnerabilities

    All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.

    1. Click on Vulnerability on the left to view all the linked vulnerabilities for this release/component.
    2. You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.
    3. To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.

    Change Log

    You can see all the changes that are done for the release/component in change log section.

    1. To view all the changes done for the release click on Change Log.
    2. You can now view change date, change log id, change type and user.
    3. Click on to view all the changes done for a change log id.
    4. Click on to view the moderation request details for a change log id.

    2.07 Import SPDX BOM

    For more information on importing SBOM, refer to 1.05 Import SBOM.

    2.08 Export Spreadsheet

    For more information on exporting spreadsheet, refer to 1.13 Export Spreadsheet.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/dependency_network/index.html b/docs/userguide/dependency_network/index.html index bf4c9ca..1df4c78 100644 --- a/docs/userguide/dependency_network/index.html +++ b/docs/userguide/dependency_network/index.html @@ -1,926 +1,167 @@ - - - - - - - - - - - - - - - - - - - - -Dependency Network Feature | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Dependency Network Feature

    -
    Dependency-Network-Feature
    -
    - - - - - - - - - - - - - -
    -

    How to enable this feature

    -

    To use this function, please:

    -
      -
    1. -

      Build the source code and deploy.

      -
      2. -
    2. -

      Add config enable.flexible.project.release.relationship=true (/etc/sw360/sw360.properties) to enable the feature.

      -
      3. -
    -

    The following changes will work when enable.flexible.project.release.relationship=true only.

    -
      -
    1. Use the migration script (056_migrate_project_dependency_network.py) we provided to mograte the database.
      2. -
    -

    Before you run the script, please change two places in the script:

    -

    (1) Line 30: DRY_RUN = True -> DRY_RUN = False

    -

    (2) Line 32: COUCHSERVER = 'http://localhost:5984/' -> COUCHSERVER = 'http://admin:password@localhost:5984/'

    -

    admin and password should be your username and password for CouchDB.

    -

    1. Introduction

    -

    The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.

    -

    2. How to use?

    -

    This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. -Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.

    - -
    - -
    - -

    2.1. The changes of edit project GUI

    -

    In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:

    -

    a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.

    - -
    - -
    - -

    b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.

    - -
    - -
    - -

    c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).

    - -
    - -
    - -

    d. The combo box allows the user to modify the version of a dependency.

    - -
    - -
    - -

    e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.

    - -
    - -
    - -

    2.3 Rest API changes

    -

    New Rest APIs

    -

    a. 3.3.35. Get a single project with dependencies network

    -

    The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):

    -
    {
-  "name" : "Emerald Web",
-  "dependencyNetwork": [
-      {
-          "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac",
-          "releaseLink": [
-              {
-                  "releaseId": "3bed97a1c7ac4c32846ef4be985b648c",
-                  "releaseLink": [
-                      {
-                          "releaseId": "6a8250852362462095c57535294039e4",
-                          "releaseLink": [],
-                          "releaseRelationship": "TO_BE_REPLACED",
-                          "mainlineState": "PHASEOUT",
-                          "comment": "Test Comment",
-                          "createOn": "2023-05-15",
-                          "createBy": "admin@sw360.org"
-                      }
-                  ],
-                  "releaseRelationship": "INTERNAL_USE",
-                  "mainlineState": "OPEN",
-                  "comment": "Test Comment",
-                  "createOn": "2023-05-15",
-                  "createBy": "admin@sw360.org"
-              }
-          ],
-          "releaseRelationship": "STATICALLY_LINKED",
-          "mainlineState": "MAINLINE",
-          "comment": "Test Comment",
-          "createOn": "2023-05-15",
-          "createBy": "admin@sw360.org"
-      },
-      {
-          "releaseId": "f1d860e7576a44798ee3daff57a3a886",
-          "releaseLink": [],
-          "releaseRelationship": "OPTIONAL",
-          "mainlineState": "OPEN",
-          "comment": "Test Comment",
-          "createOn": "2023-05-15",
-          "createBy": "admin@sw360.org"
-      }
-  ]
-}
-

    b. 3.3.36. Creating a project with dependencies network

    -

    If the dependencyNetwork field is included in the request body, a dependency network will be registered for the project.

    -
      -
    • Simple example request (modify releaseIds to the existing release ids in sw360):
      • -
    -
    {
-    "name": "TestProject1",
-    "dependencyNetwork": [
-        {
-            "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac",
-            "releaseLink": [
-                {
-                    "releaseId": "3bed97a1c7ac4c32846ef4be985b648c",
-                    "releaseLink": [
-                    ],
-                    "releaseRelationship": "INTERNAL_USE",
-                    "mainlineState": "OPEN",
-                    "comment": "Test Comment",
-                    "createOn": "2023-05-15",
-                    "createBy": "admin@sw360.org"
-                }
-            ],
-            "releaseRelationship": "STATICALLY_LINKED",
-            "mainlineState": "MAINLINE",
-            "comment": "Test Comment",
-            "createOn": "2023-05-15",
-            "createBy": "admin@sw360.org"
-        },
-        {
-            "releaseId": "f1d860e7576a44798ee3daff57a3a886",
-            "releaseLink": [],
-            "releaseRelationship": "OPTIONAL",
-            "mainlineState": "OPEN",
-            "comment": "Test Comment",
-            "createOn": "2023-05-15",
-            "createBy": "admin@sw360.org"
-        }
-    ]
-}
-

    c. 3.3.37. Update a project with dependencies network

    -

    Same request body as “Creating a project with dependencies network”.

    - - - -
    - Last modified September 15, 2023: Feat(Dependency_network): Add dependency network feature docs (e1b45cb) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Dependency Network Feature | Eclipse SW360 +

    Dependency Network Feature

    Dependency-Network-Feature

    How to enable this feature

    To use this function, please:

    1. Build the source code and deploy.

    2. Add config enable.flexible.project.release.relationship=true (/etc/sw360/sw360.properties) to enable the feature.

    The following changes will work when enable.flexible.project.release.relationship=true only.

    1. Use the migration script (056_migrate_project_dependency_network.py) we provided to mograte the database.

    Before you run the script, please change two places in the script:

    (1) Line 30: DRY_RUN = True -> DRY_RUN = False

    (2) Line 32: COUCHSERVER = 'http://localhost:5984/' -> COUCHSERVER = 'http://admin:password@localhost:5984/'

    admin and password should be your username and password for CouchDB.

    1. Introduction

    The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.

    2. How to use?

    This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. +Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.

    2.1. The changes of edit project GUI

    In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:

    a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.

    b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.

    c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).

    d. The combo box allows the user to modify the version of a dependency.

    e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.

    2.3 Rest API changes

    New Rest APIs

    a. 3.3.35. Get a single project with dependencies network

    The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):

    {
+  "name" : "Emerald Web",
+  "dependencyNetwork": [
+      {
+          "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac",
+          "releaseLink": [
+              {
+                  "releaseId": "3bed97a1c7ac4c32846ef4be985b648c",
+                  "releaseLink": [
+                      {
+                          "releaseId": "6a8250852362462095c57535294039e4",
+                          "releaseLink": [],
+                          "releaseRelationship": "TO_BE_REPLACED",
+                          "mainlineState": "PHASEOUT",
+                          "comment": "Test Comment",
+                          "createOn": "2023-05-15",
+                          "createBy": "admin@sw360.org"
+                      }
+                  ],
+                  "releaseRelationship": "INTERNAL_USE",
+                  "mainlineState": "OPEN",
+                  "comment": "Test Comment",
+                  "createOn": "2023-05-15",
+                  "createBy": "admin@sw360.org"
+              }
+          ],
+          "releaseRelationship": "STATICALLY_LINKED",
+          "mainlineState": "MAINLINE",
+          "comment": "Test Comment",
+          "createOn": "2023-05-15",
+          "createBy": "admin@sw360.org"
+      },
+      {
+          "releaseId": "f1d860e7576a44798ee3daff57a3a886",
+          "releaseLink": [],
+          "releaseRelationship": "OPTIONAL",
+          "mainlineState": "OPEN",
+          "comment": "Test Comment",
+          "createOn": "2023-05-15",
+          "createBy": "admin@sw360.org"
+      }
+  ]
+}
+

    b. 3.3.36. Creating a project with dependencies network

    If the dependencyNetwork field is included in the request body, a dependency network will be registered for the project.

    • Simple example request (modify releaseIds to the existing release ids in sw360):
    {
+    "name": "TestProject1",
+    "dependencyNetwork": [
+        {
+            "releaseId": "9efc5766cd0c41d4a40547b99f5b91ac",
+            "releaseLink": [
+                {
+                    "releaseId": "3bed97a1c7ac4c32846ef4be985b648c",
+                    "releaseLink": [
+                    ],
+                    "releaseRelationship": "INTERNAL_USE",
+                    "mainlineState": "OPEN",
+                    "comment": "Test Comment",
+                    "createOn": "2023-05-15",
+                    "createBy": "admin@sw360.org"
+                }
+            ],
+            "releaseRelationship": "STATICALLY_LINKED",
+            "mainlineState": "MAINLINE",
+            "comment": "Test Comment",
+            "createOn": "2023-05-15",
+            "createBy": "admin@sw360.org"
+        },
+        {
+            "releaseId": "f1d860e7576a44798ee3daff57a3a886",
+            "releaseLink": [],
+            "releaseRelationship": "OPTIONAL",
+            "mainlineState": "OPEN",
+            "comment": "Test Comment",
+            "createOn": "2023-05-15",
+            "createBy": "admin@sw360.org"
+        }
+    ]
+}
+

    c. 3.3.37. Update a project with dependencies network

    Same request body as “Creating a project with dependencies network”.

    Last modified September 15, 2023: Feat(Dependency_network): Add dependency network feature docs (e1b45cb)
    + + + \ No newline at end of file diff --git a/docs/userguide/faq/index.html b/docs/userguide/faq/index.html index 042ef64..9361339 100644 --- a/docs/userguide/faq/index.html +++ b/docs/userguide/faq/index.html @@ -1,826 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -SW360 User Frequently Asked Questions | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SW360 User Frequently Asked Questions

    - -
    - - - - - - - - - - - - - -
    -
    Q: Who should be listed as Moderator?
    -

    A: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role ‘Software Clearing Site Representative’.

    -
    Q: Who should be listed as Contributor?
    -

    A: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.

    -
    Q: I have changed a project, component, release or attachment, but SW360 does not show the changes?
    -

    A: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called ‘Moderation Request’ is generated. A Moderator needs to approve your changes. Go to the Home view an check the box ‘My Task Submissions’, the project, component, or release should be listed there.

    -
    Q: What should I enter in the field ‘Visibility’.
    -

    A: Visibility controls which group of people is allowed to see a project. The default setting is ‘Everyone’, i.e. everyone within an organisation can see the project and all its releases.

    -
    Q: How can I change the ‘Clearing State’ of a release?
    -

    A: There is no direct way to do it. If there is no clearing report available, the clearing state will be ‘New’. If a clearing report available it will be ‘Clearing report available’. If at least one clearing report has been approved, the clearing state will be ‘Approved’.

    -
    Q: I can’t find a specific release inside my project – what can I do?
    -

    A: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.

    -
    Q: I can’t delete my component called ‘Tom’s Test Component’.
    -

    A: Do not use special characters like single or double quotes. To be able to delete such a component or release you’ll first have to rename it…

    -
    Q: What is Copyleft Effect?
    -

    A: Copyleft effect is the reverse idea of copyright. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that modified software must also be free and becomes available to the community.

    -
    Q: Different Classification of the Open Source Licenses.
    -

    A: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    License ClassLicense Name(s)RisksObligations
    White LicensesMIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)low riskMostly standard obligations: display license text, display copyrights
    Yellow LicensesCDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPLmedium risk - because of non-standard obligtions in some casesDisplay license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses
    Red LicensesGPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPLcheck before use some special obligation which might be not in line with your lansDisplay license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used
    Red LicensesSleepyCat, Aladdin Free Public License; Berkeley DB licensesreally check before use because of nearly unlimited copy left effectBefore thinking about components licensed under these license, get in contact with your software licensing experts!
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +SW360 User Frequently Asked Questions | Eclipse SW360 +

    SW360 User Frequently Asked Questions

    Q: Who should be listed as Moderator?

    A: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role ‘Software Clearing Site Representative’.

    Q: Who should be listed as Contributor?

    A: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.

    Q: I have changed a project, component, release or attachment, but SW360 does not show the changes?

    A: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called ‘Moderation Request’ is generated. A Moderator needs to approve your changes. Go to the Home view an check the box ‘My Task Submissions’, the project, component, or release should be listed there.

    Q: What should I enter in the field ‘Visibility’.

    A: Visibility controls which group of people is allowed to see a project. The default setting is ‘Everyone’, i.e. everyone within an organisation can see the project and all its releases.

    Q: How can I change the ‘Clearing State’ of a release?

    A: There is no direct way to do it. If there is no clearing report available, the clearing state will be ‘New’. If a clearing report available it will be ‘Clearing report available’. If at least one clearing report has been approved, the clearing state will be ‘Approved’.

    Q: I can’t find a specific release inside my project – what can I do?

    A: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.

    Q: I can’t delete my component called ‘Tom’s Test Component’.

    A: Do not use special characters like single or double quotes. To be able to delete such a component or release you’ll first have to rename it…

    Q: What is Copyleft Effect?

    A: Copyleft effect is the reverse idea of copyright. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that modified software must also be free and becomes available to the community.

    Q: Different Classification of the Open Source Licenses.

    A: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:

    License ClassLicense Name(s)RisksObligations
    White LicensesMIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)low riskMostly standard obligations: display license text, display copyrights
    Yellow LicensesCDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPLmedium risk - because of non-standard obligtions in some casesDisplay license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses
    Red LicensesGPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPLcheck before use some special obligation which might be not in line with your lansDisplay license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used
    Red LicensesSleepyCat, Aladdin Free Public License; Berkeley DB licensesreally check before use because of nearly unlimited copy left effectBefore thinking about components licensed under these license, get in contact with your software licensing experts!
    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/index.html b/docs/userguide/index.html index 05111c4..9c192f4 100644 --- a/docs/userguide/index.html +++ b/docs/userguide/index.html @@ -1,989 +1,90 @@ - - - - - - - - - - - - - - - - - - - - - -User Guides | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    User Guides

    -
    This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools.
    -
    - - - - - - - - - - - - - -
    -

    SW360 INTRODUCTION

    -

    SW360 is a comprehensive software catalogue application that helps organizations manage their software components and licenses effectively. This application provides detailed information about the software components used in various projects, including their licenses, clearing information, and other relevant data. With SW360, organizations can easily track and manage the software components used in their projects, ensuring compliance with licensing requirements and minimizing legal risks.

    -

    SW360 can also be used with the license scanner, “FOSSology” which provides license clearing, which is then integrated into the workflows. SW360 integrates software artifacts and projects into the related existing infrastructures. SW360 also provides backend services for distinct tasks and a set of portlets to access these services.

    -

    Use case areas:

    -
      -
    • Handling project information where open-source software components and other third-party software are used.
      • -
    • SBOM (Software Bill Of Materials ) Management.
      • -
    • Handling component information and its associated processess. E.g.: name, vendor, version, ECCN information, license compliance information.
      • -
    • Handling license information. E.g., obligations, license texts, etc.
      • -
    • Collecting security vulnerability management information and matching them with components stored in component services
      • -
    • Compiling and creating all license related documentation. E.g., Readme, source code bundle, that are supported by workflows.
      • -
    -

    SW360 Functionality

    -

    With SW360 you can:

    -
      -
    • Manage your components and projects
      • -
    • Send source packages to the license scanner, FOSSology
      • -
    • Reuse cleared components and release for projects
      • -
    • Import cleared components with reports and other documents
      • -
    • Browse licenses and their obligations
      • -
    -

    Data Model

    -

    Project

    -

    Projects can be products, platforms, any kind of “SW bill of material (BOM)”, etc, that manages a list of 3rd party components. Projects are created for a product, service, inner source, customer project or an internal project. Project types are software only, system, platform or Cloud service.

    -

    Components

    -

    A component is a SW component with metadata. The versions of this component are linked as releases. It is a catalogue to register a component type (OSS/ COTS/ Freeware/ code snippet / Service) from a specific vendor or open-source community. For e.g., Commons by Apache, Windows server 2019 by Microsoft etc.

    -

    Release

    -

    A release refers to a particular version of a software component that has been made available for use. It points to a stable and functional iteration of the component. Releases can include bug fixes, new features, and updates to improve the component’s overall performance and user experience.

    -

    Vendor

    -

    SW360 can be used to manage components and licenses from various vendors, including open source and proprietary software vendors. Vendor can be different from a component or releases. Vendors can be added to SW360’s database and their components and licenses can be tracked and managed through the tool’s interface. This allows organizations to gain better visibility into their software assets and ensure compliance with license obligations. A link to the vendor is set at the release level, as the vendor can change with new releases.

    -

    Licenses

    -

    The project ensures that all license information pertaining to its releases are thoroughly documented and made available to the customers. This information is typically provided in the form of a ReadmeOSS file, which includes details regarding the relevant licenses, as well as any other pertinent information such as acknowledgements, copyright notices, and applicable third-party software licenses. The project strives to maintain transparency and comply with all legal requirements in relation to licensing and intellectual property, and takes necessary steps to ensure that its customers are fully informed about the licensing terms and conditions of the software they are using.

    -

    Obligations

    -

    Obligations refer to the license obligations resulting from license interpretations. These obligations must be fulfilled by the organization to use the third-party software in a compliant manner. They are categorized based on grants, redistribution rights, specific contractual agreements, internal uses, risk related to patents, permission for modification of code etc.

    -

    Each license obligation will be provided with Clearing Report by the Clearing Experts. The clearing report must verify that the third party software is used in compliance with license and have fulfilled all the obligations.

    -

    OSS license obligations are typically provided centrally. -COTS license obligations must be analyzed individually for every commercial contract.

    -

    Vulnerabilities

    -

    The Security Vulnerability Monitoring (SVM) system is responsible for monitoring a specified list of security vulnerabilities and list all the vulnerabilities in this tab. These vulnerabilities are tracked and can be transferred to other systems or security experts as needed. The SVM has the capability to transfer the vulnerability lists via API to SW360 or the designated security expert responsible for managing them. By utilizing this system, the project can effectively monitor and manage potential security threats, ensuring the integrity and security of the software.

    -

    Product Clearing

    -

    Product Clearing is the approval of use of all third-party software components in a product and assessing any risks before the product is approved for a specific license or sales model and supplied to third parties. This can be done by creating a ‘Project Clearing Report’ from SW360.

    -

    Administration

    -

    Administration is responsible for storing and maintaining various project-related information, including the current Project Clearing State (Open, Closed, In-progress), Clearing Summary, and any risks associated with the usage of third-party software, as assessed during the project clearing process. This information is crucial to ensuring that the project is effectively managed and remains in compliance with all relevant policies and regulations. The administrative team takes necessary measures to ensure the security and integrity of the stored data, and regularly updates the information as needed to reflect changes in the project’s status or risk profile.

    -

    Attachments and Attachment Usages

    -

    The project management system includes support for attachments, which are used to store and manage various types of information relevant to the project. Attachments can be stored at both the project and release levels, with release-level attachments typically consisting of source code, contracts, component license information, and Readme files, among other things.

    -

    The project management team ensures that all necessary attachments are properly labeled and organized, allowing for easy access and retrieval when needed. By utilizing this system, the project team can effectively manage and track important project-related information, helping to ensure the success and compliance of the project.

    -

    Clearing Requests

    -

    These are the requests that are raised to the clearing experts to get the OSS license clearing for a project. These requests can only be raised at a project level and must be done once all the linked releases and projects are assigned to the parent project. This should be done in advance to give the clearing experts adequate time to get the license clearing report. The clearing results are further assessed by responsible experts and the project management.

    -

    Export Controls and Customs (ECC)

    -

    Export Controls and Customs (ECC) numbers are automatically assigned to components, with the exception of Commercial Off-The-Shelf (COTS) components. In the case of COTS components, an ECC expert is responsible for setting the appropriate ECC numbers. By accurately identifying and assigning ECC numbers to components, organizations can prevent potential legal and financial penalties, as well as safeguard national security interests.

    -

    Source Code Bundles

    -

    These are multiple source code packages which are attachments to a specific release to perform license analysis. The source code bundle is generated for a project to fulfill the license obligations “make source code available” which is required by some of the OSS licenses.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    PageURLNote
    Public Project Homepagehttps://www.eclipse.org/sw360/Main project homepage
    Public project GitHub Pagehttps://github.com/eclipse/sw360/Main project
    Project Information in Eclipsehttps://projects.eclipse.org/projects/technology.sw360Information on Eclipse SW360
    Public project home page SW360 Antennahttps://github.com/eclipse/antennaAntenna Connects to SW360 to exchange information right from the build time
    Public project SW360 Vagrant in GitHubhttps://github.com/sw360/sw360vagrantVagrant Set up for SW360
    Public Project for SW360 chores at GitHubhttps://github.com/sw360/sw360choresDocker setup for SW360
    Public Project SW360 slides in GitHubhttps://github.com/sw360/sw360slidesMain slide deck of SW360 published as Git repository
    - -
    - - - - - - - - -
    - - -
    -
    - Login -
    -

    -
    - - -
    -
    - Home Page -
    -

    -
    - - -
    -
    - Project -
    -

    -
    - - -
    -
    - Components -
    -

    -
    - - -
    -
    - Licenses -
    -

    -
    - - -
    -
    - Requests -
    -

    -
    - - -
    -
    - Search -
    -

    -
    - - -
    -
    - Preferences -
    -

    SW360 Preferences

    -
    - - -
    -
    - SW360 User Frequently Asked Questions -
    -

    -
    - - -
    -
    - Dependency Network Feature -
    -

    Dependency-Network-Feature

    -
    - - -
    -
    - SPDX Document -
    -

    SPDX Document

    -
    - - -
    -
    - SW360 Best Practices -
    -

    -
    - - -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +User Guides | Eclipse SW360 +

    User Guides

    This guide provides an overview of SW360 and how to get started with using it. It covers the basic usage, and tips for configuring SW360 to work with your software development tools.

    SW360 INTRODUCTION

    SW360 is a comprehensive software catalogue application that helps organizations manage their software components and licenses effectively. This application provides detailed information about the software components used in various projects, including their licenses, clearing information, and other relevant data. With SW360, organizations can easily track and manage the software components used in their projects, ensuring compliance with licensing requirements and minimizing legal risks.

    SW360 can also be used with the license scanner, “FOSSology” which provides license clearing, which is then integrated into the workflows. SW360 integrates software artifacts and projects into the related existing infrastructures. SW360 also provides backend services for distinct tasks and a set of portlets to access these services.

    Use case areas:

    • Handling project information where open-source software components and other third-party software are used.
    • SBOM (Software Bill Of Materials ) Management.
    • Handling component information and its associated processess. E.g.: name, vendor, version, ECCN information, license compliance information.
    • Handling license information. E.g., obligations, license texts, etc.
    • Collecting security vulnerability management information and matching them with components stored in component services
    • Compiling and creating all license related documentation. E.g., Readme, source code bundle, that are supported by workflows.

    SW360 Functionality

    With SW360 you can:

    • Manage your components and projects
    • Send source packages to the license scanner, FOSSology
    • Reuse cleared components and release for projects
    • Import cleared components with reports and other documents
    • Browse licenses and their obligations

    Data Model

    Project

    Projects can be products, platforms, any kind of “SW bill of material (BOM)”, etc, that manages a list of 3rd party components. Projects are created for a product, service, inner source, customer project or an internal project. Project types are software only, system, platform or Cloud service.

    Components

    A component is a SW component with metadata. The versions of this component are linked as releases. It is a catalogue to register a component type (OSS/ COTS/ Freeware/ code snippet / Service) from a specific vendor or open-source community. For e.g., Commons by Apache, Windows server 2019 by Microsoft etc.

    Release

    A release refers to a particular version of a software component that has been made available for use. It points to a stable and functional iteration of the component. Releases can include bug fixes, new features, and updates to improve the component’s overall performance and user experience.

    Vendor

    SW360 can be used to manage components and licenses from various vendors, including open source and proprietary software vendors. Vendor can be different from a component or releases. Vendors can be added to SW360’s database and their components and licenses can be tracked and managed through the tool’s interface. This allows organizations to gain better visibility into their software assets and ensure compliance with license obligations. A link to the vendor is set at the release level, as the vendor can change with new releases.

    Licenses

    The project ensures that all license information pertaining to its releases are thoroughly documented and made available to the customers. This information is typically provided in the form of a ReadmeOSS file, which includes details regarding the relevant licenses, as well as any other pertinent information such as acknowledgements, copyright notices, and applicable third-party software licenses. The project strives to maintain transparency and comply with all legal requirements in relation to licensing and intellectual property, and takes necessary steps to ensure that its customers are fully informed about the licensing terms and conditions of the software they are using.

    Obligations

    Obligations refer to the license obligations resulting from license interpretations. These obligations must be fulfilled by the organization to use the third-party software in a compliant manner. They are categorized based on grants, redistribution rights, specific contractual agreements, internal uses, risk related to patents, permission for modification of code etc.

    Each license obligation will be provided with Clearing Report by the Clearing Experts. The clearing report must verify that the third party software is used in compliance with license and have fulfilled all the obligations.

    OSS license obligations are typically provided centrally. +COTS license obligations must be analyzed individually for every commercial contract.

    Vulnerabilities

    The Security Vulnerability Monitoring (SVM) system is responsible for monitoring a specified list of security vulnerabilities and list all the vulnerabilities in this tab. These vulnerabilities are tracked and can be transferred to other systems or security experts as needed. The SVM has the capability to transfer the vulnerability lists via API to SW360 or the designated security expert responsible for managing them. By utilizing this system, the project can effectively monitor and manage potential security threats, ensuring the integrity and security of the software.

    Product Clearing

    Product Clearing is the approval of use of all third-party software components in a product and assessing any risks before the product is approved for a specific license or sales model and supplied to third parties. This can be done by creating a ‘Project Clearing Report’ from SW360.

    Administration

    Administration is responsible for storing and maintaining various project-related information, including the current Project Clearing State (Open, Closed, In-progress), Clearing Summary, and any risks associated with the usage of third-party software, as assessed during the project clearing process. This information is crucial to ensuring that the project is effectively managed and remains in compliance with all relevant policies and regulations. The administrative team takes necessary measures to ensure the security and integrity of the stored data, and regularly updates the information as needed to reflect changes in the project’s status or risk profile.

    Attachments and Attachment Usages

    The project management system includes support for attachments, which are used to store and manage various types of information relevant to the project. Attachments can be stored at both the project and release levels, with release-level attachments typically consisting of source code, contracts, component license information, and Readme files, among other things.

    The project management team ensures that all necessary attachments are properly labeled and organized, allowing for easy access and retrieval when needed. By utilizing this system, the project team can effectively manage and track important project-related information, helping to ensure the success and compliance of the project.

    Clearing Requests

    These are the requests that are raised to the clearing experts to get the OSS license clearing for a project. These requests can only be raised at a project level and must be done once all the linked releases and projects are assigned to the parent project. This should be done in advance to give the clearing experts adequate time to get the license clearing report. The clearing results are further assessed by responsible experts and the project management.

    Export Controls and Customs (ECC)

    Export Controls and Customs (ECC) numbers are automatically assigned to components, with the exception of Commercial Off-The-Shelf (COTS) components. In the case of COTS components, an ECC expert is responsible for setting the appropriate ECC numbers. By accurately identifying and assigning ECC numbers to components, organizations can prevent potential legal and financial penalties, as well as safeguard national security interests.

    Source Code Bundles

    These are multiple source code packages which are attachments to a specific release to perform license analysis. The source code bundle is generated for a project to fulfill the license obligations “make source code available” which is required by some of the OSS licenses.

    PageURLNote
    Public Project Homepagehttps://www.eclipse.org/sw360/Main project homepage
    Public project GitHub Pagehttps://github.com/eclipse/sw360/Main project
    Project Information in Eclipsehttps://projects.eclipse.org/projects/technology.sw360Information on Eclipse SW360
    Public project home page SW360 Antennahttps://github.com/eclipse/antennaAntenna Connects to SW360 to exchange information right from the build time
    Public project SW360 Vagrant in GitHubhttps://github.com/sw360/sw360vagrantVagrant Set up for SW360
    Public Project for SW360 chores at GitHubhttps://github.com/sw360/sw360choresDocker setup for SW360
    Public Project SW360 slides in GitHubhttps://github.com/sw360/sw360slidesMain slide deck of SW360 published as Git repository
    Login

    Home Page

    Project

    Components

    Licenses

    Requests

    Search

    Preferences

    SW360 Preferences

    SW360 User Frequently Asked Questions

    Dependency Network Feature

    Dependency-Network-Feature

    SPDX Document

    SPDX Document

    SW360 Best Practices

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/index.xml b/docs/userguide/index.xml index 2835ccf..63a3003 100644 --- a/docs/userguide/index.xml +++ b/docs/userguide/index.xml @@ -1,2621 +1,2330 @@ - - - Eclipse SW360 – User Guides - https://www.eclipse.org/sw360/docs/userguide/ - Recent content in User Guides on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - Docs: Login - https://www.eclipse.org/sw360/docs/userguide/login/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/login/ - - - - <p>You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.</p> -<p>You will see a &ldquo;Welcome to SW360!&rdquo; homepage which is a public area with <strong>Sign In</strong> and <strong>Create Account</strong> buttons. -The Sign In button will redirect to the private area in order to work with the portal.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/duo.png"/> -</figure> - -<p>Your private area contains an overview of your <strong>Projects</strong> and <strong>Components</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/homepage.png"/> -</figure> - -<p>The idea of &ldquo;Your&rdquo; refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.</p> - - - - - - Docs: Home Page - https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ - - - - <h1 id="home-page">Home Page</h1> -<p>The private area of the home page contains an overview of projects and components which are specific to you and other general information.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Home_Page.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No</th> -<th style="text-align:left">Name</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left">Main Menu</td> -<td style="text-align:left">Main menu consists primarily of the various tasks you can perform.</td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left">My Projects</td> -<td style="text-align:left">Displays the list of projects for a specific role or clearing state.</td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left">My Task Assignments</td> -<td style="text-align:left">Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.</td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left">My Components</td> -<td style="text-align:left">Displays the list of components that are created by you.</td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left">My Task Submissions</td> -<td style="text-align:left">These are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.</td> -</tr> -<tr> -<td style="text-align:center">6</td> -<td style="text-align:left">Search Bar</td> -<td style="text-align:left">You can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.</td> -</tr> -<tr> -<td style="text-align:center">7</td> -<td style="text-align:left">My Profile</td> -<td style="text-align:left">You can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:</br> - <strong>My sites</strong>, will redirect you to a page where you can view all the sites you have opened in the past. </br> - <strong>My profile</strong>, will redirect you to a page where you can view your vcard. </br> - <strong>My dashboard</strong>, will redirect you to a page where you can view summary of your profile. </br> - <strong>Notifications</strong>, will redirect you to a page where you can view all the latest updates. </br> - <strong>Shared content</strong>, will redirect you to a page where you can view all the shared content which are shared with you or shared by you. </br> - <strong>My submissions</strong>, will redirect you to a page where you can view all of your submissions. </br> - <strong>My workflow tasks</strong>, will redirect you to a page where you can view the tasks which are assined to you or your roles. </br> - <strong>Account settings</strong>, will redirect you to a page where you can modify <strong>general information</strong>, <strong>passwords</strong>, <strong>addresses and contact</strong> information and <strong>alert preferences</strong> as needed. </br> - <strong>My connected applications</strong>, will redirect you to a page where you can view connected applications. </br> - <strong>My organization</strong>, will redirect you to a page where you can view your organization information. </br> - You can sign out of SW360 using <strong>sign out</strong> option.</td> -</tr> -<tr> -<td style="text-align:center">8</td> -<td style="text-align:left">My Subscriptions</td> -<td style="text-align:left">Displays a list of various components and releases you have subscribed to. </br> <code> NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.</code></td> -</tr> -<tr> -<td style="text-align:center">9</td> -<td style="text-align:left">Recent Components</td> -<td style="text-align:left">Displays a list of recent components which are added to SW360.</td> -</tr> -<tr> -<td style="text-align:center">10</td> -<td style="text-align:left">Recent Releases</td> -<td style="text-align:left">Displays a list of recent releases which are added to SW360.</td> -</tr> -</tbody> -</table> - - - - - - Docs: Project - https://www.eclipse.org/sw360/docs/userguide/project/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/project/ - - - - <h1 id="10-project-page">1.0 Project Page</h1> -<h2 id="101-introduction">1.01 Introduction</h2> -<p>Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Projectpage.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#103-project-search">Advanced Search</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#104-add-project">Add Project</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#105-import-sbom">Import SPDX BOM</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#113-export-spreadsheet">Export Spreadsheet</a></td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left"><a href="#102-project-list">Project List</a></td> -</tr> -</tbody> -</table> -<h2 id="102-project-list">1.02 Project List</h2> -<p>The Project List lists all the relevant projects with the following information:</p> -<ul> -<li> -<p><strong>Project name</strong>: All the projects are listed with their names.</p> -</li> -<li> -<p><strong>Description</strong>: The description for the project is displayed here.</p> -</li> -<li> -<p><strong>Project responsible</strong>: The email address of the person responsible for the project is displayed.</p> -</li> -<li> -<p><strong>State</strong>: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.</p> -<table> -<thead> -<tr> -<th style="text-align:right">Color</th> -<th style="text-align:left">Project State (PS)</th> -<th style="text-align:left">Project Clearing State (CS)</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:right"><span style="color:#68C17C"> <strong>Green</strong> </span></td> -<td style="text-align:left">Active</td> -<td style="text-align:left">Closed</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#FFD351"> <strong>Yellow</strong> </span></td> -<td style="text-align:left">Not Applicable</td> -<td style="text-align:left">In-progress</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#E6717C"> <strong>Red</strong> </span></td> -<td style="text-align:left">Open</td> -<td style="text-align:left">Open</td> -</tr> -<tr> -<td style="text-align:right"><span style="color:#DEE2E6"> <strong>Grey</strong> </span></td> -<td style="text-align:left">Phase out/ Unknown</td> -<td style="text-align:left">Not Applicable</td> -</tr> -</tbody> -</table> -</li> -<li> -<p><strong>License Clearing</strong> displays the clearing states for releases for the project including sub projects.</p> -</li> -<li> -<p><strong>Actions</strong>: you can perform the following actions for a project:</p> -<table> -<thead> -<tr> -<th style="text-align:center">Action</th> -<th style="text-align:left">Description </span></th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> -</figure> -</td> -<td style="text-align:left">To edit a Project</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> -</td> -<td style="text-align:left">To create clearing request the OSS clearing team</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> -</figure> -</td> -<td style="text-align:left">To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -</td> -<td style="text-align:left">To delete the project from SW360.</td> -</tr> -</tbody> -</table> -</li> -</ul> -<p><strong>NOTE: CLICK ON -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SortIcon.png"/> -</figure> - TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="103-project-search">1.03 Project Search</h2> -<p><strong>Advanced search</strong> dialogue box allows you to search for a particular project. To search for a project follow the procedure:</p> -<ol> -<li>Enter the <strong>Project name</strong> and <strong>Version</strong> of the project that you want to search.</li> -<li>Select the <strong>Project Type</strong> from the drop-down list. For more information regarding the project type, refer to paragraph 4. of <a href="#a-general-information">General Information</a>.</li> -<li>Search the project by <strong>Project Responsible</strong> email.</li> -<li>Search projects by their <strong>Group</strong>, select the group from the drop-down list.</br><code>NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.</code></li> -<li>Search projects by their project <strong>State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> -<li>You can search the projects by their <strong>Clearing State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> -<li>You can search projects by their <strong>Tags</strong>. If there are multiple tags that you want to search, use a comma to separate.</li> -<li>You can search projects by <strong>Additional Data</strong>.</li> -</ol> -<h2 id="104-add-project">1.04 Add Project</h2> -<p>To add a new project, click on the <strong>Add Project</strong> on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:</p> -<ul> -<li><strong>Summary</strong></li> -<li><strong>Administration</strong></li> -<li><strong>Linked Releases and Projects</strong></li> -</ul> -<h3 id="1-summary"><strong>1.</strong> <strong>Summary</strong></h3> -<h4 id="a-general-information"><strong>A.</strong> <strong>General Information</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY</code></p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20%281%29.png"/> -</figure> - -<ol> -<li> -<p>Enter the <strong>Name</strong> of the project you want to create.</p> -</li> -<li> -<p>The field <strong>Created by</strong> is set automatically to the creator/owner of the project.</p> -</li> -<li> -<p><strong>Version</strong> of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.</p> -</li> -<li> -<p>Select the <strong>Project Type</strong> from the drop-down list.</p> -<ul> -<li>Customer: Delivered to the customer</li> -<li>Internal: Internally used but can also be used in other projects as a sub-project</li> -<li>Product: Developed as a product and delivered to the customer</li> -<li>Services: Developed as a service and delivered to the customer</li> -<li>Inner Source: OSS within a particular organization</li> -</ul> -</li> -<li> -<p><strong>Project Visibility</strong> describes if the project is visible to all or only selected personnel. The default is set to &ldquo;everyone&rdquo;, you can select the project visibility from the drop-down list.</p> -<ul> -<li>Private: Only visible to creator or admin</li> -<li>Me and Moderators: Visible to creator, moderators and admins</li> -<li>Group and Moderators: Visible to all users of the same group and the moderators</li> -<li>Everyone: All logged in users</li> -</ul> -</li> -<li> -<p><strong>Tags</strong> are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.</p> -</li> -<li> -<p>Check or uncheck the following fields as required:</p> -<ul> -<li><strong>Enable Security Vulnerability Monitoring</strong> (activated only if security responsible are added), refer to <a href="#c-roles">C. Roles</a>.</li> -<li><strong>Do not create monitoring list</strong>, but use from the external id, refer to <a href="#e-external-ids">E. External IDs</a>.</li> -<li><strong>Enable Displaying Vulnerabilities</strong> if you want the vulnerabilities to be visible.</li> -</ul> -</li> -<li> -<p><strong>Modified on</strong> date will be set automatically on creating the project.</p> -</li> -<li> -<p><strong>Description</strong>: You can enter details of your project.</p> -</li> -<li> -<p><strong>Modified by</strong> will be set automatically.</p> -</li> -<li> -<p>Select the <strong>Domain</strong> for your project from the drop-down list.</p> -<ul> -<li>Application software</li> -<li>Documentation</li> -<li>Embedded Software</li> -<li>Hardware</li> -<li>Test and diagnostics</li> -</ul> -</li> -<li> -<p>Click on the field to select the <strong>Vendor</strong> for your project.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the vendors.</li> -<li>Select the vendors</li> -<li>Click on <strong>Add Vendor</strong>.</li> -</ul> -</li> -</ol> -<h4 id="b-external-urls"><strong>B. External URLs</strong></h4> -<p>Click on <strong>Click to add row to external URLs</strong> to add URLs of your project.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png"/> - </figure> -</p> -<ol> -<li> -<p>Select <strong>External URL Key</strong> from the drop-down list.</p> -<ul> -<li>Homepage: Link for homepage</li> -<li>Wiki page: Link for wiki page</li> -<li>Clearing:</li> -</ul> -</li> -<li> -<p>Enter <strong>External URL Value</strong>. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png"/> - </figure> -</p> -</li> -<li> -<p>To delete an external URL, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="c-roles"><strong>C. Roles</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png"/> -</figure> - -<ol> -<li> -<p><strong>Group</strong> is the department you/project owner belongs to. Click on the group field to select a <strong>Group</strong> for your project.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the group.</li> -<li>Select the group.</li> -<li>Click on <strong>Select</strong></li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject4.png"/> - </figure> - -</li> -<li> -<p>Enter the <strong>Owners Accounting Unit</strong>.</p> -</li> -<li> -<p>Project manager is the user who manages the project. Click on the field to select <strong>Project Manager</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Project Manager.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject_5.png"/> - </figure> - -</li> -<li> -<p>Enter the <strong>Owners Billing Group</strong>.</p> -</li> -<li> -<p><strong>Project Owner</strong> holds the project. Click on the field to select <strong>Project Owner</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Project Owner.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Select the <strong>Owner Country</strong> from the drop-down list.</p> -</li> -<li> -<p><strong>Security responsible</strong> is the list of users responsible for the security of the project. Click on the field to select <strong>Security responsible</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Security responsible.</li> -<li>Select the Users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Click on the field to select <strong>Lead Architect</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Lead Architect.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the project. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Moderators.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -<li> -<p>Click on the field to select <strong>Contributors</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Contributors.</li> -<li>Select the Users.</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<h4 id="d-additional-roles"><strong>D. Additional Roles</strong></h4> -<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles1.png"/> -</figure> - -<ol> -<li> -<p>Select the type of <strong>Role</strong> from the drop-down list.</p> -<ul> -<li>Stakeholder</li> -<li>Analyst</li> -<li>Contributor</li> -<li>Accountant</li> -<li>End user</li> -<li>Quality manager</li> -<li>Test Manager</li> -<li>Technical writer</li> -<li>Key user</li> -</ul> -</li> -<li> -<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same procedure.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles2.png"/> - </figure> - -</li> -<li> -<p>To delete an additional role, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="e-external-ids"><strong>E. External Ids</strong></h4> -<p>Click on <strong>Click to add row to External Ids</strong> to add external Ids to your project.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png"/> -</figure> - -<ol> -<li>Click on field to enter <strong>External Id Key</strong> and select from the drop-down list.</li> -<li>Enter <strong>External Id Value</strong>. To add multiple external Ids, repeat the same procedure.</li> -</ol> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png"/> -</figure> - -<ol> -<li>To delete an External Id, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</li> -</ol> -<h4 id="f-additional-data"><strong>F. Additional Data</strong></h4> -<p>You can add data keys and corresponding data values for your project.</p> -<p>To add more additional data keys, click on <strong>Click to add rows to additional data</strong>.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png"/> -</figure> - -<ol> -<li> -<p>Enter <strong>additional data key</strong>.</p> -</li> -<li> -<p>Enter <strong>additional data value</strong>. To add multiple additional data, repeat the same procedure.</p> -<p> - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png"/> - </figure> -.</p> -</li> -<li> -<p>To delete an additional data, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h3 id="2-administrationbr"><strong>2.</strong> <strong>Administration</strong></br></h3> -<p>Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on &ldquo;Administration&rdquo;, use navigation section. </br></p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png"/> -</figure> - -<h4 id="a-clearing-information"><strong>A.</strong> <strong>Clearing information</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png"/> -</figure> - -<p>To add clearing information for your project:</p> -<ol> -<li> -<p>Select the values for <strong>Project Clearing State</strong> from the drop-down list.</p> -<ul> -<li>Open Project</li> -<li>In progress</li> -<li>Closed</li> -</ul> -</li> -<li> -<p>Clearing team is responsible for project clearing. To assign a clearing team, select the values for <strong>Clearing team</strong> from the drop-down list.</p> -</li> -<li> -<p>Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set <strong>Deadline for pre-evaluation</strong> date.</p> -</li> -<li> -<p>Following information should be entered manually:</p> -<ul> -<li><strong>Clearing summary</strong>: Overview of the clearing for the project management.</li> -<li><strong>Special risk open source software</strong>: Risks which occur out from usage of specific OSS components.</li> -<li><strong>General risk 3rd party software</strong>: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.</li> -<li><strong>Special risk 3rd party software</strong>: Specific risks which occur by using specific projects, including commercial projects.</li> -<li><strong>Sales and delivery channels</strong>: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.</li> -<li><strong>Remarks and additional requirements</strong>: Any additional relevant requirement.</li> -</ul> -<p><code>NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.</code></p> -</li> -</ol> -<h4 id="b-lifecycle-information"><strong>B.</strong> <strong>Lifecycle information</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png"/> -</figure> - -<p>To add lifecycle information for your project:</p> -<ol> -<li> -<p>Select the values for <strong>Project state</strong> from the drop-down list.</p> -<ul> -<li>Active</li> -<li>Phase-out</li> -<li>Unknown</li> -</ul> -</li> -<li> -<p>Set <strong>System test begin</strong> and <strong>System test end</strong> dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.</p> -</li> -<li> -<p>Set <strong>Delivery start</strong> and <strong>Phase out</strong> dates. After the phase out date, maintenance is not required for the project.</p> -<p><code>NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.</code></p> -</li> -</ol> -<h4 id="c-license-info-header"><strong>C.</strong> <strong>License Info Header</strong></h4> -<p>The license info header can be set as a default header. However, you can edit this field as required.</p> -<h3 id="3-linked-releases-and-projects"><strong>3.</strong> <strong>Linked Releases and Projects</strong></h3> -<p>You can link other projects and releases to the project that you are adding. Click on <strong>Linked Releases and Projects</strong>, use navigation section.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png"/> -</figure> - -<h4 id="a-linking-projects"><strong>A.</strong> <strong>Linking Projects</strong></h4> -<p>To add existing projects as a sub-project:</p> -<ol> -<li> -<p>Click on <strong>Add Projects</strong>, this action opens a dialogue box.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> - </figure> - -</li> -<li> -<p>Search and select the projects which you would like to link.</p> -</li> -<li> -<p>Click on <strong>Link Projects</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> - </figure> - -</li> -<li> -<p>After the project is linked, you can select the <strong>Project Relation</strong> for your sub-project from the drop-down list.</p> -<ul> -<li>Sub-project</li> -<li>Duplicate</li> -<li>Unknown</li> -<li>Related</li> -</ul> -</li> -<li> -<p>Check or uncheck <strong>Enable SVM</strong> as required.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png"/> - </figure> - -</li> -<li> -<p>To link multiple projects, repeat the same procedure.</p> -</li> -<li> -<p>To delete a linked project, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<h4 id="b-linking-releases"><strong>B.</strong> <strong>Linking releases</strong></h4> -<p>To add releases to your project:</p> -<ol> -<li> -<p>Click on <strong>Add Releases</strong>, this action opens a dialogue box.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_1.png"/> - </figure> - -</li> -<li> -<p><strong>Search</strong> for the releases which you want to link or click on <strong>Releases of linked projects</strong> to view all the releases which are linked to the project.</p> -</li> -<li> -<p>Select all the releases which you want to link and click on <strong>Link releases</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_2.png"/> - </figure> - -</li> -<li> -<p>After the release is linked, you can select the value for the <strong>Release relation</strong> from the drop-down list.</p> -<ul> -<li>Unknown</li> -<li>Contained</li> -<li>Related</li> -<li>Dynamically linked</li> -<li>Statically linked</li> -<li>Side by side</li> -<li>Standalone</li> -<li>Internal Use</li> -<li>Optional</li> -<li>To be replaced</li> -<li>Code snippet</li> -</ul> -</li> -<li> -<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> -<ul> -<li>Open</li> -<li>Mainline</li> -<li>Specific</li> -<li>Phaseout</li> -<li>Denied</li> -</ul> -</li> -<li> -<p>Add <strong>Comments</strong>, if required.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_3.png"/> - </figure> - -</li> -<li> -<p>To link multiple releases/components, repeat the same procedure.</p> -</li> -<li> -<p>To delete a linked release, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</p> -</li> -</ol> -<p>After all the information for the new project is filled out. Click on &ldquo;<strong>Create Project</strong>&rdquo; at the top.</p> -<p>If you do not want to create a project on any point of time, click on &ldquo;<strong>Cancel</strong>&rdquo; at the top.</p> -<h2 id="105-import-sbom">1.05 Import SBOM</h2> -<p>SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:</p> -<ol> -<li> -<p>Click on <strong>Import SBOM</strong> on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).</p> -</li> -<li> -<p>Drag and drop the file from your local system to the dialogue box or click on <strong>Browse File</strong> and select the file you want to import.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png"/> - </figure> - -<p><code>NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.</code></br></p> -</li> -<li> -<p>After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.</p> -</li> -</ol> -<h2 id="106-edit-project">1.06 Edit Project</h2> -<p>You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:</p> -<ol> -<li> -<p>Search for the projects you want to edit or navigate from the project list.</p> -</li> -<li> -<p>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> -</figure> - from the actions column. You can also edit a project by clicking on the project and click on <strong>Edit Project</strong>.</p> -</li> -<li> -<p>Change the data for the project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</p> -</li> -<li> -<p>In this view, you can also add attachments for the project in this view, click on <strong>Attachments</strong>, use navigation section.</br> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png"/> - </figure> -</br></p> -<ul> -<li>Click on <strong>Add Attachment</strong>, this action opens a dialogue box.</br></li> -<li>Browse and select the files which you want to upload or drag and drop them into the area.</br></li> -<li>Click on <strong>Upload</strong>.</br></li> -<li>Select the type of file from the drop-down list. </br></li> -<li>Select the status from the drop-down list.</br></li> -<li>If required, add <strong>comments</strong></br></li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Attachment_2.png"/> - </figure> - -<ul> -<li>To delete an attachment, click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> -.</br></li> -</ul> -</li> -<li> -<p>After you modify the required fields, click on &ldquo;<strong>Update Project</strong>&rdquo;.</p> -</li> -<li> -<p>To delete the project, click on &ldquo;<strong>Delete Project</strong>&rdquo;.</p> -</li> -<li> -<p>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</p> -</li> -</ol> -<h2 id="107-duplicate-a-project">1.07 Duplicate a Project</h2> -<p>Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:</p> -<ol> -<li>Search for the projects you want to duplicate or navigate from the project list.</li> -<li>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> -</figure> - from the actions column to duplicate the project.</li> -<li>Modify the data for the duplicate project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</li> -<li>Click on &ldquo;<strong>Create Project</strong>&rdquo; after all changes are made.</li> -<li>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</li> -</ol> -<h2 id="108-deleting-a-project">1.08 Deleting a Project</h2> -<p>You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:</p> -<p><code>WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.</code></p> -<ol> -<li> -<p>Search for the projects you want to delete or navigate from the project list.</p> -</li> -<li> -<p>Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> -</figure> - from the actions column to delete the project.</p> -</li> -<li> -<p>The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.</p> -</li> -<li> -<p>Click on <strong>Delete Project</strong>.</p> -</li> -<li> -<p>To cancel any changes that you made click on <strong>Cancel</strong>.</br></p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png"/> - </figure> - -</li> -</ol> -<h2 id="109-linking-a-project">1.09 Linking A Project</h2> -<p>There are multiple ways that you can link a project to another.</p> -<h3 id="a-linking-to-a-parent-project"><strong>A. Linking to a parent project</strong></h3> -<ol> -<li> -<p>Search for the projects you want to link or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project. Click on &ldquo;<strong>Link Projects</strong>&rdquo; on the top. This will open a dialogue box to search for the projects.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> - </figure> - -</li> -<li> -<p>Search for the projects which you want to link.</p> -</li> -<li> -<p>Select the projects and click on <strong>Link Projects</strong>.</p> -</li> -<li> -<p>Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the <strong>click here to edit the project relation</strong> on the green prompt.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linking_project.png"/> - </figure> - -</li> -<li> -<p>Again, the project opens up in edit mode.</p> -</li> -<li> -<p>Modify the project details as required for the linked project. Refer to <a href="#a-linking-projects">Link Projects</a>.</p> -</li> -<li> -<p>Click on <strong>&ldquo;Update Project&rdquo;</strong> to save your changes.</p> -</li> -</ol> -<h3 id="b-linking-a-child-project"><strong>B. Linking a child project</strong></h3> -<p>To add child projects to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> -<h2 id="110-linking-components-or-releases">1.10 Linking Components or Releases</h2> -<p>You can directly link a component or release to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> -<h3 id="a-link-component"><strong>A. Link Component</strong></h3> -<p>You can also link a component to a project while editing a project.</p> -<ol> -<li> -<p>Search for the projects you want to delete or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project, click on <strong>license clearing</strong>, use navigation section.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png"/> - </figure> - -</li> -<li> -<p>Select the component/release from the list displayed. After which, which redirects you to its component page.</p> -</li> -<li> -<p>Click on &ldquo;<strong>Link to Projects</strong>&rdquo; to link this release/component to a project. This will open a dialogue box to search for the projects.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> - </figure> - -</li> -<li> -<p>If you want to view the projects which are already linked to the components/release, check the box for <strong>show already linked projects</strong>.</p> -</li> -<li> -<p>Select the project which you want to link the component / release to and then click on <strong>link to project</strong>.</p> -</li> -</ol> -<h2 id="111-security-vulnerability-tracking-for-projects">1.11 Security Vulnerability tracking for Projects</h2> -<p>You can view all the security vulnerabilities for your project. To view vulnerability tracking status:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>This will display the view mode of the selected project, click on <strong>Vulnerability Tracking Status</strong>.</p> -</li> -<li> -<p>Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the &ldquo;security responsible&rdquo; is assigned. Refer to paragraphs <a href="#c-roles">C. Roles</a>.</p> -</li> -<li> -<p>You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png"/> - </figure> - -</li> -<li> -<p>To view all the listed vulnerabilities for sub-projects of the parent project click on <strong>Vulnerabilities</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png"/> - </figure> - -</li> -<li> -<p>If you want to view the complete data for a vulnerability, refer to <a href="../New%20Userguide/5.%20Vulnerabilities.pdf">5. Vulnerability</a>.</p> -</li> -</ol> -<h2 id="112-clearing-requests">1.12 Clearing Requests</h2> -<p>Each project needs license clearing and it is a project level activity.</p> -<h3 id="a-create-clearing-requests"><strong>A. Create Clearing Requests</strong></h3> -<p>To create a clearing request:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> - or,</p> -</li> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>Click on <strong>Create Clearing Request</strong>, a dialogue box will appear.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png"/> - </figure> - -</li> -<li> -<p>Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on <strong>Select Users</strong>.</p> -</li> -<li> -<p>Select the <strong>Preferred Clearing Date</strong>.</p> -</li> -<li> -<p>If required, add <strong>Comments</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png"/> - </figure> - -</li> -<li> -<p>Click on &ldquo;<strong>Create Request</strong>&rdquo;.</p> -</li> -<li> -<p>To cancel any changes that you made click on <strong>Cancel</strong>.</p> -</li> -</ol> -<h3 id="b-view-clearing-requests"><strong>B. View Clearing Requests</strong></h3> -<p>You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> -</figure> - or,</p> -</li> -<li> -<p>Click on the required project.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>Click on <strong>View Clearing Request</strong>.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png"/> - </figure> - -</li> -<li> -<p>A new dialogue box with the clearing request information will be displayed.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png"/> - </figure> - -</li> -</ol> -<h3 id="c-edit-clearing-requests"><strong>C. Edit Clearing Requests</strong></h3> -<p>For more information on how to edit the existing clearing requests, refer to <a href="../New%20Userguide/6.%20Requests.pdf">6. Requests</a>.</p> -<h2 id="113-export-spreadsheet">1.13 Export Spreadsheet</h2> -<p>You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group &ldquo;SHS&rdquo;.</p> -<ol> -<li> -<p>Go to project home page.</p> -</li> -<li> -<p>If required, you can filter the projects using the advanced search options. Refer to <a href="#103-project-search">1.02 Project Search</a>.</p> -</li> -<li> -<p>After the search gives a result, click on <strong>Export Spreadsheet</strong> and select the option from the drop-down list.</p> -<ul> -<li>Projects only</li> -<li>Projects with linked releases</li> -</ul> -</li> -<li> -<p>A file will now be downloaded to your local system with the required information.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png"/> - </figure> - -</li> -</ol> -<p><code>NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.</code></p> -<h2 id="114-generate-license-info">1.14 Generate License Info</h2> -<p>You can generate a read me OSS file of all the license information for a project. To generate license information:</p> -<ol> -<li> -<p>Search for the projects or navigate from the project list. Click on the required project.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>The page displays the list of all the releases listed and their respective release clearing state in the <em><strong>state</strong></em> column. Each of the releases has license information in the form of CLI files. You can view this information in the <em><strong>main licenses</strong></em> or <em><strong>other licenses</strong></em> column. -Generating a license info will create a read me OSS document combining all the licenses.</p> -</li> -<li> -<p>Click on <strong>Generate license info</strong> and select the options from the drop-down list.</p> -<ul> -<li>Project only</li> -<li>Project with sub project</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png"/> - </figure> - -</li> -<li> -<p>After your selection, you are redirected to another page where you can further modify the output of the license information.</p> -</li> -<li> -<p>Select <strong>Show all</strong> to view all the license information or <strong>Only Approved</strong> to view approved licenses.</p> -</li> -<li> -<p>Select which CLI you want to publish the information from the list displayed below.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png"/> - </figure> - -</li> -<li> -<p>Click on <strong>Download</strong>. A new Dialogue box will appear asking for your preferences.</p> -</li> -<li> -<p>Check the required boxes and select an output format.</p> -</li> -<li> -<p>Click on <strong>Download</strong> to get a Readme.OSS file.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png"/> - </figure> - -</li> -</ol> -<h2 id="115-generate-source-code-bundle">1.15 Generate Source Code Bundle</h2> -<p>Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:</p> -<ol> -<li> -<p>To select the project, use the search option or navigate from the project list and click on it.</p> -</li> -<li> -<p>Select <strong>License Clearing</strong>, use navigation section.</p> -</li> -<li> -<p>The window shows a list of all the releases listed. Click on <strong>Generate Source Code Bundle</strong> and select the option from the drop-down list.</p> -<ul> -<li>Project only</li> -<li>Project with sub project</li> -</ul> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_1.png"/> - </figure> - -</li> -<li> -<p>After you select, you are redirected to another page which lists all the source code information.</p> -</li> -<li> -<p>Select the required source code and click <strong>Download</strong>.</p> -</li> -<li> -<p>A combined zip file comprising of all the select source code will be downloaded.</p> - - <figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_2.png"/> - </figure> - -</li> -</ol> - - - - - - Docs: Components - https://www.eclipse.org/sw360/docs/userguide/components/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/components/ - - - - <h1 id="20-components">2.0 Components</h1> -<h2 id="201-introduction">2.01 Introduction</h2> -<p>The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.</p> -<p>To open a component page, click <strong>Components</strong> tab from the main menu. -You can find a particular component with Advanced Search, you can also add and edit components in this page.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentPage.png"/> -</figure> - -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#203-component-search">Advanced Search</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#204-add-component">Add Component</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#207-import-spdx-bom">Import SPDX BOM</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#208-export-spreadsheet">Export Spreadsheet</a></td> -</tr> -<tr> -<td style="text-align:center">5</td> -<td style="text-align:left"><a href="#202-component-list">Component List</a></td> -</tr> -</tbody> -</table> -<h2 id="202-component-list">2.02 Component List</h2> -<p>On the component page, you can view all the components that are relevant to you. The components are listed with the following information:</p> -<ul> -<li><strong>Vendor</strong>: Vendor is organization which is selling the component or the community which is hosting the component.</li> -<li><strong>Component Name</strong>: All components are listed by their names.</li> -<li><strong>Main Licenses</strong>: The list of main licenses available for a component are displayed.</li> -<li><strong>Component Type</strong>: Lists all the components by their type. For more information on component types, refer to <a href="#a-general-information">A. General Info</a>.</li> -<li><strong>Actions</strong>: You can perform the following actions for a component: -<table> -<thead> -<tr> -<th style="text-align:center">Action</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png"/> -</figure> -</td> -<td style="text-align:left">To edit a component</td> -</tr> -<tr> -<td style="text-align:center"> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png"/> -</figure> -</td> -<td style="text-align:left">To delete the component from SW360.</td> -</tr> -</tbody> -</table> -</li> -</ul> -<p><strong>NOTE: CLICK ON -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png"/> -</figure> - TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="203-component-search">2.03 Component Search</h2> -<p><strong>Advanced Search</strong> dialogue box is used to search for a particular component.</p> -<ol> -<li>Search the component with <strong>Component Name</strong> and <strong>Categories</strong>.</li> -<li>Search the component with <strong>Component Type</strong>. Select the component type from the drop-down list. For more information on the component types, refer to <a href="#a-general-information">A. General Information</a>.</li> -<li>Search components with their coding <strong>Languages</strong>, <strong>Software Platforms</strong>, <strong>Operating Systems</strong>, <strong>Vendors</strong> and <strong>Main Licenses</strong>.</li> -<li>Search components with <strong>Created by (Email)</strong>.</li> -<li>You can use <strong>Created on</strong> field to search for the components created on specific dates or specific time frames.</li> -</ol> -<h2 id="204-add-component">2.04 Add Component</h2> -<p>To add a new component, click <strong>Add Component</strong> from the component page, this will redirect you to another page where you can add component summary information.</p> -<h3 id="1-summary"><strong>1. Summary</strong></h3> -<h4 id="a-general-information"><strong>A. General Information</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code> -<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png" alt=""></p> -<ol> -<li>Enter the <strong>Name</strong> of the component you want to create.</BR> -<code>NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.</code></BR></li> -<li>Select the <strong>Component Type</strong> from the drop-down list. -<ul> -<li>OSS: Open-Source Software</li> -<li>COTS: Commercial off-the-shelf</li> -<li>Internal: Internally used</li> -<li>Inner Source: OSS within a particular organization</li> -<li>Services: Developed as a service</li> -<li>Freeware: Software that is available free of cost</li> -<li>Code snippet: A small code which shows how to accomplish a specific task</li> -</ul> -</li> -<li>The field <strong>Created by</strong> is set automatically to the creator/owner of the component.</li> -<li>Click on <strong>Default Vendor</strong> field. -<ul> -<li>This opens a dialogue box, use the type field to search for the vendors.</li> -<li>Select the vendors</li> -<li>Click on <strong>Select Vendor</strong>.</li> -</ul> -</li> -<li>When you start typing in the <strong>Categories</strong> field, a list of categories that match are displayed to choose from.</li> -<li>Enter the <strong>Homepage URL</strong>, this is the web address for your component.</li> -<li>Enter a <strong>Short Description</strong> for your component.</li> -<li>Enter the <strong>Blog URL</strong>, this is the web address for the blog of your component.</li> -<li><strong>Modified on</strong> date will be set automatically.</li> -<li>Enter the <strong>Wiki URL</strong>, this is web address for the wiki page of your component.</li> -<li><strong>Modified by</strong> will be set automatically.</li> -<li>Enter the <strong>Mailing List URL</strong>, this is the web address of the mailing list of your component.</li> -</ol> -<h4 id="b-roles"><strong>B. Roles</strong></h4> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Roles.png" alt=""></p> -<ol> -<li> -<p><strong>Component owner</strong> holds the component. Click on the field to select <strong>Component Owner</strong>.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the Component Owner.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Addproject_5.png" alt=""></p> -</li> -<li> -<p>Select a country from the list to assign as <strong>Owner Country</strong>.</p> -</li> -<li> -<p>Enter the <strong>Owner Accounting Unit</strong>.</p> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the component. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the moderator.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<p><code> NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.</code></p> -<ol> -<li>Enter the <strong>Owner Billing Group</strong>.</li> -</ol> -<h4 id="c-additional-roles"><strong>C. Additional Roles</strong></h4> -<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/additionalroles1.png" alt=""></p> -<ol> -<li> -<p>Select the type of <strong>role</strong> from the drop-down list.</p> -<ul> -<li>Committer</li> -<li>Contributor</li> -<li>Expert</li> -</ul> -</li> -<li> -<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same -procedure.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png" alt=""></p> -</li> -<li> -<p>To delete an additional role, click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> -</li> -</ol> -<h4 id="d-external-ids"><strong>D. External Ids</strong></h4> -<p>For more information on how to add an <strong>External ID</strong> for your component, refer to <a href="1.ProjectPage.md/#e-external-ids">E. External Ids</a>.</p> -<h4 id="e-additional-data"><strong>E. Additional Data</strong></h4> -<p>For more information on how to add an <strong>Additional Data</strong> for your component, refer to <a href="1.ProjectPage.md/#f-additional-data">F. Additional Data</a>.</p> -<p>After all the summary information is filled click on <strong>Create Component</strong>, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:</p> -<ul> -<li><strong>Releases</strong></li> -<li><strong>Attachments</strong></li> -</ul> -<h3 id="2-releases"><strong>2. Releases</strong></h3> -<p>A release is a specific version of a component. To add Release information for your component:</p> -<ol> -<li> -<p>Click on <strong>Releases</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Componentreleases.png" alt=""></p> -</li> -<li> -<p>Then click on <strong>Add Releases</strong>. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information</br></p> -<ul> -<li><strong>Summary</strong></li> -<li><strong>Linked Releases</strong></li> -</ul> -</li> -</ol> -<h4 id="a-summary"><strong>A. Summary</strong></h4> -<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release1.png" alt=""></p> -<ol> -<li>Click on the field to select the <strong>Vendor</strong> for your component. This opens a dialogue box, search and select the vendor and click on <strong>Select Vendor</strong>.</li> -<li>Enter the <strong>Programming Languages</strong> used for the release.</li> -<li><strong>Name</strong> for the release will be auto generated from the name given to the component.</li> -<li>Enter the <strong>Operating Systems</strong> used for the release.</li> -<li>Enter the <strong>Version</strong> for the release.</li> -<li>Enter the <strong>CPE (Common Platform Enumeration) ID</strong> for the release.</li> -</ol> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release2.png" alt=""></p> -<ol start="7"> -<li> -<p>Enter the <strong>Software Platforms</strong> for the release.</p> -</li> -<li> -<p>Click on the field <strong>Other License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> -</li> -<li> -<p>Set <strong>Release Date</strong>.</p> -</li> -<li> -<p>Enter the <strong>Source Code Download URL</strong>. This is the web address from where source code of the release can be downloaded.</p> -</li> -<li> -<p>Click on the field <strong>Main License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> -</li> -<li> -<p>Enter <strong>Binary Download URL</strong>. This is the web address from where binary of the release can be downloaded.</p> -</li> -<li> -<p><strong>Clearing state</strong> will be set to &ldquo;new&rdquo; by default.</p> -</li> -<li> -<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> -<ul> -<li>Open: No license clearing</li> -<li>Mainline: Permissive license with no specific obligations</li> -<li>Specific: Permissive license with additional obligations with standard obligations</li> -<li>Phaseout: Not used anymore</li> -<li>Denied: Not to be used because of a specific reason</li> -</ul> -</li> -<li> -<p><strong>Created on</strong> is set automatically.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release3.png" alt=""></p> -</li> -<li> -<p><strong>Created by</strong> is set automatically.</p> -</li> -<li> -<p><strong>Modified on</strong> is set automatically.</p> -</li> -<li> -<p>Click on the field to select <strong>Contributors</strong>. This opens a dialogue box, search and select the contributors and click on <strong>Select Users</strong>.</p> -</li> -<li> -<p><strong>Modified by</strong> is set automatically.</p> -</li> -<li> -<p><strong>Moderator</strong> is the user responsible for the release. Click on the field to select moderators.</p> -<ul> -<li>This opens a dialogue box, use the type field to search for the moderator.</li> -<li>Select the users</li> -<li>Click on <strong>Select Users</strong>.</li> -</ul> -</li> -</ol> -<p><strong>Additional Roles</strong>, refer to <a href="#3-additional-roles">3. Additional Roles</a>.</p> -<p><strong>External Ids</strong>, refer to <a href="#4-external-ids">4. External Ids</a>.</p> -<p><strong>Additional Data</strong>, refer to <a href="#5-additional-data">5. Additional Data</a>.</p> -<p><strong>Release Repository</strong></p> -<p>You can add a release repository URL for your release. To add a release repository:</p> -<ol> -<li> -<p>Select the <strong>Repository Type</strong> from the drop-down list.</p> -</li> -<li> -<p>Enter the <strong>Repository URL</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Releaserepository.png" alt=""></br></p> -</li> -</ol> -<h4 id="b-linked-releases"><strong>B. Linked Releases</strong></h4> -<p>To add linked releases to your release, click on linked releases. For more information, refer to <a href="1.ProjectPage.md/#b-linking-releases">B. Linking Releases</a>.</p> -<p>Click on <strong>Create Release</strong> to add more information for this release.</p> -<h4 id="c-clearing-details"><strong>C. Clearing Details</strong></h4> -<p>Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. -To add clearing information to your release, click on <strong>Clearing Details</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png" alt=""></p> -<ul> -<li>Check the boxes for all applicable clearing details.</li> -<li>Enter the applicable data for <strong>Scanned</strong> and <strong>Clearing Standard</strong>. For e.g., date or specific version of your License Scanner.</li> -<li>Enter <strong>External URL</strong> for the release.</li> -<li>Add <strong>Comments</strong>.</li> -</ul> -<p><strong>Request Information</strong></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png" alt=""></p> -<p>To request more information regarding the release, follow the procedure:</p> -<ul> -<li>Enter <strong>Request ID</strong> and <strong>Additional request Info</strong>.</li> -<li>Set <strong>Evaluation Start</strong> and <strong>Evaluation End</strong> date.</li> -</ul> -<p><strong>Supplemental Information</strong></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png" alt=""></p> -<p>You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.</p> -<ul> -<li>Enter <strong>External Supplier Id</strong> and the count of <strong>Vulnerabilities</strong>.</li> -</ul> -<h4 id="d-ecc-details"><strong>D. ECC Details</strong></h4> -<p><code>NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.</code></p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png" alt=""></p> -<p>To enter ECC details for a release click on <strong>ECC Details</strong>.</p> -<ul> -<li>Select the <strong>ECC Status</strong> from the drop-down list. -<ul> -<li>Open</li> -<li>In progress</li> -<li>Approved</li> -<li>Rejected</li> -</ul> -</li> -<li>Add <strong>ECC Comment</strong>, if required.</li> -<li>Enter <strong>Ausfuhrliste</strong>, this is a German ECC number.</li> -<li>Enter <strong>ECCN</strong> and <strong>Material Index Number</strong>.</li> -<li><strong>Assessor Contact Person</strong>, <strong>Assessor Department</strong> and <strong>Assessment date</strong> will be set automatically.</li> -</ul> -<h4 id="e-attachments"><strong>E. Attachments</strong></h4> -<p>You can add or modify the attachments to your release. To add attachments, click on <strong>Attachments</strong> on the left. For more information on how to add attachments to the release, refer to <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</p> -<h2 id="heading"></h2> -<p>After entering all the release information, click on <strong>Update Release</strong>.</p> -<p>To delete the release, click on <strong>Delete Release</strong>.</p> -<p>If you do not want to create a release, click on <strong>Cancel</strong>.</p> -<h2 id="205-edit-component">2.05 Edit Component</h2> -<ol> -<li>Search for the components you want to edit or navigate from the component list.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column. You can also edit a component by clicking on the component and then clicking on <strong>Edit Component</strong>.</li> -<li>You can view summary, releases, and attachment information of the component.</li> -<li>Click on <strong>Summary</strong> to edit component summary information. For more information on the fields to edit, refer to <a href="#1-summary">1. Summary</a>.</li> -<li>Click on <strong>Releases</strong> to view all the releases that are linked to the component. If you want to add more releases to the component click on <strong>Add Releases</strong> at the bottom of the list. For more information on how to add a release, refer to <a href="#2-releases">2. Releases</a>.</li> -<li>Click on <strong>Attachments</strong> to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</li> -<li>To update the new component information, click on <strong>Update Component</strong>.</li> -<li>To delete the component, click on <strong>Delete Component</strong>.</li> -<li>If you do not want to edit the component, click on <strong>Cancel</strong>.</li> -</ol> -<h2 id="206-view-component">2.06 View Component</h2> -<p>To open a view mode for a component:</p> -<ol> -<li>Search for the components you want to edit or navigate from the component list.</li> -<li>Click on the component name.</li> -<li>You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.</li> -<li>You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.</li> -</ol> -<h3 id="a-merge"><strong>A. Merge</strong></h3> -<p>This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. -To merge a component with another, click on <strong>Merge</strong>. This action will redirect you to another page where you can:</p> -<ol> -<li>Choose the from the list of components that should be merged into the current one.</li> -<li>Merge the data from the source into the target component.</li> -<li>Check the merged component and confirm the merge.</li> -</ol> -<h3 id="b-split"><strong>B. Split</strong></h3> -<p>This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.</p> -<p>To Split a component, click on <strong>Split</strong>. This action will redirect you to another page where you can:</p> -<ol> -<li>Choose a target component into which the current component needs to split.</li> -<li>Split the data from current component to the target component.</li> -<li>Check the split version of the component and confirm the split.</li> -</ol> -<h3 id="c-subscribe"><strong>C. Subscribe</strong></h3> -<p>You can <strong>Subscribe</strong> to a component to get notified with emails when any changes are made to the component.</p> -<p>To not get notified for a particular component, click <strong>Unsubscribe</strong>.</p> -<h3 id="d-view-component-information"><strong>D. View Component Information</strong></h3> -<p>You can view component information by navigating the navigation tree.</p> -<ol> -<li>To view component summary, click on <strong>Summary</strong>. To edit summary information for the component, refer to <a href="#205-edit-component">2.05 Edit Component</a>.</li> -<li>Click on <strong>Release Overview</strong> to view all the releases for the component. To edit details for any of the linked releases click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> +Eclipse SW360 – User Guideshttps://www.eclipse.org/sw360/docs/userguide/Recent content in User Guides on Eclipse SW360Hugo -- gohugo.ioDocs: Loginhttps://www.eclipse.org/sw360/docs/userguide/login/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/login/ +<p>You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.</p> +<p>You will see a &ldquo;Welcome to SW360!&rdquo; homepage which is a public area with <strong>Sign In</strong> and <strong>Create Account</strong> buttons. +The Sign In button will redirect to the private area in order to work with the portal.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/duo.png"/> +</figure> +<p>Your private area contains an overview of your <strong>Projects</strong> and <strong>Components</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/homepage.png"/> +</figure> +<p>The idea of &ldquo;Your&rdquo; refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.</p>Docs: Home Pagehttps://www.eclipse.org/sw360/docs/userguide/sw360-homepage/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ +<h1 id="home-page">Home Page</h1> +<p>The private area of the home page contains an overview of projects and components which are specific to you and other general information.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Home_Page.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No</th> +<th style="text-align:left">Name</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left">Main Menu</td> +<td style="text-align:left">Main menu consists primarily of the various tasks you can perform.</td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left">My Projects</td> +<td style="text-align:left">Displays the list of projects for a specific role or clearing state.</td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left">My Task Assignments</td> +<td style="text-align:left">Displays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.</td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left">My Components</td> +<td style="text-align:left">Displays the list of components that are created by you.</td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left">My Task Submissions</td> +<td style="text-align:left">These are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.</td> +</tr> +<tr> +<td style="text-align:center">6</td> +<td style="text-align:left">Search Bar</td> +<td style="text-align:left">You can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.</td> +</tr> +<tr> +<td style="text-align:center">7</td> +<td style="text-align:left">My Profile</td> +<td style="text-align:left">You can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:</br> - <strong>My sites</strong>, will redirect you to a page where you can view all the sites you have opened in the past. </br> - <strong>My profile</strong>, will redirect you to a page where you can view your vcard. </br> - <strong>My dashboard</strong>, will redirect you to a page where you can view summary of your profile. </br> - <strong>Notifications</strong>, will redirect you to a page where you can view all the latest updates. </br> - <strong>Shared content</strong>, will redirect you to a page where you can view all the shared content which are shared with you or shared by you. </br> - <strong>My submissions</strong>, will redirect you to a page where you can view all of your submissions. </br> - <strong>My workflow tasks</strong>, will redirect you to a page where you can view the tasks which are assined to you or your roles. </br> - <strong>Account settings</strong>, will redirect you to a page where you can modify <strong>general information</strong>, <strong>passwords</strong>, <strong>addresses and contact</strong> information and <strong>alert preferences</strong> as needed. </br> - <strong>My connected applications</strong>, will redirect you to a page where you can view connected applications. </br> - <strong>My organization</strong>, will redirect you to a page where you can view your organization information. </br> - You can sign out of SW360 using <strong>sign out</strong> option.</td> +</tr> +<tr> +<td style="text-align:center">8</td> +<td style="text-align:left">My Subscriptions</td> +<td style="text-align:left">Displays a list of various components and releases you have subscribed to. </br> <code> NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.</code></td> +</tr> +<tr> +<td style="text-align:center">9</td> +<td style="text-align:left">Recent Components</td> +<td style="text-align:left">Displays a list of recent components which are added to SW360.</td> +</tr> +<tr> +<td style="text-align:center">10</td> +<td style="text-align:left">Recent Releases</td> +<td style="text-align:left">Displays a list of recent releases which are added to SW360.</td> +</tr> +</tbody> +</table>Docs: Projecthttps://www.eclipse.org/sw360/docs/userguide/project/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/project/ +<h1 id="10-project-page">1.0 Project Page</h1> +<h2 id="101-introduction">1.01 Introduction</h2> +<p>Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Projectpage.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#103-project-search">Advanced Search</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#104-add-project">Add Project</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#105-import-sbom">Import SPDX BOM</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#113-export-spreadsheet">Export Spreadsheet</a></td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left"><a href="#102-project-list">Project List</a></td> +</tr> +</tbody> +</table> +<h2 id="102-project-list">1.02 Project List</h2> +<p>The Project List lists all the relevant projects with the following information:</p> +<ul> +<li> +<p><strong>Project name</strong>: All the projects are listed with their names.</p> +</li> +<li> +<p><strong>Description</strong>: The description for the project is displayed here.</p> +</li> +<li> +<p><strong>Project responsible</strong>: The email address of the person responsible for the project is displayed.</p> +</li> +<li> +<p><strong>State</strong>: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.</p> +<table> +<thead> +<tr> +<th style="text-align:right">Color</th> +<th style="text-align:left">Project State (PS)</th> +<th style="text-align:left">Project Clearing State (CS)</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:right"><span style="color:#68C17C"> <strong>Green</strong> </span></td> +<td style="text-align:left">Active</td> +<td style="text-align:left">Closed</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#FFD351"> <strong>Yellow</strong> </span></td> +<td style="text-align:left">Not Applicable</td> +<td style="text-align:left">In-progress</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#E6717C"> <strong>Red</strong> </span></td> +<td style="text-align:left">Open</td> +<td style="text-align:left">Open</td> +</tr> +<tr> +<td style="text-align:right"><span style="color:#DEE2E6"> <strong>Grey</strong> </span></td> +<td style="text-align:left">Phase out/ Unknown</td> +<td style="text-align:left">Not Applicable</td> +</tr> +</tbody> +</table> +</li> +<li> +<p><strong>License Clearing</strong> displays the clearing states for releases for the project including sub projects.</p> +</li> +<li> +<p><strong>Actions</strong>: you can perform the following actions for a project:</p> +<table> +<thead> +<tr> +<th style="text-align:center">Action</th> +<th style="text-align:left">Description </span></th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> +</figure> +</td> +<td style="text-align:left">To edit a Project</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +</td> +<td style="text-align:left">To create clearing request the OSS clearing team</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> +</figure> +</td> +<td style="text-align:left">To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +</td> +<td style="text-align:left">To delete the project from SW360.</td> +</tr> +</tbody> +</table> +</li> +</ul> +<p><strong>NOTE: CLICK ON +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SortIcon.png"/> +</figure> +TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="103-project-search">1.03 Project Search</h2> +<p><strong>Advanced search</strong> dialogue box allows you to search for a particular project. To search for a project follow the procedure:</p> +<ol> +<li>Enter the <strong>Project name</strong> and <strong>Version</strong> of the project that you want to search.</li> +<li>Select the <strong>Project Type</strong> from the drop-down list. For more information regarding the project type, refer to paragraph 4. of <a href="#a-general-information">General Information</a>.</li> +<li>Search the project by <strong>Project Responsible</strong> email.</li> +<li>Search projects by their <strong>Group</strong>, select the group from the drop-down list.</br><code>NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.</code></li> +<li>Search projects by their project <strong>State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> +<li>You can search the projects by their <strong>Clearing State</strong>, select the options available from the drop-down list. For more information regarding project state, refer to <a href="#102-project-list">1.02 Project List</a>.</li> +<li>You can search projects by their <strong>Tags</strong>. If there are multiple tags that you want to search, use a comma to separate.</li> +<li>You can search projects by <strong>Additional Data</strong>.</li> +</ol> +<h2 id="104-add-project">1.04 Add Project</h2> +<p>To add a new project, click on the <strong>Add Project</strong> on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:</p> +<ul> +<li><strong>Summary</strong></li> +<li><strong>Administration</strong></li> +<li><strong>Linked Releases and Projects</strong></li> +</ul> +<h3 id="1-summary"><strong>1.</strong> <strong>Summary</strong></h3> +<h4 id="a-general-information"><strong>A.</strong> <strong>General Information</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY</code></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectGeneralInfo%20%281%29.png"/> +</figure> +<ol> +<li> +<p>Enter the <strong>Name</strong> of the project you want to create.</p> +</li> +<li> +<p>The field <strong>Created by</strong> is set automatically to the creator/owner of the project.</p> +</li> +<li> +<p><strong>Version</strong> of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.</p> +</li> +<li> +<p>Select the <strong>Project Type</strong> from the drop-down list.</p> +<ul> +<li>Customer: Delivered to the customer</li> +<li>Internal: Internally used but can also be used in other projects as a sub-project</li> +<li>Product: Developed as a product and delivered to the customer</li> +<li>Services: Developed as a service and delivered to the customer</li> +<li>Inner Source: OSS within a particular organization</li> +</ul> +</li> +<li> +<p><strong>Project Visibility</strong> describes if the project is visible to all or only selected personnel. The default is set to &ldquo;everyone&rdquo;, you can select the project visibility from the drop-down list.</p> +<ul> +<li>Private: Only visible to creator or admin</li> +<li>Me and Moderators: Visible to creator, moderators and admins</li> +<li>Group and Moderators: Visible to all users of the same group and the moderators</li> +<li>Everyone: All logged in users</li> +</ul> +</li> +<li> +<p><strong>Tags</strong> are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.</p> +</li> +<li> +<p>Check or uncheck the following fields as required:</p> +<ul> +<li><strong>Enable Security Vulnerability Monitoring</strong> (activated only if security responsible are added), refer to <a href="#c-roles">C. Roles</a>.</li> +<li><strong>Do not create monitoring list</strong>, but use from the external id, refer to <a href="#e-external-ids">E. External IDs</a>.</li> +<li><strong>Enable Displaying Vulnerabilities</strong> if you want the vulnerabilities to be visible.</li> +</ul> +</li> +<li> +<p><strong>Modified on</strong> date will be set automatically on creating the project.</p> +</li> +<li> +<p><strong>Description</strong>: You can enter details of your project.</p> +</li> +<li> +<p><strong>Modified by</strong> will be set automatically.</p> +</li> +<li> +<p>Select the <strong>Domain</strong> for your project from the drop-down list.</p> +<ul> +<li>Application software</li> +<li>Documentation</li> +<li>Embedded Software</li> +<li>Hardware</li> +<li>Test and diagnostics</li> +</ul> +</li> +<li> +<p>Click on the field to select the <strong>Vendor</strong> for your project.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the vendors.</li> +<li>Select the vendors</li> +<li>Click on <strong>Add Vendor</strong>.</li> +</ul> +</li> +</ol> +<h4 id="b-external-urls"><strong>B. External URLs</strong></h4> +<p>Click on <strong>Click to add row to external URLs</strong> to add URLs of your project.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL1.png"/> +</figure> +</p> +<ol> +<li> +<p>Select <strong>External URL Key</strong> from the drop-down list.</p> +<ul> +<li>Homepage: Link for homepage</li> +<li>Wiki page: Link for wiki page</li> +<li>Clearing:</li> +</ul> +</li> +<li> +<p>Enter <strong>External URL Value</strong>. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectExternalURL2.png"/> +</figure> +</p> +</li> +<li> +<p>To delete an external URL, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="c-roles"><strong>C. Roles</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectRoles.png"/> +</figure> +<ol> +<li> +<p><strong>Group</strong> is the department you/project owner belongs to. Click on the group field to select a <strong>Group</strong> for your project.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the group.</li> +<li>Select the group.</li> +<li>Click on <strong>Select</strong></li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject4.png"/> +</figure> +</li> +<li> +<p>Enter the <strong>Owners Accounting Unit</strong>.</p> +</li> +<li> +<p>Project manager is the user who manages the project. Click on the field to select <strong>Project Manager</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Project Manager.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Addproject_5.png"/> +</figure> +</li> +<li> +<p>Enter the <strong>Owners Billing Group</strong>.</p> +</li> +<li> +<p><strong>Project Owner</strong> holds the project. Click on the field to select <strong>Project Owner</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Project Owner.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Select the <strong>Owner Country</strong> from the drop-down list.</p> +</li> +<li> +<p><strong>Security responsible</strong> is the list of users responsible for the security of the project. Click on the field to select <strong>Security responsible</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Security responsible.</li> +<li>Select the Users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Click on the field to select <strong>Lead Architect</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Lead Architect.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the project. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Moderators.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +<li> +<p>Click on the field to select <strong>Contributors</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Contributors.</li> +<li>Select the Users.</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<h4 id="d-additional-roles"><strong>D. Additional Roles</strong></h4> +<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles1.png"/> +</figure> +<ol> +<li> +<p>Select the type of <strong>Role</strong> from the drop-down list.</p> +<ul> +<li>Stakeholder</li> +<li>Analyst</li> +<li>Contributor</li> +<li>Accountant</li> +<li>End user</li> +<li>Quality manager</li> +<li>Test Manager</li> +<li>Technical writer</li> +<li>Key user</li> +</ul> +</li> +<li> +<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same procedure.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/additionalroles2.png"/> +</figure> +</li> +<li> +<p>To delete an additional role, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="e-external-ids"><strong>E. External Ids</strong></h4> +<p>Click on <strong>Click to add row to External Ids</strong> to add external Ids to your project.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_1.png"/> +</figure> +<ol> +<li>Click on field to enter <strong>External Id Key</strong> and select from the drop-down list.</li> +<li>Enter <strong>External Id Value</strong>. To add multiple external Ids, repeat the same procedure.</li> +</ol> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Project_external_ID_2.png"/> +</figure> +<ol> +<li>To delete an External Id, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</li> +</ol> +<h4 id="f-additional-data"><strong>F. Additional Data</strong></h4> +<p>You can add data keys and corresponding data values for your project.</p> +<p>To add more additional data keys, click on <strong>Click to add rows to additional data</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_1.png"/> +</figure> +<ol> +<li> +<p>Enter <strong>additional data key</strong>.</p> +</li> +<li> +<p>Enter <strong>additional data value</strong>. To add multiple additional data, repeat the same procedure.</p> +<p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Additional_data_2.png"/> +</figure> +.</p> +</li> +<li> +<p>To delete an additional data, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h3 id="2-administrationbr"><strong>2.</strong> <strong>Administration</strong></br></h3> +<p>Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on &ldquo;Administration&rdquo;, use navigation section. </br></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectAdministration.png"/> +</figure> +<h4 id="a-clearing-information"><strong>A.</strong> <strong>Clearing information</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Clearing_Information.png"/> +</figure> +<p>To add clearing information for your project:</p> +<ol> +<li> +<p>Select the values for <strong>Project Clearing State</strong> from the drop-down list.</p> +<ul> +<li>Open Project</li> +<li>In progress</li> +<li>Closed</li> +</ul> +</li> +<li> +<p>Clearing team is responsible for project clearing. To assign a clearing team, select the values for <strong>Clearing team</strong> from the drop-down list.</p> +</li> +<li> +<p>Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set <strong>Deadline for pre-evaluation</strong> date.</p> +</li> +<li> +<p>Following information should be entered manually:</p> +<ul> +<li><strong>Clearing summary</strong>: Overview of the clearing for the project management.</li> +<li><strong>Special risk open source software</strong>: Risks which occur out from usage of specific OSS components.</li> +<li><strong>General risk 3rd party software</strong>: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.</li> +<li><strong>Special risk 3rd party software</strong>: Specific risks which occur by using specific projects, including commercial projects.</li> +<li><strong>Sales and delivery channels</strong>: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.</li> +<li><strong>Remarks and additional requirements</strong>: Any additional relevant requirement.</li> +</ul> +<p><code>NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.</code></p> +</li> +</ol> +<h4 id="b-lifecycle-information"><strong>B.</strong> <strong>Lifecycle information</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLifecycle.png"/> +</figure> +<p>To add lifecycle information for your project:</p> +<ol> +<li> +<p>Select the values for <strong>Project state</strong> from the drop-down list.</p> +<ul> +<li>Active</li> +<li>Phase-out</li> +<li>Unknown</li> +</ul> +</li> +<li> +<p>Set <strong>System test begin</strong> and <strong>System test end</strong> dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.</p> +</li> +<li> +<p>Set <strong>Delivery start</strong> and <strong>Phase out</strong> dates. After the phase out date, maintenance is not required for the project.</p> +<p><code>NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.</code></p> +</li> +</ol> +<h4 id="c-license-info-header"><strong>C.</strong> <strong>License Info Header</strong></h4> +<p>The license info header can be set as a default header. However, you can edit this field as required.</p> +<h3 id="3-linked-releases-and-projects"><strong>3.</strong> <strong>Linked Releases and Projects</strong></h3> +<p>You can link other projects and releases to the project that you are adding. Click on <strong>Linked Releases and Projects</strong>, use navigation section.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ProjectLinkedreleasesandprojects.png"/> +</figure> +<h4 id="a-linking-projects"><strong>A.</strong> <strong>Linking Projects</strong></h4> +<p>To add existing projects as a sub-project:</p> +<ol> +<li> +<p>Click on <strong>Add Projects</strong>, this action opens a dialogue box.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> +</figure> +</li> +<li> +<p>Search and select the projects which you would like to link.</p> +</li> +<li> +<p>Click on <strong>Link Projects</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> +</figure> +</li> +<li> +<p>After the project is linked, you can select the <strong>Project Relation</strong> for your sub-project from the drop-down list.</p> +<ul> +<li>Sub-project</li> +<li>Duplicate</li> +<li>Unknown</li> +<li>Related</li> +</ul> +</li> +<li> +<p>Check or uncheck <strong>Enable SVM</strong> as required.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_3.png"/> +</figure> +</li> +<li> +<p>To link multiple projects, repeat the same procedure.</p> +</li> +<li> +<p>To delete a linked project, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<h4 id="b-linking-releases"><strong>B.</strong> <strong>Linking releases</strong></h4> +<p>To add releases to your project:</p> +<ol> +<li> +<p>Click on <strong>Add Releases</strong>, this action opens a dialogue box.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_1.png"/> +</figure> +</li> +<li> +<p><strong>Search</strong> for the releases which you want to link or click on <strong>Releases of linked projects</strong> to view all the releases which are linked to the project.</p> +</li> +<li> +<p>Select all the releases which you want to link and click on <strong>Link releases</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_2.png"/> +</figure> +</li> +<li> +<p>After the release is linked, you can select the value for the <strong>Release relation</strong> from the drop-down list.</p> +<ul> +<li>Unknown</li> +<li>Contained</li> +<li>Related</li> +<li>Dynamically linked</li> +<li>Statically linked</li> +<li>Side by side</li> +<li>Standalone</li> +<li>Internal Use</li> +<li>Optional</li> +<li>To be replaced</li> +<li>Code snippet</li> +</ul> +</li> +<li> +<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> +<ul> +<li>Open</li> +<li>Mainline</li> +<li>Specific</li> +<li>Phaseout</li> +<li>Denied</li> +</ul> +</li> +<li> +<p>Add <strong>Comments</strong>, if required.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Link_release_3.png"/> +</figure> +</li> +<li> +<p>To link multiple releases/components, repeat the same procedure.</p> +</li> +<li> +<p>To delete a linked release, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</p> +</li> +</ol> +<p>After all the information for the new project is filled out. Click on &ldquo;<strong>Create Project</strong>&rdquo; at the top.</p> +<p>If you do not want to create a project on any point of time, click on &ldquo;<strong>Cancel</strong>&rdquo; at the top.</p> +<h2 id="105-import-sbom">1.05 Import SBOM</h2> +<p>SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:</p> +<ol> +<li> +<p>Click on <strong>Import SBOM</strong> on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).</p> +</li> +<li> +<p>Drag and drop the file from your local system to the dialogue box or click on <strong>Browse File</strong> and select the file you want to import.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ImportSBOM.png"/> +</figure> +<p><code>NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.</code></br></p> +</li> +<li> +<p>After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.</p> +</li> +</ol> +<h2 id="106-edit-project">1.06 Edit Project</h2> +<p>You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:</p> +<ol> +<li> +<p>Search for the projects you want to edit or navigate from the project list.</p> +</li> +<li> +<p>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Edit_Pen.png"/> +</figure> +from the actions column. You can also edit a project by clicking on the project and click on <strong>Edit Project</strong>.</p> +</li> +<li> +<p>Change the data for the project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</p> +</li> +<li> +<p>In this view, you can also add attachments for the project in this view, click on <strong>Attachments</strong>, use navigation section.</br> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/EditProject_Attachments.png"/> +</figure> +</br></p> +<ul> +<li>Click on <strong>Add Attachment</strong>, this action opens a dialogue box.</br></li> +<li>Browse and select the files which you want to upload or drag and drop them into the area.</br></li> +<li>Click on <strong>Upload</strong>.</br></li> +<li>Select the type of file from the drop-down list. </br></li> +<li>Select the status from the drop-down list.</br></li> +<li>If required, add <strong>comments</strong></br></li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Attachment_2.png"/> +</figure> +<ul> +<li>To delete an attachment, click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +.</br></li> +</ul> +</li> +<li> +<p>After you modify the required fields, click on &ldquo;<strong>Update Project</strong>&rdquo;.</p> +</li> +<li> +<p>To delete the project, click on &ldquo;<strong>Delete Project</strong>&rdquo;.</p> +</li> +<li> +<p>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</p> +</li> +</ol> +<h2 id="107-duplicate-a-project">1.07 Duplicate a Project</h2> +<p>Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:</p> +<ol> +<li>Search for the projects you want to duplicate or navigate from the project list.</li> +<li>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Copy_Duplicate.png"/> +</figure> +from the actions column to duplicate the project.</li> +<li>Modify the data for the duplicate project as required. For more information, refer to <a href="#104-add-project">1.04 Add Project</a>.</li> +<li>Click on &ldquo;<strong>Create Project</strong>&rdquo; after all changes are made.</li> +<li>To cancel any changes that you made click on &ldquo;<strong>Cancel</strong>&rdquo;.</li> +</ol> +<h2 id="108-deleting-a-project">1.08 Deleting a Project</h2> +<p>You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:</p> +<p><code>WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.</code></p> +<ol> +<li> +<p>Search for the projects you want to delete or navigate from the project list.</p> +</li> +<li> +<p>Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Delete_Trash.png"/> +</figure> +from the actions column to delete the project.</p> +</li> +<li> +<p>The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.</p> +</li> +<li> +<p>Click on <strong>Delete Project</strong>.</p> +</li> +<li> +<p>To cancel any changes that you made click on <strong>Cancel</strong>.</br></p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Deleteproject1.png"/> +</figure> +</li> +</ol> +<h2 id="109-linking-a-project">1.09 Linking A Project</h2> +<p>There are multiple ways that you can link a project to another.</p> +<h3 id="a-linking-to-a-parent-project"><strong>A. Linking to a parent project</strong></h3> +<ol> +<li> +<p>Search for the projects you want to link or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project. Click on &ldquo;<strong>Link Projects</strong>&rdquo; on the top. This will open a dialogue box to search for the projects.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_1.png"/> +</figure> +</li> +<li> +<p>Search for the projects which you want to link.</p> +</li> +<li> +<p>Select the projects and click on <strong>Link Projects</strong>.</p> +</li> +<li> +<p>Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the <strong>click here to edit the project relation</strong> on the green prompt.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linking_project.png"/> +</figure> +</li> +<li> +<p>Again, the project opens up in edit mode.</p> +</li> +<li> +<p>Modify the project details as required for the linked project. Refer to <a href="#a-linking-projects">Link Projects</a>.</p> +</li> +<li> +<p>Click on <strong>&ldquo;Update Project&rdquo;</strong> to save your changes.</p> +</li> +</ol> +<h3 id="b-linking-a-child-project"><strong>B. Linking a child project</strong></h3> +<p>To add child projects to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> +<h2 id="110-linking-components-or-releases">1.10 Linking Components or Releases</h2> +<p>You can directly link a component or release to a parent project, refer to <a href="#3-linked-releases-and-projects">3. Linked Releases and Projects</a>.</p> +<h3 id="a-link-component"><strong>A. Link Component</strong></h3> +<p>You can also link a component to a project while editing a project.</p> +<ol> +<li> +<p>Search for the projects you want to delete or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project, click on <strong>license clearing</strong>, use navigation section.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/LicenseClearing_1.png"/> +</figure> +</li> +<li> +<p>Select the component/release from the list displayed. After which, which redirects you to its component page.</p> +</li> +<li> +<p>Click on &ldquo;<strong>Link to Projects</strong>&rdquo; to link this release/component to a project. This will open a dialogue box to search for the projects.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Linked-projects_2.png"/> +</figure> +</li> +<li> +<p>If you want to view the projects which are already linked to the components/release, check the box for <strong>show already linked projects</strong>.</p> +</li> +<li> +<p>Select the project which you want to link the component / release to and then click on <strong>link to project</strong>.</p> +</li> +</ol> +<h2 id="111-security-vulnerability-tracking-for-projects">1.11 Security Vulnerability tracking for Projects</h2> +<p>You can view all the security vulnerabilities for your project. To view vulnerability tracking status:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>This will display the view mode of the selected project, click on <strong>Vulnerability Tracking Status</strong>.</p> +</li> +<li> +<p>Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the &ldquo;security responsible&rdquo; is assigned. Refer to paragraphs <a href="#c-roles">C. Roles</a>.</p> +</li> +<li> +<p>You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking.png"/> +</figure> +</li> +<li> +<p>To view all the listed vulnerabilities for sub-projects of the parent project click on <strong>Vulnerabilities</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/SVM_Tracking_2.png"/> +</figure> +</li> +<li> +<p>If you want to view the complete data for a vulnerability, refer to <a href="../New%20Userguide/5.%20Vulnerabilities.pdf">5. Vulnerability</a>.</p> +</li> +</ol> +<h2 id="112-clearing-requests">1.12 Clearing Requests</h2> +<p>Each project needs license clearing and it is a project level activity.</p> +<h3 id="a-create-clearing-requests"><strong>A. Create Clearing Requests</strong></h3> +<p>To create a clearing request:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +or,</p> +</li> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>Click on <strong>Create Clearing Request</strong>, a dialogue box will appear.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Create_clearing_request.png"/> +</figure> +</li> +<li> +<p>Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on <strong>Select Users</strong>.</p> +</li> +<li> +<p>Select the <strong>Preferred Clearing Date</strong>.</p> +</li> +<li> +<p>If required, add <strong>Comments</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/License_Clearing_request.png"/> +</figure> +</li> +<li> +<p>Click on &ldquo;<strong>Create Request</strong>&rdquo;.</p> +</li> +<li> +<p>To cancel any changes that you made click on <strong>Cancel</strong>.</p> +</li> +</ol> +<h3 id="b-view-clearing-requests"><strong>B. View Clearing Requests</strong></h3> +<p>You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/ClearingRequest.png"/> +</figure> +or,</p> +</li> +<li> +<p>Click on the required project.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>Click on <strong>View Clearing Request</strong>.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_request.png"/> +</figure> +</li> +<li> +<p>A new dialogue box with the clearing request information will be displayed.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/View_Clearing_Request_2.png"/> +</figure> +</li> +</ol> +<h3 id="c-edit-clearing-requests"><strong>C. Edit Clearing Requests</strong></h3> +<p>For more information on how to edit the existing clearing requests, refer to <a href="../New%20Userguide/6.%20Requests.pdf">6. Requests</a>.</p> +<h2 id="113-export-spreadsheet">1.13 Export Spreadsheet</h2> +<p>You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group &ldquo;SHS&rdquo;.</p> +<ol> +<li> +<p>Go to project home page.</p> +</li> +<li> +<p>If required, you can filter the projects using the advanced search options. Refer to <a href="#103-project-search">1.02 Project Search</a>.</p> +</li> +<li> +<p>After the search gives a result, click on <strong>Export Spreadsheet</strong> and select the option from the drop-down list.</p> +<ul> +<li>Projects only</li> +<li>Projects with linked releases</li> +</ul> +</li> +<li> +<p>A file will now be downloaded to your local system with the required information.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Export_spreadsheet.png"/> +</figure> +</li> +</ol> +<p><code>NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.</code></p> +<h2 id="114-generate-license-info">1.14 Generate License Info</h2> +<p>You can generate a read me OSS file of all the license information for a project. To generate license information:</p> +<ol> +<li> +<p>Search for the projects or navigate from the project list. Click on the required project.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>The page displays the list of all the releases listed and their respective release clearing state in the <em><strong>state</strong></em> column. Each of the releases has license information in the form of CLI files. You can view this information in the <em><strong>main licenses</strong></em> or <em><strong>other licenses</strong></em> column. +Generating a license info will create a read me OSS document combining all the licenses.</p> +</li> +<li> +<p>Click on <strong>Generate license info</strong> and select the options from the drop-down list.</p> +<ul> +<li>Project only</li> +<li>Project with sub project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info.png"/> +</figure> +</li> +<li> +<p>After your selection, you are redirected to another page where you can further modify the output of the license information.</p> +</li> +<li> +<p>Select <strong>Show all</strong> to view all the license information or <strong>Only Approved</strong> to view approved licenses.</p> +</li> +<li> +<p>Select which CLI you want to publish the information from the list displayed below.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_2%20.png"/> +</figure> +</li> +<li> +<p>Click on <strong>Download</strong>. A new Dialogue box will appear asking for your preferences.</p> +</li> +<li> +<p>Check the required boxes and select an output format.</p> +</li> +<li> +<p>Click on <strong>Download</strong> to get a Readme.OSS file.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Generate_license_info_3.png"/> +</figure> +</li> +</ol> +<h2 id="115-generate-source-code-bundle">1.15 Generate Source Code Bundle</h2> +<p>Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:</p> +<ol> +<li> +<p>To select the project, use the search option or navigate from the project list and click on it.</p> +</li> +<li> +<p>Select <strong>License Clearing</strong>, use navigation section.</p> +</li> +<li> +<p>The window shows a list of all the releases listed. Click on <strong>Generate Source Code Bundle</strong> and select the option from the drop-down list.</p> +<ul> +<li>Project only</li> +<li>Project with sub project</li> +</ul> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_1.png"/> +</figure> +</li> +<li> +<p>After you select, you are redirected to another page which lists all the source code information.</p> +</li> +<li> +<p>Select the required source code and click <strong>Download</strong>.</p> +</li> +<li> +<p>A combined zip file comprising of all the select source code will be downloaded.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Project_Page/Source_code_2.png"/> +</figure> +</li> +</ol>Docs: Componentshttps://www.eclipse.org/sw360/docs/userguide/components/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/components/ +<h1 id="20-components">2.0 Components</h1> +<h2 id="201-introduction">2.01 Introduction</h2> +<p>The components page displays the list of components and releases that are available in SW360. A component is a list of releases with metadata. A release is a specific version of a component.</p> +<p>To open a component page, click <strong>Components</strong> tab from the main menu. +You can find a particular component with Advanced Search, you can also add and edit components in this page.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentPage.png"/> +</figure> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#203-component-search">Advanced Search</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#204-add-component">Add Component</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#207-import-spdx-bom">Import SPDX BOM</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#208-export-spreadsheet">Export Spreadsheet</a></td> +</tr> +<tr> +<td style="text-align:center">5</td> +<td style="text-align:left"><a href="#202-component-list">Component List</a></td> +</tr> +</tbody> +</table> +<h2 id="202-component-list">2.02 Component List</h2> +<p>On the component page, you can view all the components that are relevant to you. The components are listed with the following information:</p> +<ul> +<li><strong>Vendor</strong>: Vendor is organization which is selling the component or the community which is hosting the component.</li> +<li><strong>Component Name</strong>: All components are listed by their names.</li> +<li><strong>Main Licenses</strong>: The list of main licenses available for a component are displayed.</li> +<li><strong>Component Type</strong>: Lists all the components by their type. For more information on component types, refer to <a href="#a-general-information">A. General Info</a>.</li> +<li><strong>Actions</strong>: You can perform the following actions for a component: +<table> +<thead> +<tr> +<th style="text-align:center">Action</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png"/> +</figure> +</td> +<td style="text-align:left">To edit a component</td> +</tr> +<tr> +<td style="text-align:center"> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png"/> +</figure> +</td> +<td style="text-align:left">To delete the component from SW360.</td> +</tr> +</tbody> +</table> +</li> +</ul> +<p><strong>NOTE: CLICK ON +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png"/> +</figure> +TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="203-component-search">2.03 Component Search</h2> +<p><strong>Advanced Search</strong> dialogue box is used to search for a particular component.</p> +<ol> +<li>Search the component with <strong>Component Name</strong> and <strong>Categories</strong>.</li> +<li>Search the component with <strong>Component Type</strong>. Select the component type from the drop-down list. For more information on the component types, refer to <a href="#a-general-information">A. General Information</a>.</li> +<li>Search components with their coding <strong>Languages</strong>, <strong>Software Platforms</strong>, <strong>Operating Systems</strong>, <strong>Vendors</strong> and <strong>Main Licenses</strong>.</li> +<li>Search components with <strong>Created by (Email)</strong>.</li> +<li>You can use <strong>Created on</strong> field to search for the components created on specific dates or specific time frames.</li> +</ol> +<h2 id="204-add-component">2.04 Add Component</h2> +<p>To add a new component, click <strong>Add Component</strong> from the component page, this will redirect you to another page where you can add component summary information.</p> +<h3 id="1-summary"><strong>1. Summary</strong></h3> +<h4 id="a-general-information"><strong>A. General Information</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_General_Info.png" alt=""></p> +<ol> +<li>Enter the <strong>Name</strong> of the component you want to create.</BR> +<code>NOTE: MAKE SURE THAT THERE ARE NO DUPLICATES.</code></BR></li> +<li>Select the <strong>Component Type</strong> from the drop-down list. +<ul> +<li>OSS: Open-Source Software</li> +<li>COTS: Commercial off-the-shelf</li> +<li>Internal: Internally used</li> +<li>Inner Source: OSS within a particular organization</li> +<li>Services: Developed as a service</li> +<li>Freeware: Software that is available free of cost</li> +<li>Code snippet: A small code which shows how to accomplish a specific task</li> +</ul> +</li> +<li>The field <strong>Created by</strong> is set automatically to the creator/owner of the component.</li> +<li>Click on <strong>Default Vendor</strong> field. +<ul> +<li>This opens a dialogue box, use the type field to search for the vendors.</li> +<li>Select the vendors</li> +<li>Click on <strong>Select Vendor</strong>.</li> +</ul> +</li> +<li>When you start typing in the <strong>Categories</strong> field, a list of categories that match are displayed to choose from.</li> +<li>Enter the <strong>Homepage URL</strong>, this is the web address for your component.</li> +<li>Enter a <strong>Short Description</strong> for your component.</li> +<li>Enter the <strong>Blog URL</strong>, this is the web address for the blog of your component.</li> +<li><strong>Modified on</strong> date will be set automatically.</li> +<li>Enter the <strong>Wiki URL</strong>, this is web address for the wiki page of your component.</li> +<li><strong>Modified by</strong> will be set automatically.</li> +<li>Enter the <strong>Mailing List URL</strong>, this is the web address of the mailing list of your component.</li> +</ol> +<h4 id="b-roles"><strong>B. Roles</strong></h4> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Roles.png" alt=""></p> +<ol> +<li> +<p><strong>Component owner</strong> holds the component. Click on the field to select <strong>Component Owner</strong>.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the Component Owner.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Addproject_5.png" alt=""></p> +</li> +<li> +<p>Select a country from the list to assign as <strong>Owner Country</strong>.</p> +</li> +<li> +<p>Enter the <strong>Owner Accounting Unit</strong>.</p> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the component. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the moderator.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<p><code> NOTE: ALL CLEARING EXPERTS, CLEARING ADMINS AND SW360 ADMINS ARE MODERATORS BY DEFAULT.</code></p> +<ol> +<li>Enter the <strong>Owner Billing Group</strong>.</li> +</ol> +<h4 id="c-additional-roles"><strong>C. Additional Roles</strong></h4> +<p>To assign more roles to your project, use <strong>Click to Add Additional Roles</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/additionalroles1.png" alt=""></p> +<ol> +<li> +<p>Select the type of <strong>role</strong> from the drop-down list.</p> +<ul> +<li>Committer</li> +<li>Contributor</li> +<li>Expert</li> +</ul> +</li> +<li> +<p>Enter <strong>Email address</strong> of the responsible personnel. To add multiple additional roles, repeat the same +procedure.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Additional_Role2.png" alt=""></p> +</li> +<li> +<p>To delete an additional role, click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> +</li> +</ol> +<h4 id="d-external-ids"><strong>D. External Ids</strong></h4> +<p>For more information on how to add an <strong>External ID</strong> for your component, refer to <a href="1.ProjectPage.md/#e-external-ids">E. External Ids</a>.</p> +<h4 id="e-additional-data"><strong>E. Additional Data</strong></h4> +<p>For more information on how to add an <strong>Additional Data</strong> for your component, refer to <a href="1.ProjectPage.md/#f-additional-data">F. Additional Data</a>.</p> +<p>After all the summary information is filled click on <strong>Create Component</strong>, which redirects you to another page where you can add more component information. Following are the two new sections to be filled:</p> +<ul> +<li><strong>Releases</strong></li> +<li><strong>Attachments</strong></li> +</ul> +<h3 id="2-releases"><strong>2. Releases</strong></h3> +<p>A release is a specific version of a component. To add Release information for your component:</p> +<ol> +<li> +<p>Click on <strong>Releases</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Componentreleases.png" alt=""></p> +</li> +<li> +<p>Then click on <strong>Add Releases</strong>. You will be redirected to another page to add more information about the release you want to create. Following are the two sections where you must enter information</br></p> +<ul> +<li><strong>Summary</strong></li> +<li><strong>Linked Releases</strong></li> +</ul> +</li> +</ol> +<h4 id="a-summary"><strong>A. Summary</strong></h4> +<p><code>NOTE: FIELDS MARKED &quot;*&quot; ARE MANDATORY.</code></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release1.png" alt=""></p> +<ol> +<li>Click on the field to select the <strong>Vendor</strong> for your component. This opens a dialogue box, search and select the vendor and click on <strong>Select Vendor</strong>.</li> +<li>Enter the <strong>Programming Languages</strong> used for the release.</li> +<li><strong>Name</strong> for the release will be auto generated from the name given to the component.</li> +<li>Enter the <strong>Operating Systems</strong> used for the release.</li> +<li>Enter the <strong>Version</strong> for the release.</li> +<li>Enter the <strong>CPE (Common Platform Enumeration) ID</strong> for the release.</li> +</ol> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release2.png" alt=""></p> +<ol start="7"> +<li> +<p>Enter the <strong>Software Platforms</strong> for the release.</p> +</li> +<li> +<p>Click on the field <strong>Other License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> +</li> +<li> +<p>Set <strong>Release Date</strong>.</p> +</li> +<li> +<p>Enter the <strong>Source Code Download URL</strong>. This is the web address from where source code of the release can be downloaded.</p> +</li> +<li> +<p>Click on the field <strong>Main License</strong> to set other license information for the release. This opens a dialogue box, search and select the licenses and click on <strong>Select Licenses</strong>.</p> +</li> +<li> +<p>Enter <strong>Binary Download URL</strong>. This is the web address from where binary of the release can be downloaded.</p> +</li> +<li> +<p><strong>Clearing state</strong> will be set to &ldquo;new&rdquo; by default.</p> +</li> +<li> +<p>Select the value for the <strong>Release Mainline State</strong> from the drop-down list.</p> +<ul> +<li>Open: No license clearing</li> +<li>Mainline: Permissive license with no specific obligations</li> +<li>Specific: Permissive license with additional obligations with standard obligations</li> +<li>Phaseout: Not used anymore</li> +<li>Denied: Not to be used because of a specific reason</li> +</ul> +</li> +<li> +<p><strong>Created on</strong> is set automatically.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Create_Release3.png" alt=""></p> +</li> +<li> +<p><strong>Created by</strong> is set automatically.</p> +</li> +<li> +<p><strong>Modified on</strong> is set automatically.</p> +</li> +<li> +<p>Click on the field to select <strong>Contributors</strong>. This opens a dialogue box, search and select the contributors and click on <strong>Select Users</strong>.</p> +</li> +<li> +<p><strong>Modified by</strong> is set automatically.</p> +</li> +<li> +<p><strong>Moderator</strong> is the user responsible for the release. Click on the field to select moderators.</p> +<ul> +<li>This opens a dialogue box, use the type field to search for the moderator.</li> +<li>Select the users</li> +<li>Click on <strong>Select Users</strong>.</li> +</ul> +</li> +</ol> +<p><strong>Additional Roles</strong>, refer to <a href="#3-additional-roles">3. Additional Roles</a>.</p> +<p><strong>External Ids</strong>, refer to <a href="#4-external-ids">4. External Ids</a>.</p> +<p><strong>Additional Data</strong>, refer to <a href="#5-additional-data">5. Additional Data</a>.</p> +<p><strong>Release Repository</strong></p> +<p>You can add a release repository URL for your release. To add a release repository:</p> +<ol> +<li> +<p>Select the <strong>Repository Type</strong> from the drop-down list.</p> +</li> +<li> +<p>Enter the <strong>Repository URL</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Releaserepository.png" alt=""></br></p> +</li> +</ol> +<h4 id="b-linked-releases"><strong>B. Linked Releases</strong></h4> +<p>To add linked releases to your release, click on linked releases. For more information, refer to <a href="1.ProjectPage.md/#b-linking-releases">B. Linking Releases</a>.</p> +<p>Click on <strong>Create Release</strong> to add more information for this release.</p> +<h4 id="c-clearing-details"><strong>C. Clearing Details</strong></h4> +<p>Clearing details contains important information that are required for the license clearing activities. This information is useful for the reuse of license clearing results. +To add clearing information to your release, click on <strong>Clearing Details</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details.png" alt=""></p> +<ul> +<li>Check the boxes for all applicable clearing details.</li> +<li>Enter the applicable data for <strong>Scanned</strong> and <strong>Clearing Standard</strong>. For e.g., date or specific version of your License Scanner.</li> +<li>Enter <strong>External URL</strong> for the release.</li> +<li>Add <strong>Comments</strong>.</li> +</ul> +<p><strong>Request Information</strong></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details2.png" alt=""></p> +<p>To request more information regarding the release, follow the procedure:</p> +<ul> +<li>Enter <strong>Request ID</strong> and <strong>Additional request Info</strong>.</li> +<li>Set <strong>Evaluation Start</strong> and <strong>Evaluation End</strong> date.</li> +</ul> +<p><strong>Supplemental Information</strong></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_Clearing_Details3.png" alt=""></p> +<p>You can enter internal supplier ID and number of security vulnerabilities for your release. To add this information.</p> +<ul> +<li>Enter <strong>External Supplier Id</strong> and the count of <strong>Vulnerabilities</strong>.</li> +</ul> +<h4 id="d-ecc-details"><strong>D. ECC Details</strong></h4> +<p><code>NOTE: ECC DETAILS ARE SET AUTOMATICALLY FOR OSS RELEASES.</code></p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Release_ECC_Details.png" alt=""></p> +<p>To enter ECC details for a release click on <strong>ECC Details</strong>.</p> +<ul> +<li>Select the <strong>ECC Status</strong> from the drop-down list. +<ul> +<li>Open</li> +<li>In progress</li> +<li>Approved</li> +<li>Rejected</li> +</ul> +</li> +<li>Add <strong>ECC Comment</strong>, if required.</li> +<li>Enter <strong>Ausfuhrliste</strong>, this is a German ECC number.</li> +<li>Enter <strong>ECCN</strong> and <strong>Material Index Number</strong>.</li> +<li><strong>Assessor Contact Person</strong>, <strong>Assessor Department</strong> and <strong>Assessment date</strong> will be set automatically.</li> +</ul> +<h4 id="e-attachments"><strong>E. Attachments</strong></h4> +<p>You can add or modify the attachments to your release. To add attachments, click on <strong>Attachments</strong> on the left. For more information on how to add attachments to the release, refer to <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</p> +<h2 id="heading"></h2> +<p>After entering all the release information, click on <strong>Update Release</strong>.</p> +<p>To delete the release, click on <strong>Delete Release</strong>.</p> +<p>If you do not want to create a release, click on <strong>Cancel</strong>.</p> +<h2 id="205-edit-component">2.05 Edit Component</h2> +<ol> +<li>Search for the components you want to edit or navigate from the component list.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column. You can also edit a component by clicking on the component and then clicking on <strong>Edit Component</strong>.</li> +<li>You can view summary, releases, and attachment information of the component.</li> +<li>Click on <strong>Summary</strong> to edit component summary information. For more information on the fields to edit, refer to <a href="#1-summary">1. Summary</a>.</li> +<li>Click on <strong>Releases</strong> to view all the releases that are linked to the component. If you want to add more releases to the component click on <strong>Add Releases</strong> at the bottom of the list. For more information on how to add a release, refer to <a href="#2-releases">2. Releases</a>.</li> +<li>Click on <strong>Attachments</strong> to view all the attachments that are linked to the component. If you want to add more attachments to the components, refer to paragraph 4 of <a href="1.ProjectPage.md/#106-edit-project">1.06 Edit project</a>.</li> +<li>To update the new component information, click on <strong>Update Component</strong>.</li> +<li>To delete the component, click on <strong>Delete Component</strong>.</li> +<li>If you do not want to edit the component, click on <strong>Cancel</strong>.</li> +</ol> +<h2 id="206-view-component">2.06 View Component</h2> +<p>To open a view mode for a component:</p> +<ol> +<li>Search for the components you want to edit or navigate from the component list.</li> +<li>Click on the component name.</li> +<li>You are now in view mode of the component, and you can view all the details of the components like summary, release overview, attachments, vulnerabilities and change logs.</li> +<li>You can edit a component, Merge a component, Split a component, Subscribe to a component in this mode.</li> +</ol> +<h3 id="a-merge"><strong>A. Merge</strong></h3> +<p>This functionality is used when there is a duplication of components, and this functionality helps us to combine all the duplicates into one single component. +To merge a component with another, click on <strong>Merge</strong>. This action will redirect you to another page where you can:</p> +<ol> +<li>Choose the from the list of components that should be merged into the current one.</li> +<li>Merge the data from the source into the target component.</li> +<li>Check the merged component and confirm the merge.</li> +</ol> +<h3 id="b-split"><strong>B. Split</strong></h3> +<p>This functionality is used when we want to copy the information from a component. This is a shortcut to create a component and change aspects like version or release instead of creating a new one entirely.</p> +<p>To Split a component, click on <strong>Split</strong>. This action will redirect you to another page where you can:</p> +<ol> +<li>Choose a target component into which the current component needs to split.</li> +<li>Split the data from current component to the target component.</li> +<li>Check the split version of the component and confirm the split.</li> +</ol> +<h3 id="c-subscribe"><strong>C. Subscribe</strong></h3> +<p>You can <strong>Subscribe</strong> to a component to get notified with emails when any changes are made to the component.</p> +<p>To not get notified for a particular component, click <strong>Unsubscribe</strong>.</p> +<h3 id="d-view-component-information"><strong>D. View Component Information</strong></h3> +<p>You can view component information by navigating the navigation tree.</p> +<ol> +<li>To view component summary, click on <strong>Summary</strong>. To edit summary information for the component, refer to <a href="#205-edit-component">2.05 Edit Component</a>.</li> +<li>Click on <strong>Release Overview</strong> to view all the releases for the component. To edit details for any of the linked releases click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Edit_Pen.png" alt=""> from the actions column, this will redirect you to a release view page where you can view the following: -<ul> -<li>Release Summary</li> -<li>Linked Releases</li> -<li>Clearing Details</li> -<li>ECC details</li> -<li>Attachments</li> -<li>Vulnerabilities</li> -<li>Change Log</li> -</ul> -</li> -</ol> -<p>For more information on these sections, refer to <a href="#2-releases">2. Releases</a>.</p> -<h4 id="clearing-details"><strong>Clearing Details</strong></h4> -<p>You can view the following clearing information for the release in view mode:</p> -<ul> -<li>SPDX Attachments</li> -<li>Assessment Summary info</li> -</ul> -<p><strong>SPDX Attachments</strong></p> -<p>SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png" alt=""></p> -<ul> -<li>Click on <strong>Show license info</strong> to view main license Ids and Other license ids.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png" alt=""></p> -<ul> -<li>If you want to add this data to the current release, click on <strong>Add data to this release</strong>.</li> -</ul> -<p><strong>Assessment Summary Info</strong></p> -<p>You can view if the clearing expert has added any summary in the clearing report.</p> -<ul> -<li>To view the summary, click on <strong>Show Assessment Summary info</strong>.</li> -<li>If there are multiple approved releases, this section will display text &ldquo;<strong>multiple approved CLI found in release</strong>&rdquo;.</li> -</ul> -<h4 id="vulnerabilities"><strong>Vulnerabilities</strong></h4> -<p>All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png" alt=""></p> -<ol> -<li>Click on <strong>Vulnerability</strong> on the left to view all the linked vulnerabilities for this release/component.</li> -<li>You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.</li> -<li>To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.</li> -</ol> -<h4 id="change-log"><strong>Change Log</strong></h4> -<p>You can see all the changes that are done for the release/component in change log section.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png" alt=""></p> -<ol> -<li>To view all the changes done for the release click on <strong>Change Log</strong>.</li> -<li>You can now view change date, change log id, change type and user.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog1.png" alt=""> to view all the changes done for a change log id.</li> -<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog2.png" alt=""> to view the moderation request details for a change log id.</li> -</ol> -<h2 id="207-import-spdx-bom">2.07 Import SPDX BOM</h2> -<p>For more information on importing SBOM, refer to <a href="1.ProjectPage.md/#105-import-sbom">1.05 Import SBOM</a>.</p> -<h2 id="208-export-spreadsheet">2.08 Export Spreadsheet</h2> -<p>For more information on exporting spreadsheet, refer to <a href="1.ProjectPage.md/#113-export-spreadsheet">1.13 Export Spreadsheet</a>.</p> - - - - - - Docs: Licenses - https://www.eclipse.org/sw360/docs/userguide/licenses/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/licenses/ - - - - <h1 id="30-licenses">3.0 Licenses</h1> -<h2 id="31-introduction">3.1 Introduction</h2> -<p>A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.</p> -<p>To open the License page, click on the <strong>License tab</strong> from the main menu bar. You can also add licenses in this page.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/License_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#32-quick-filter">Quick Filter</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#34-add-license">Add License</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="1.%20ProjectPage.pdf">Export Spreadsheet, refer to Project Page</a></td> -</tr> -<tr> -<td style="text-align:center">4</td> -<td style="text-align:left"><a href="#33-license-list">License List</a></td> -</tr> -</tbody> -</table> -<h2 id="32-quick-filter">3.2 Quick Filter</h2> -<p>You can use the Quick Filter to search for a License. To search for a particular license, use the type field.</p> -<h2 id="33-license-list">3.3 License List</h2> -<p>On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:</p> -<ul> -<li> -<p><strong>License Shortname</strong>: Short name given for the license.</p> -</li> -<li> -<p><strong>License Fullname</strong>: Full name given for the license.</p> -</li> -<li> -<p><strong>Is checked</strong>: This column indicates if the license is checked or unchecked.</p> -<table> -<thead> -<tr> -<th>Symbol</th> -<th style="text-align:center">Status</th> -<th></th> -</tr> -</thead> -<tbody> -<tr> -<td> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Checked.png"/> -</figure> -</td> -<td style="text-align:center">Checked</td> -<td></td> -</tr> -<tr> -<td> -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Unchecked.png"/> -</figure> -</td> -<td style="text-align:center">Unchecked</td> -<td></td> -</tr> -</tbody> -</table> -</li> -<li> -<p><strong>License Type</strong>: Type of the License.</p> -</li> -</ul> -<p><strong>NOTE: CLICK ON <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> -<h2 id="34-add-license">3.4 Add License</h2> -<p>To add a new License, click on <strong>Add License</strong> on the license page, which redirects you to another page -where you can add License details.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Create_License.png" alt=""></p> -<ol> -<li>Enter <strong>Full Name</strong> of the license you want to add.</li> -<li>You can select if the license has an OSI (Open Source Initiative) approval. Select the values for <strong>OSI Approved?</strong> from the drop-down list. -<ul> -<li>n/a: Not applicable</li> -<li>Yes</li> -</ul> -</li> -<li>Enter the <strong>License Text</strong>.</li> -<li>Enter <strong>Short Name</strong> for the license.</li> -<li>You can select if the license is an FSF (Free Software Foundation) license. Select the values for <strong>FSF Free/Libre</strong> from the drop-down list. -<ul> -<li>n/a: Not applicable</li> -<li>Yes</li> -</ul> -</li> -<li>Check the box if the license is checked.</li> -<li>Select the <strong>License Type</strong> from the drop-down list.</li> -<li>Click on <strong>Create License</strong> to create a new license</li> -<li>If you do not want to add a license at any point of time, click on <strong>Cancel</strong>.</li> -</ol> -<h2 id="35-view-license">3.5 View License</h2> -<p>To open a view mode for a license:</p> -<ol> -<li> -<p>Search for the License you want to view or navigate from the License list. Click on the License Shortname.</p> -</li> -<li> -<p>You are now in view mode of the license, and you can view all the details of the license like:</p> -<ul> -<li>License Details</li> -<li>License Text</li> -<li>Obligation</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/View_License.png" alt=""></p> -</li> -</ol> -<h2 id="36-edit-license">3.6 Edit License</h2> -<p>The <strong>Edit License</strong> option is used to modify license details for existing licenses. To edit a license, follow the below procedure:</p> -<ol> -<li> -<p>Search for the license you want to view or navigate from the License list. Click on the License Shortname.</p> -</li> -<li> -<p>You are now in view mode of the license, click on <strong>Edit License</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Edit_License.png" alt=""></p> -</li> -<li> -<p>Modify License Details as required. For more information on the fields, refer to <a href="#34-add-license">3.4 Add License</a>.</p> -</li> -<li> -<p>You can also add license obligations in this view. To add License obligations, click on Linked Obligations.</p> -</li> -<li> -<p>Click on <strong>Add Obligation</strong>, a dialogue box will appear with a list of all the obligations that are available in SW360.</p> -</li> -<li> -<p>Use the search field to select the required obligation and click <strong>Add</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png" alt=""></p> -</li> -<li> -<p>To delete an obligation that is already linked, click <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> -</li> -<li> -<p>If you do not want to make changes to the license at any point of time, click on <strong>Cancel</strong>.</p> -</li> -<li> -<p>If you want to delete the license, click on <strong>Delete License</strong>.</p> -</li> -</ol> - - - - - - Docs: Requests - https://www.eclipse.org/sw360/docs/userguide/requests/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/requests/ - - - - <h1 id="6-requests">6. Requests</h1> -<p>Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:</p> -<ol> -<li>Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page. </br> -<ul> -<li>My Task Assignments: Moderation requests that are pending for your approval.</li> -<li>My Task Submissions: Moderation requests that are created by you.</li> -</ul> -</li> -<li>Clearing Request: For more information on clearing requests, refer to <a href="1.%20ProjectPage.pdf">1.12 Clearing Requests, Project Page</a>.</li> -</ol> -<p>To open the Requests page, click on the <strong>Requests tab</strong> from the main menu.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Request_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#61-moderation-requests">Moderation Requests</a> or <a href="#62-clearing-request">Clearing Requests</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#1-search-moderation-requests">Search Moderation Requests</a> or <a href="#2-search-clearing-requests">Search Clearing Request</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#1-moderation-request-list">Moderation Request List</a> or <a href="#1-clearing-requests-list">Clearing Request List</a></td> -</tr> -</tbody> -</table> -<h2 id="61-moderation-requests">6.1 Moderation Requests</h2> -<h3 id="1-moderation-request-list">1. Moderation Request list</h3> -<p>Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. -Moderation requests are further categorized into two types:</p> -<ul> -<li><strong>Open Moderation Requests</strong>: The moderation requests which are pending for approval. To view the list of open requests, click <strong>Open Moderation Requests</strong>.</li> -<li><strong>Closed Moderation Requests</strong>: The moderation requests which are approved. To view the list of closed requests, click <strong>Closed Moderation Requests</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png" alt=""></p> -<p>The moderation requests are listed with the following information:</p> -<ul> -<li><strong>Date</strong>: Date of the creation of the request.</li> -<li><strong>Type</strong>: The document type for the moderation request created.</li> -<li><strong>Document Name</strong>: Name of the document (Project/Component/Release).</li> -<li><strong>Requesting User</strong>: Email Id of the user who created the moderation request.</li> -<li><strong>Department</strong>: Department of the requesting user.</li> -<li><strong>Moderators</strong>: List of the moderators for that project/component/release.</li> -<li><strong>State</strong>: State (In Progress/Pending/Approved/Rejected) of the moderation request.</li> -<li><strong>Actions</strong></li> -</ul> -<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> -<h3 id="1-search-moderation-requests">1. Search Moderation Requests</h3> -<ol> -<li>Search with <strong>Date</strong> the request was created.</li> -<li>Search the request with the document <strong>Type</strong> and select from the drop-down list. -<ul> -<li>OSS</li> -<li>COTS</li> -<li>Internal</li> -<li>Inner Source</li> -<li>Service</li> -<li>Freeware</li> -<li>Code Snippet</li> -</ul> -</li> -<li>Search the request with <strong>Document Name</strong>.</li> -<li>Search the request with <strong>Requesting User</strong>.</li> -<li>Search the request with <strong>Department</strong>.</li> -<li>Search the request with <strong>State</strong> and select from the drop-down list. -<ul> -<li>Approved</li> -<li>Pending</li> -<li>Rejected</li> -<li>In Progress</li> -</ul> -</li> -</ol> -<h3 id="3-edit-moderation-requests">3. Edit Moderation Requests</h3> -<p>To edit a moderation request, click on <strong>Open Moderation Request / Closed Moderation Request</strong> on the request page.</p> -<ol> -<li> -<p>Search for the request you want to edit or navigate from the request list.</p> -</li> -<li> -<p>Click on the request you want to edit. You will now be redirected to another page with details of the request.</p> -</li> -<li> -<p>You can view the following moderation request information:</p> -<ul> -<li>Requesting user</li> -<li>Submitted on</li> -<li>Comment from the requested user</li> -<li>Status of the request</li> -<li>Moderator assigned</li> -<li>Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png" alt=""></p> -</li> -<li> -<p>Click on <strong>Proposed Changes</strong> to view:</p> -<ul> -<li>Field name the changes are requested for</li> -<li>Current Value of the field</li> -<li>Former Value of the field</li> -<li>Suggested Value for the field</li> -<li>Attachments, if added</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png" alt=""></p> -</li> -<li> -<p>To preview the current document, click on <strong>Current Release/Current Project</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png" alt=""></p> -</li> -<li> -<p>To accept the changes of the moderation request, click on <strong>Accept Request</strong>.</p> -</li> -<li> -<p>To reject changes for the moderation request, click on <strong>Decline Request</strong>.</p> -</li> -<li> -<p>To postpone a moderation request, click on <strong>Postpone request</strong>.</p> -</li> -<li> -<p>If you do not want to be a moderator for this request, click on <strong>Remove Me from Moderators</strong>.</p> -</li> -<li> -<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> -</li> -</ol> -<h2 id="62-clearing-request">6.2 Clearing Request</h2> -<h3 id="1-clearing-requests-list">1. Clearing Requests list</h3> -<p>Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.</p> -<ul> -<li><strong>Open Clearing Requests</strong>: The clearing requests which are pending approval. To view the list of open requests, click <strong>Open Clearing Requests</strong>.</li> -<li><strong>Closed Clearing Requests</strong>: The clearing requests which are approved. To view the list of closed requests, click <strong>Closed Clearing Requests</strong>.</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png" alt=""></p> -<p>The clearing requests are listed with the following information:</p> -<ul> -<li><strong>Request Id</strong>: Request ID number of the clearing request.</li> -<li><strong>BA/BL Group</strong>:</li> -<li><strong>Project</strong>: Name of the project the clearing request belongs to.</li> -<li><strong>Status</strong>: Status of the clearing request, rejected or closed.</li> -<li><strong>Requesting User</strong>: Username of the user who created the clearing request.</li> -<li><strong>Clearing Team</strong>: Person responsible for the approval of the clearing request.</li> -<li><strong>Created on</strong>: Creation date of the clearing request.</li> -<li><strong>Preferred Clearing Date</strong>: The proposed date of completion of clearing request.</li> -<li><strong>Agreed Clearing Date</strong>: The agreed date of completion for clearing request.</li> -<li><strong>Request Closed on</strong>: The actual date the clearing request is closed.</li> -<li><strong>Clearing Progress</strong> (Only applicable for open clearing requests)</li> -<li><strong>Actions</strong>: Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png" alt=""> to edit the clearing request.</li> -</ul> -<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> -<h3 id="2-search-clearing-requests">2. Search Clearing Requests:</h3> -<ol> -<li>Search the request with <strong>Select date type and range</strong>.</li> -<li>Search the request with <strong>Priority</strong> and select from the drop-down list. -<ul> -<li>Low</li> -<li>Medium</li> -<li>High</li> -<li>Critical</li> -</ul> -</li> -<li>Search the request with <strong>BA BL group</strong>.</li> -<li>Search the request with <strong>Status</strong> and select from the drop-down list. -<ul> -<li>New</li> -<li>Accepted</li> -<li>In Queue</li> -<li>In Progress</li> -<li>Awaiting Response</li> -</ul> -</li> -</ol> -<h3 id="3-edit-clearing-requests">3. Edit Clearing Requests</h3> -<p>To edit a clearing request, click on <strong>Open Clearing Request / Closed Clearing Request</strong> on the request page.</p> -<ol> -<li> -<p>Search for the request you want to edit or navigate from the request list.</p> -</li> -<li> -<p>You can also use <strong>Quick Filter</strong> to search for a request.</p> -</li> -<li> -<p>Click on the request you want to edit, this will redirect you to another page with details of the request.</p> -</li> -<li> -<p>To modify the clearing request, click on <strong>Edit Request</strong>.</p> -</li> -<li> -<p>You can view the following <strong>clearing request information for the project</strong>:</p> -<ul> -<li>Requesting User</li> -<li>Created On</li> -<li>Preferred Clearing Date</li> -<li>Business Area/Line</li> -<li>Requester Comment</li> -<li>Clearing</li> -<li>Request Status: You can modify the request status as required. Select the required value from the drop-down list. -<ul> -<li>New</li> -<li>Accepted</li> -<li>Rejected</li> -<li>In Queue</li> -<li>In Progress</li> -<li>Closed</li> -<li>Awaiting Response</li> -</ul> -</li> -<li>Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. -<ul> -<li>Low: Clearing date is greater than 4 weeks</li> -<li>Medium: Clearing time is less than 2-4 weeks</li> -<li>High: Clearing time is less than 2 weeks</li> -<li>Critical: Clearing time is less than 1 week<br> -<code> NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.</code></li> -</ul> -</li> -<li>Clearing team: Click on the field to select the <strong>Clearing Team</strong> for the request. This opens a dialogue box, search and select the clearing expert and click on <strong>Select Users</strong>.</li> -<li>Agreed Clearing Date: Click on the field to set the clearing date</li> -<li>Last Updated on</li> -</ul> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png" alt=""></p> -</li> -<li> -<p>Click on <strong>Clearing request comments</strong> to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click <strong>Add Comment</strong>.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png" alt=""></p> -</li> -<li> -<p>After making the changes, click on <strong>Update Request</strong>.</p> -</li> -<li> -<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> -</li> -</ol> - - - - - - Docs: Search - https://www.eclipse.org/sw360/docs/userguide/search/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/search/ - - - - <h1 id="7-search">7. Search</h1> -<p>On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Search_Page.png" alt=""></p> -<p>To search for a particular (object), click on Search tab and follow the procedure:</p> -<ol> -<li>Type the <strong>keyword</strong> in the text field.</li> -<li>The checkbox in <strong>Restrict To Type</strong> allows you to further restrict your search to a specific (object), you can choose to restrict the <strong>type</strong> to projects, components, licenses etc.</li> -<li>Click on <strong>Search</strong> to get the search results</li> -<li>Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.</li> -</ol> -<h3 id="wildcards">Wildcards</h3> -<p>The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use &lsquo;?&rsquo; and for multiple character wildcard he can use &lsquo;*&rsquo;. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.</p> - - - - - - Docs: Preferences - https://www.eclipse.org/sw360/docs/userguide/preferrences/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/preferrences/ - - - - <h1 id="8-preferences">8. Preferences</h1> -<p>The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. -To open the Preferences page, click on the <strong>Preference</strong> tab from the main menu.</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png" alt=""></p> -<table> -<thead> -<tr> -<th style="text-align:center">Sl.No.</th> -<th style="text-align:left">Description</th> -</tr> -</thead> -<tbody> -<tr> -<td style="text-align:center">1</td> -<td style="text-align:left"><a href="#82-email-notification-preferences">Email Notification Preferences</a></td> -</tr> -<tr> -<td style="text-align:center">2</td> -<td style="text-align:left"><a href="#81-sw360-user-information">SW360 User Information</a></td> -</tr> -<tr> -<td style="text-align:center">3</td> -<td style="text-align:left"><a href="#83-rest-api-tokens">REST API Token </a></td> -</tr> -</tbody> -</table> -<h2 id="81-sw360-user-information">8.1 SW360 User Information</h2> -<p>On the <strong>SW360 User</strong> section you can view the following information:</p> -<ul> -<li><strong>Name</strong></li> -<li><strong>E-mail</strong></li> -<li><strong>Primary Department</strong></li> -<li><strong>External ID</strong>: This is your organization ID.</li> -<li><strong>Primary Department Role</strong>: This is the role you are assigned in SW360.</li> -<li><strong>Secondary Departments and Roles</strong>: Any other roles which are assigned.</li> -</ul> -<h2 id="82-email-notification-preferences">8.2 Email Notification preferences</h2> -<p>To modify your email notifications, follow the procedure:</p> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png" alt=""></p> -<ol> -<li>Check the <strong>Enable E-mail notifications</strong> box which activates Email notifications.</li> -<li>Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the <strong>Project</strong> section. This section will display an expanded view of the available roles.</li> -<li>Select the roles that you want to be notified.</li> -<li>You can repeat the above procedure for other sections, i.e., <strong>Component</strong>, <strong>Release</strong>, <strong>Moderation</strong> and, <strong>Clearing</strong>.</li> -<li>Click on <strong>Update Settings</strong> to update the changes done.</li> -</ol> -<h2 id="83-rest-api-tokens">8.3 REST API Tokens</h2> -<p>REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.</p> -<p>You can generate a REST API token for read access, by following the procedure:</p> -<ol> -<li>Enter a token <strong>Name</strong>.</li> -<li>Check the <strong>Authorities</strong> box if you wish to give read access.</li> -<li>Set an <strong>Expiration Date</strong> for the token.</li> -<li>Click on <strong>Generate Token</strong>.</li> -</ol> -<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png" alt=""></p> - - - - - - Docs: SW360 User Frequently Asked Questions - https://www.eclipse.org/sw360/docs/userguide/faq/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/faq/ - - - - <h5 id="q-who-should-be-listed-as-moderator"><strong>Q</strong>: Who should be listed as Moderator?</h5> -<p><strong>A</strong>: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role &lsquo;Software Clearing Site Representative&rsquo;.</p> -<h5 id="q-who-should-be-listed-as-contributor"><strong>Q</strong>: Who should be listed as Contributor?</h5> -<p><strong>A</strong>: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.</p> -<h5 id="q-i-have-changed-a-project-component-release-or-attachment-but-sw360-does-not-show-the-changes"><strong>Q</strong>: I have changed a project, component, release or attachment, but SW360 does not show the changes?</h5> -<p><strong>A</strong>: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called &lsquo;Moderation Request&rsquo; is generated. A Moderator needs to approve your changes. Go to the Home view an check the box &lsquo;My Task Submissions&rsquo;, the project, component, or release should be listed there.</p> -<h5 id="q-what-should-i-enter-in-the-field-visibility"><strong>Q</strong>: What should I enter in the field &lsquo;Visibility&rsquo;.</h5> -<p><strong>A</strong>: Visibility controls which group of people is allowed to see a project. The default setting is &lsquo;Everyone&rsquo;, i.e. everyone within an organisation can see the project and all its releases.</p> -<h5 id="q-how-can-i-change-the-clearing-state-of-a-release"><strong>Q</strong>: How can I change the &lsquo;Clearing State&rsquo; of a release?</h5> -<p><strong>A</strong>: There is no direct way to do it. If there is no clearing report available, the clearing state will be &lsquo;New&rsquo;. If a clearing report available it will be &lsquo;Clearing report available&rsquo;. If at least one clearing report has been approved, the clearing state will be &lsquo;Approved&rsquo;.</p> -<h5 id="q-i-cant-find-a-specific-release-inside-my-project--what-can-i-do"><strong>Q</strong>: I can&rsquo;t find a specific release inside my project – what can I do?</h5> -<p><strong>A</strong>: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.</p> -<h5 id="q-i-cant-delete-my-component-called-toms-test-component"><strong>Q</strong>: I can&rsquo;t delete my component called &lsquo;Tom&rsquo;s Test Component&rsquo;.</h5> -<p><strong>A</strong>: Do not use special characters like single or double quotes. To be able to delete such a component or release you&rsquo;ll first have to rename it…</p> -<h5 id="q-what-is-copyleft-effect"><strong>Q</strong>: What is Copyleft Effect?</h5> -<p><strong>A</strong>: <strong>Copyleft</strong> effect is the reverse idea of <strong>copyright</strong>. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that <strong>modified software</strong> must also be free and becomes available to the community.</p> -<h5 id="q-different-classification-of-the-open-source-licenses"><strong>Q</strong>: Different Classification of the Open Source Licenses.</h5> -<p><strong>A</strong>: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:</p> -<table> -<thead> -<tr> -<th></th> -<th>License Class</th> -<th>License Name(s)</th> -<th>Risks</th> -<th>Obligations</th> -</tr> -</thead> -<tbody> -<tr> -<td><span style="color:white;font-size:2em;">⚫</span></td> -<td><strong>White Licenses</strong></td> -<td>MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)</td> -<td><strong>low risk</strong></td> -<td>Mostly standard obligations: display license text, display copyrights</td> -</tr> -<tr> -<td><span style="color:yellow;font-size:2em;">⚫</span></td> -<td><strong>Yellow Licenses</strong></td> -<td>CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL</td> -<td><strong>medium risk</strong> - because of non-standard obligtions in some cases</td> -<td>Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses</td> -</tr> -<tr> -<td><span style="color:red;font-size:2em;">⚫</span></td> -<td><strong>Red Licenses</strong></td> -<td>GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL</td> -<td><strong>check before use</strong> some special obligation which might be not in line with your lans</td> -<td>Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used</td> -</tr> -<tr> -<td><span style="color:red;font-size:2em;">⚫</span></td> -<td><strong>Red Licenses</strong></td> -<td>SleepyCat, Aladdin Free Public License; Berkeley DB licenses</td> -<td><strong>really check before use</strong> because of nearly unlimited copy left effect</td> -<td>Before thinking about components licensed under these license, get in contact with your software licensing experts!</td> -</tr> -</tbody> -</table> - - - - - - Docs: Dependency Network Feature - https://www.eclipse.org/sw360/docs/userguide/dependency_network/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/dependency_network/ - - - - <h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> -<p>To use this function, please:</p> -<ol> -<li> -<p>Build the source code and deploy.</p> -</li> -<li> -<p>Add config <strong>enable.flexible.project.release.relationship=true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> -</li> -</ol> -<p>The following changes will work when <strong>enable.flexible.project.release.relationship=true</strong> only.</p> -<ol start="3"> -<li>Use the migration script (<strong>056_migrate_project_dependency_network.py</strong>) we provided to mograte the database.</li> -</ol> -<p>Before you run the script, please change two places in the script:</p> -<p>(1) Line 30: <code>DRY_RUN = True</code> -&gt; <code>DRY_RUN = False</code></p> -<p>(2) Line 32: <code>COUCHSERVER = 'http://localhost:5984/'</code> -&gt; <code>COUCHSERVER = 'http://admin:password@localhost:5984/'</code></p> -<p><code>admin</code> and <code>password</code> should be your username and password for CouchDB.</p> -<h1 id="1-introduction"><strong>1. Introduction</strong></h1> -<p>The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.</p> -<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> -<p>This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. -Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.</p> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png"/> -</figure> - -<h2 id="21-the-changes-of-edit-project-gui"><strong>2.1. The changes of edit project GUI</strong></h2> -<p>In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:</p> -<h4 id="a-modify-the-add-releases-button-this-button-will-add-a-direct-dependency-release-in-the-dependency-graph-of-this-project"><strong>a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png"/> -</figure> - -<h4 id="b-a-new-icon-button-to-add-a-dependency-release-to-another-dependency-release-in-the-dependency-graph-note-that-this-dependency-added-is-seen-as-the-transitive-dependency-of-this-project"><strong>b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png"/> -</figure> - -<h4 id="c-a-new-icon-button-to-load-the-default-dependency-graph-of-a-dependency-release-by-importing-the-dependency-information-stored-on-the-component-page-note-that-this-button-will-load-all-dependencies-both-direct-and-transitive-ones-of-the-corresponding-dependency-release"><strong>c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png"/> -</figure> - -<h4 id="d-the-combo-box-allows-the-user-to-modify-the-version-of-a-dependency"><strong>d. The combo box allows the user to modify the version of a dependency.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Select_version_box.png"/> -</figure> - -<h4 id="e-the-check-dependency-network-button-will-compare-and-show-the-different-dependency-information-which-is-not-consistent-with-the-default-one-stored-on-the-component-page-by-highlighting-them-the-inconsistency-usually-happens-after-users-modified-the-dependency-graph-or-imported-an-old-project"><strong>e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.</strong></h4> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png"/> -</figure> - -<h2 id="23-rest-api-changes"><strong>2.3 Rest API changes</strong></h2> -<h3 id="new-rest-apis">New Rest APIs</h3> -<p><strong>a. 3.3.35. Get a single project with dependencies network</strong></p> -<p>The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):</p> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> &#34;name&#34; : &#34;Emerald Web&#34;, -</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;6a8250852362462095c57535294039e4&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;TO_BE_REPLACED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;PHASEOUT&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>b. 3.3.36. Creating a project with dependencies network</strong></p> -<p>If the <strong>dependencyNetwork</strong> field is included in the request body, a dependency network will be registered for the project.</p> -<ul> -<li>Simple example request (modify releaseIds to the existing release ids in sw360):</li> -</ul> -<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ -</span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;TestProject1&#34;, -</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> }, -</span></span><span style="display:flex;"><span> { -</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, -</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], -</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, -</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, -</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, -</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, -</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; -</span></span><span style="display:flex;"><span> } -</span></span><span style="display:flex;"><span> ] -</span></span><span style="display:flex;"><span>} -</span></span></code></pre></div><p><strong>c. 3.3.37. Update a project with dependencies network</strong></p> -<p>Same request body as &ldquo;Creating a project with dependencies network&rdquo;.</p> - - - - - - Docs: SPDX Document - https://www.eclipse.org/sw360/docs/userguide/spdx_document/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/spdx_document/ - - - - <h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> -<p>To use this function, please:</p> -<ol> -<li> -<p>Build the source code and deploy.</p> -</li> -<li> -<p>Add config <strong>spdx.document.enabled = true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> -</li> -</ol> -<p>The following changes will work when <strong>spdx.document.enabled = true</strong> only.</p> -<h1 id="1-introduction"><strong>1. Introduction</strong></h1> -<p>SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations</p> -<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> -<p><strong>1. File Test Import</strong>: <a href="https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf">https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf</a></p> -<p><strong>2. Import SPDX in Page Component</strong></p> -<h4 id="import">Import</h4> -<ul> -<li>Support RDF/XML, SPDX.</li> -<li>Import all Packages in the SPDX file (main package and dependent packages)</li> -<li>Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported)</li> -</ul> -<h4 id="steps">Steps</h4> -<ol> -<li>Go to component page</li> -<li>Click &ldquo;Import SPDX BOM&rdquo; button</li> -<li>Upload SPDXRdfExample-v2.3.spdx.rdf</li> -</ol> -<h4 id="validate">Validate</h4> -<ul> -<li>&ldquo;Apache Commons Lang&rdquo;, &ldquo;glibc&rdquo;, &ldquo;Jena&rdquo; and &ldquo;Saxon&rdquo; components were created</li> -<li>&ldquo;glibc (2.11.1)&rdquo;, &ldquo;Saxon(8.8)&rdquo; and &quot; Jena (3.12.0) &quot; releases were created</li> -<li>Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8)</li> -</ul> -<h4 id="result">Result</h4> -<h5 id="tab-spdx-document---full-page-of-release-glibc2111">Tab SPDX Document - Full Page of Release Glibc(2.11.1)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png"/> -</figure> - -<h5 id="tab-spdx-document---lite-page-of-release-glibc2111">Tab SPDX Document - Lite Page of Release Glibc(2.11.1)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc%282.11.1%29.png"/> -</figure> - -<h5 id="tab-spdx-document----full-page-of-release-jena-3120">Tab SPDX Document - Full Page of Release Jena (3.12.0)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_%283.12.0%29.png"/> -</figure> - -<h5 id="tab-spdx-document---lite-page-of-release--jena-3120">Tab SPDX Document - Lite Page of Release Jena (3.12.0)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_%283.12.0%29.png"/> -</figure> - -<h5 id="tab-spdx-document----full-page-of-release-saxon-88">Tab SPDX Document - Full Page of Release Saxon (8.8)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_%288.8%29.png"/> -</figure> - -<h5 id="tab-spdx-document---lite-page-of-release--saxon-88">Tab SPDX Document - Lite Page of Release Saxon (8.8)</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_%288.8%29.png"/> -</figure> - -<p><strong>3. Feature: Edit , Add tab SPDX Document in Release</strong></p> -<h5 id="edit-tab-spdx-document---full-page">Edit tab SPDX Document - Full Page</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png"/> -</figure> - -<h5 id="edit-tab-spdx-document---lite-page">Edit tab SPDX Document - Lite Page</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png"/> -</figure> - -<h5 id="add-tab-spdx-document">Add tab SPDX Document</h5> - -<figure> - <img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png"/> -</figure> - - - - - - - Docs: SW360 Best Practices - https://www.eclipse.org/sw360/docs/userguide/bestpractices/ - Mon, 01 Jan 0001 00:00:00 +0000 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/ - - - - <h2 id="sw360-usage-and-handling-of-components">SW360 Usage and Handling of Components</h2> -<p>The above mentioned data model has consequences for the usage of SW360:</p> -<ul> -<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> -<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> -<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> -</ul> -<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> -<ul> -<li>Duplicate entries need to be removed</li> -<li>Separating vendor from components names and release tags brings clarity to component naming</li> -<li>Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation</li> -<li>Having the clear modeling of data enables better search and filtering abilities of the component catalogue.</li> -</ul> -<h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> -<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> -<ul> -<li>What is the name of the vendor, the name of the component and what is the release designator?</li> -<li>For the Vendor -<ul> -<li>Does a CPE entry exist? -<ul> -<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> -<li>Use the same writing as found in the CPE dictionary</li> -</ul> -</li> -<li>A CPE does not exist? -<ul> -<li>Who is the copyright holder: an organization? -<ul> -<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> -</ul> -</li> -<li>A person -<ul> -<li>Look at the CPE dictionaries for example</li> -<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> -</ul> -</li> -</ul> -</li> -</ul> -</li> -<li>For a component -<ul> -<li>Again, does a CPE entry exist?</li> -<li>Separate Component name from release designation</li> -</ul> -</li> -<li>For a release -<ul> -<li>Do not repeat the component name</li> -<li>Use the release designation as provided by the software package</li> -<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> -</ul> -</li> -<li>For special cases: -<ul> -<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> -<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> -<li>Consider that leaving items out from a software release is actually a modification</li> -</ul> -</li> -</ul> -<h2 id="how-to-create-vendors">How to Create Vendors</h2> -<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> -<p>There are different cases:</p> -<ol> -<li> -<p>COTS:</p> -<ul> -<li> -<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> -</li> -<li> -<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> -</li> -<li> -<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> -</li> -<li> -<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> -</li> -<li> -<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> -</li> -</ul> -</li> -<li> -<p>Freeware</p> -<ul> -<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> -</ul> -</li> -<li> -<p>OSS:</p> -<ul> -<li> -<p>Community name, e.g. zlib project for zlib.</p> -</li> -<li> -<p>Or the org name of the github orgname or sourceforge group name</p> -</li> -<li> -<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> -</li> -<li> -<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> -</li> -<li> -<p>But eclipse has a github organization anyway, for example</p> -</li> -<li> -<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> -</li> -</ul> -</li> -</ol> -<p>Note that very release has its own vendor. as a consequence:</p> -<ul> -<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> -</ul> - - - - - - +<ul> +<li>Release Summary</li> +<li>Linked Releases</li> +<li>Clearing Details</li> +<li>ECC details</li> +<li>Attachments</li> +<li>Vulnerabilities</li> +<li>Change Log</li> +</ul> +</li> +</ol> +<p>For more information on these sections, refer to <a href="#2-releases">2. Releases</a>.</p> +<h4 id="clearing-details"><strong>Clearing Details</strong></h4> +<p>You can view the following clearing information for the release in view mode:</p> +<ul> +<li>SPDX Attachments</li> +<li>Assessment Summary info</li> +</ul> +<p><strong>SPDX Attachments</strong></p> +<p>SPDX attachments are the clearing reports which are in XML formats. You will need an approved clearing report to use this release.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_SPDX_Attachments_1.png" alt=""></p> +<ul> +<li>Click on <strong>Show license info</strong> to view main license Ids and Other license ids.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/ComponentSPDXattachment2.png" alt=""></p> +<ul> +<li>If you want to add this data to the current release, click on <strong>Add data to this release</strong>.</li> +</ul> +<p><strong>Assessment Summary Info</strong></p> +<p>You can view if the clearing expert has added any summary in the clearing report.</p> +<ul> +<li>To view the summary, click on <strong>Show Assessment Summary info</strong>.</li> +<li>If there are multiple approved releases, this section will display text &ldquo;<strong>multiple approved CLI found in release</strong>&rdquo;.</li> +</ul> +<h4 id="vulnerabilities"><strong>Vulnerabilities</strong></h4> +<p>All the vulnerabilities that are linked to the release/component are listed in the vulnerability section.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_Vulnerability.png" alt=""></p> +<ol> +<li>Click on <strong>Vulnerability</strong> on the left to view all the linked vulnerabilities for this release/component.</li> +<li>You can sort the vulnerabilities by their external ids, priority, matched by, title, verification and actions.</li> +<li>To view more information on the vulnerability, click on the external id of the vulnerability. You will be redirected to another page with all the information about the selected vulnerability.</li> +</ol> +<h4 id="change-log"><strong>Change Log</strong></h4> +<p>You can see all the changes that are done for the release/component in change log section.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Component_ChangeLog.png" alt=""></p> +<ol> +<li>To view all the changes done for the release click on <strong>Change Log</strong>.</li> +<li>You can now view change date, change log id, change type and user.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog1.png" alt=""> to view all the changes done for a change log id.</li> +<li>Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Componentpage/Changelog2.png" alt=""> to view the moderation request details for a change log id.</li> +</ol> +<h2 id="207-import-spdx-bom">2.07 Import SPDX BOM</h2> +<p>For more information on importing SBOM, refer to <a href="1.ProjectPage.md/#105-import-sbom">1.05 Import SBOM</a>.</p> +<h2 id="208-export-spreadsheet">2.08 Export Spreadsheet</h2> +<p>For more information on exporting spreadsheet, refer to <a href="1.ProjectPage.md/#113-export-spreadsheet">1.13 Export Spreadsheet</a>.</p>Docs: Licenseshttps://www.eclipse.org/sw360/docs/userguide/licenses/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/licenses/ +<h1 id="30-licenses">3.0 Licenses</h1> +<h2 id="31-introduction">3.1 Introduction</h2> +<p>A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.</p> +<p>To open the License page, click on the <strong>License tab</strong> from the main menu bar. You can also add licenses in this page.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/License_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#32-quick-filter">Quick Filter</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#34-add-license">Add License</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="1.%20ProjectPage.pdf">Export Spreadsheet, refer to Project Page</a></td> +</tr> +<tr> +<td style="text-align:center">4</td> +<td style="text-align:left"><a href="#33-license-list">License List</a></td> +</tr> +</tbody> +</table> +<h2 id="32-quick-filter">3.2 Quick Filter</h2> +<p>You can use the Quick Filter to search for a License. To search for a particular license, use the type field.</p> +<h2 id="33-license-list">3.3 License List</h2> +<p>On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:</p> +<ul> +<li> +<p><strong>License Shortname</strong>: Short name given for the license.</p> +</li> +<li> +<p><strong>License Fullname</strong>: Full name given for the license.</p> +</li> +<li> +<p><strong>Is checked</strong>: This column indicates if the license is checked or unchecked.</p> +<table> +<thead> +<tr> +<th>Symbol</th> +<th style="text-align:center">Status</th> +<th></th> +</tr> +</thead> +<tbody> +<tr> +<td> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Checked.png"/> +</figure> +</td> +<td style="text-align:center">Checked</td> +<td></td> +</tr> +<tr> +<td> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Unchecked.png"/> +</figure> +</td> +<td style="text-align:center">Unchecked</td> +<td></td> +</tr> +</tbody> +</table> +</li> +<li> +<p><strong>License Type</strong>: Type of the License.</p> +</li> +</ul> +<p><strong>NOTE: CLICK ON <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT LICENSE INFORMATION ALPHABETICALLY.</strong></p> +<h2 id="34-add-license">3.4 Add License</h2> +<p>To add a new License, click on <strong>Add License</strong> on the license page, which redirects you to another page +where you can add License details.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Create_License.png" alt=""></p> +<ol> +<li>Enter <strong>Full Name</strong> of the license you want to add.</li> +<li>You can select if the license has an OSI (Open Source Initiative) approval. Select the values for <strong>OSI Approved?</strong> from the drop-down list. +<ul> +<li>n/a: Not applicable</li> +<li>Yes</li> +</ul> +</li> +<li>Enter the <strong>License Text</strong>.</li> +<li>Enter <strong>Short Name</strong> for the license.</li> +<li>You can select if the license is an FSF (Free Software Foundation) license. Select the values for <strong>FSF Free/Libre</strong> from the drop-down list. +<ul> +<li>n/a: Not applicable</li> +<li>Yes</li> +</ul> +</li> +<li>Check the box if the license is checked.</li> +<li>Select the <strong>License Type</strong> from the drop-down list.</li> +<li>Click on <strong>Create License</strong> to create a new license</li> +<li>If you do not want to add a license at any point of time, click on <strong>Cancel</strong>.</li> +</ol> +<h2 id="35-view-license">3.5 View License</h2> +<p>To open a view mode for a license:</p> +<ol> +<li> +<p>Search for the License you want to view or navigate from the License list. Click on the License Shortname.</p> +</li> +<li> +<p>You are now in view mode of the license, and you can view all the details of the license like:</p> +<ul> +<li>License Details</li> +<li>License Text</li> +<li>Obligation</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/View_License.png" alt=""></p> +</li> +</ol> +<h2 id="36-edit-license">3.6 Edit License</h2> +<p>The <strong>Edit License</strong> option is used to modify license details for existing licenses. To edit a license, follow the below procedure:</p> +<ol> +<li> +<p>Search for the license you want to view or navigate from the License list. Click on the License Shortname.</p> +</li> +<li> +<p>You are now in view mode of the license, click on <strong>Edit License</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Edit_License.png" alt=""></p> +</li> +<li> +<p>Modify License Details as required. For more information on the fields, refer to <a href="#34-add-license">3.4 Add License</a>.</p> +</li> +<li> +<p>You can also add license obligations in this view. To add License obligations, click on Linked Obligations.</p> +</li> +<li> +<p>Click on <strong>Add Obligation</strong>, a dialogue box will appear with a list of all the obligations that are available in SW360.</p> +</li> +<li> +<p>Use the search field to select the required obligation and click <strong>Add</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/LicensePage/Linked_Obligations_2.png" alt=""></p> +</li> +<li> +<p>To delete an obligation that is already linked, click <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Delete_Trash.png" alt="">.</p> +</li> +<li> +<p>If you do not want to make changes to the license at any point of time, click on <strong>Cancel</strong>.</p> +</li> +<li> +<p>If you want to delete the license, click on <strong>Delete License</strong>.</p> +</li> +</ol>Docs: Requestshttps://www.eclipse.org/sw360/docs/userguide/requests/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/requests/ +<h1 id="6-requests">6. Requests</h1> +<p>Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:</p> +<ol> +<li>Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page. </br> +<ul> +<li>My Task Assignments: Moderation requests that are pending for your approval.</li> +<li>My Task Submissions: Moderation requests that are created by you.</li> +</ul> +</li> +<li>Clearing Request: For more information on clearing requests, refer to <a href="1.%20ProjectPage.pdf">1.12 Clearing Requests, Project Page</a>.</li> +</ol> +<p>To open the Requests page, click on the <strong>Requests tab</strong> from the main menu.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Request_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#61-moderation-requests">Moderation Requests</a> or <a href="#62-clearing-request">Clearing Requests</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#1-search-moderation-requests">Search Moderation Requests</a> or <a href="#2-search-clearing-requests">Search Clearing Request</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#1-moderation-request-list">Moderation Request List</a> or <a href="#1-clearing-requests-list">Clearing Request List</a></td> +</tr> +</tbody> +</table> +<h2 id="61-moderation-requests">6.1 Moderation Requests</h2> +<h3 id="1-moderation-request-list">1. Moderation Request list</h3> +<p>Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. +Moderation requests are further categorized into two types:</p> +<ul> +<li><strong>Open Moderation Requests</strong>: The moderation requests which are pending for approval. To view the list of open requests, click <strong>Open Moderation Requests</strong>.</li> +<li><strong>Closed Moderation Requests</strong>: The moderation requests which are approved. To view the list of closed requests, click <strong>Closed Moderation Requests</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Moderation_Requests.png" alt=""></p> +<p>The moderation requests are listed with the following information:</p> +<ul> +<li><strong>Date</strong>: Date of the creation of the request.</li> +<li><strong>Type</strong>: The document type for the moderation request created.</li> +<li><strong>Document Name</strong>: Name of the document (Project/Component/Release).</li> +<li><strong>Requesting User</strong>: Email Id of the user who created the moderation request.</li> +<li><strong>Department</strong>: Department of the requesting user.</li> +<li><strong>Moderators</strong>: List of the moderators for that project/component/release.</li> +<li><strong>State</strong>: State (In Progress/Pending/Approved/Rejected) of the moderation request.</li> +<li><strong>Actions</strong></li> +</ul> +<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> +<h3 id="1-search-moderation-requests">1. Search Moderation Requests</h3> +<ol> +<li>Search with <strong>Date</strong> the request was created.</li> +<li>Search the request with the document <strong>Type</strong> and select from the drop-down list. +<ul> +<li>OSS</li> +<li>COTS</li> +<li>Internal</li> +<li>Inner Source</li> +<li>Service</li> +<li>Freeware</li> +<li>Code Snippet</li> +</ul> +</li> +<li>Search the request with <strong>Document Name</strong>.</li> +<li>Search the request with <strong>Requesting User</strong>.</li> +<li>Search the request with <strong>Department</strong>.</li> +<li>Search the request with <strong>State</strong> and select from the drop-down list. +<ul> +<li>Approved</li> +<li>Pending</li> +<li>Rejected</li> +<li>In Progress</li> +</ul> +</li> +</ol> +<h3 id="3-edit-moderation-requests">3. Edit Moderation Requests</h3> +<p>To edit a moderation request, click on <strong>Open Moderation Request / Closed Moderation Request</strong> on the request page.</p> +<ol> +<li> +<p>Search for the request you want to edit or navigate from the request list.</p> +</li> +<li> +<p>Click on the request you want to edit. You will now be redirected to another page with details of the request.</p> +</li> +<li> +<p>You can view the following moderation request information:</p> +<ul> +<li>Requesting user</li> +<li>Submitted on</li> +<li>Comment from the requested user</li> +<li>Status of the request</li> +<li>Moderator assigned</li> +<li>Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request.png" alt=""></p> +</li> +<li> +<p>Click on <strong>Proposed Changes</strong> to view:</p> +<ul> +<li>Field name the changes are requested for</li> +<li>Current Value of the field</li> +<li>Former Value of the field</li> +<li>Suggested Value for the field</li> +<li>Attachments, if added</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_2.png" alt=""></p> +</li> +<li> +<p>To preview the current document, click on <strong>Current Release/Current Project</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_moderation_request_3.png" alt=""></p> +</li> +<li> +<p>To accept the changes of the moderation request, click on <strong>Accept Request</strong>.</p> +</li> +<li> +<p>To reject changes for the moderation request, click on <strong>Decline Request</strong>.</p> +</li> +<li> +<p>To postpone a moderation request, click on <strong>Postpone request</strong>.</p> +</li> +<li> +<p>If you do not want to be a moderator for this request, click on <strong>Remove Me from Moderators</strong>.</p> +</li> +<li> +<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> +</li> +</ol> +<h2 id="62-clearing-request">6.2 Clearing Request</h2> +<h3 id="1-clearing-requests-list">1. Clearing Requests list</h3> +<p>Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.</p> +<ul> +<li><strong>Open Clearing Requests</strong>: The clearing requests which are pending approval. To view the list of open requests, click <strong>Open Clearing Requests</strong>.</li> +<li><strong>Closed Clearing Requests</strong>: The clearing requests which are approved. To view the list of closed requests, click <strong>Closed Clearing Requests</strong>.</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Clearing_Requests.png" alt=""></p> +<p>The clearing requests are listed with the following information:</p> +<ul> +<li><strong>Request Id</strong>: Request ID number of the clearing request.</li> +<li><strong>BA/BL Group</strong>:</li> +<li><strong>Project</strong>: Name of the project the clearing request belongs to.</li> +<li><strong>Status</strong>: Status of the clearing request, rejected or closed.</li> +<li><strong>Requesting User</strong>: Username of the user who created the clearing request.</li> +<li><strong>Clearing Team</strong>: Person responsible for the approval of the clearing request.</li> +<li><strong>Created on</strong>: Creation date of the clearing request.</li> +<li><strong>Preferred Clearing Date</strong>: The proposed date of completion of clearing request.</li> +<li><strong>Agreed Clearing Date</strong>: The agreed date of completion for clearing request.</li> +<li><strong>Request Closed on</strong>: The actual date the clearing request is closed.</li> +<li><strong>Clearing Progress</strong> (Only applicable for open clearing requests)</li> +<li><strong>Actions</strong>: Click on <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/Edit_Pen.png" alt=""> to edit the clearing request.</li> +</ul> +<p><strong>NOTE: USE <img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Images/SortIcon.png" alt=""> TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.</strong></p> +<h3 id="2-search-clearing-requests">2. Search Clearing Requests:</h3> +<ol> +<li>Search the request with <strong>Select date type and range</strong>.</li> +<li>Search the request with <strong>Priority</strong> and select from the drop-down list. +<ul> +<li>Low</li> +<li>Medium</li> +<li>High</li> +<li>Critical</li> +</ul> +</li> +<li>Search the request with <strong>BA BL group</strong>.</li> +<li>Search the request with <strong>Status</strong> and select from the drop-down list. +<ul> +<li>New</li> +<li>Accepted</li> +<li>In Queue</li> +<li>In Progress</li> +<li>Awaiting Response</li> +</ul> +</li> +</ol> +<h3 id="3-edit-clearing-requests">3. Edit Clearing Requests</h3> +<p>To edit a clearing request, click on <strong>Open Clearing Request / Closed Clearing Request</strong> on the request page.</p> +<ol> +<li> +<p>Search for the request you want to edit or navigate from the request list.</p> +</li> +<li> +<p>You can also use <strong>Quick Filter</strong> to search for a request.</p> +</li> +<li> +<p>Click on the request you want to edit, this will redirect you to another page with details of the request.</p> +</li> +<li> +<p>To modify the clearing request, click on <strong>Edit Request</strong>.</p> +</li> +<li> +<p>You can view the following <strong>clearing request information for the project</strong>:</p> +<ul> +<li>Requesting User</li> +<li>Created On</li> +<li>Preferred Clearing Date</li> +<li>Business Area/Line</li> +<li>Requester Comment</li> +<li>Clearing</li> +<li>Request Status: You can modify the request status as required. Select the required value from the drop-down list. +<ul> +<li>New</li> +<li>Accepted</li> +<li>Rejected</li> +<li>In Queue</li> +<li>In Progress</li> +<li>Closed</li> +<li>Awaiting Response</li> +</ul> +</li> +<li>Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. +<ul> +<li>Low: Clearing date is greater than 4 weeks</li> +<li>Medium: Clearing time is less than 2-4 weeks</li> +<li>High: Clearing time is less than 2 weeks</li> +<li>Critical: Clearing time is less than 1 week<br> +<code> NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.</code></li> +</ul> +</li> +<li>Clearing team: Click on the field to select the <strong>Clearing Team</strong> for the request. This opens a dialogue box, search and select the clearing expert and click on <strong>Select Users</strong>.</li> +<li>Agreed Clearing Date: Click on the field to set the clearing date</li> +<li>Last Updated on</li> +</ul> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_1.png" alt=""></p> +</li> +<li> +<p>Click on <strong>Clearing request comments</strong> to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click <strong>Add Comment</strong>.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Request_Page/Edit_clearing_request_2.png" alt=""></p> +</li> +<li> +<p>After making the changes, click on <strong>Update Request</strong>.</p> +</li> +<li> +<p>If you do not want to make changes at any point of time, click on <strong>Cancel</strong>.</p> +</li> +</ol>Docs: Searchhttps://www.eclipse.org/sw360/docs/userguide/search/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/search/ +<h1 id="7-search">7. Search</h1> +<p>On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Search_Page.png" alt=""></p> +<p>To search for a particular (object), click on Search tab and follow the procedure:</p> +<ol> +<li>Type the <strong>keyword</strong> in the text field.</li> +<li>The checkbox in <strong>Restrict To Type</strong> allows you to further restrict your search to a specific (object), you can choose to restrict the <strong>type</strong> to projects, components, licenses etc.</li> +<li>Click on <strong>Search</strong> to get the search results</li> +<li>Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.</li> +</ol> +<h3 id="wildcards">Wildcards</h3> +<p>The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use &lsquo;?&rsquo; and for multiple character wildcard he can use &lsquo;*&rsquo;. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.</p>Docs: Preferenceshttps://www.eclipse.org/sw360/docs/userguide/preferrences/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/preferrences/ +<h1 id="8-preferences">8. Preferences</h1> +<p>The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. +To open the Preferences page, click on the <strong>Preference</strong> tab from the main menu.</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Preferences_Page.png" alt=""></p> +<table> +<thead> +<tr> +<th style="text-align:center">Sl.No.</th> +<th style="text-align:left">Description</th> +</tr> +</thead> +<tbody> +<tr> +<td style="text-align:center">1</td> +<td style="text-align:left"><a href="#82-email-notification-preferences">Email Notification Preferences</a></td> +</tr> +<tr> +<td style="text-align:center">2</td> +<td style="text-align:left"><a href="#81-sw360-user-information">SW360 User Information</a></td> +</tr> +<tr> +<td style="text-align:center">3</td> +<td style="text-align:left"><a href="#83-rest-api-tokens">REST API Token </a></td> +</tr> +</tbody> +</table> +<h2 id="81-sw360-user-information">8.1 SW360 User Information</h2> +<p>On the <strong>SW360 User</strong> section you can view the following information:</p> +<ul> +<li><strong>Name</strong></li> +<li><strong>E-mail</strong></li> +<li><strong>Primary Department</strong></li> +<li><strong>External ID</strong>: This is your organization ID.</li> +<li><strong>Primary Department Role</strong>: This is the role you are assigned in SW360.</li> +<li><strong>Secondary Departments and Roles</strong>: Any other roles which are assigned.</li> +</ul> +<h2 id="82-email-notification-preferences">8.2 Email Notification preferences</h2> +<p>To modify your email notifications, follow the procedure:</p> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/Edit_email_preferences.png" alt=""></p> +<ol> +<li>Check the <strong>Enable E-mail notifications</strong> box which activates Email notifications.</li> +<li>Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the <strong>Project</strong> section. This section will display an expanded view of the available roles.</li> +<li>Select the roles that you want to be notified.</li> +<li>You can repeat the above procedure for other sections, i.e., <strong>Component</strong>, <strong>Release</strong>, <strong>Moderation</strong> and, <strong>Clearing</strong>.</li> +<li>Click on <strong>Update Settings</strong> to update the changes done.</li> +</ol> +<h2 id="83-rest-api-tokens">8.3 REST API Tokens</h2> +<p>REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.</p> +<p>You can generate a REST API token for read access, by following the procedure:</p> +<ol> +<li>Enter a token <strong>Name</strong>.</li> +<li>Check the <strong>Authorities</strong> box if you wish to give read access.</li> +<li>Set an <strong>Expiration Date</strong> for the token.</li> +<li>Click on <strong>Generate Token</strong>.</li> +</ol> +<p><img src="https://www.eclipse.org/sw360/sw360/img/ImagesBasic/Preferences%20Page/REST_API_TOKENS.png" alt=""></p>Docs: SW360 User Frequently Asked Questionshttps://www.eclipse.org/sw360/docs/userguide/faq/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/faq/ +<h5 id="q-who-should-be-listed-as-moderator"><strong>Q</strong>: Who should be listed as Moderator?</h5> +<p><strong>A</strong>: Moderator are persons who need to review changes done on certain items (project, component, release or attachment) by persons who do not have the user right to actually do these changes. For BT moderators are the persons with the role &lsquo;Software Clearing Site Representative&rsquo;.</p> +<h5 id="q-who-should-be-listed-as-contributor"><strong>Q</strong>: Who should be listed as Contributor?</h5> +<p><strong>A</strong>: By default only the owner (or creator) of an item (project, component, release) is allowed to modify this item. Often it is useful that additional people are allowed to edit an item. These additional people (software architects, developers, additional experts) should get listed as contributors.</p> +<h5 id="q-i-have-changed-a-project-component-release-or-attachment-but-sw360-does-not-show-the-changes"><strong>Q</strong>: I have changed a project, component, release or attachment, but SW360 does not show the changes?</h5> +<p><strong>A</strong>: It might be that you have tried to change something that needs to be review by someone else. In such cases a so called &lsquo;Moderation Request&rsquo; is generated. A Moderator needs to approve your changes. Go to the Home view an check the box &lsquo;My Task Submissions&rsquo;, the project, component, or release should be listed there.</p> +<h5 id="q-what-should-i-enter-in-the-field-visibility"><strong>Q</strong>: What should I enter in the field &lsquo;Visibility&rsquo;.</h5> +<p><strong>A</strong>: Visibility controls which group of people is allowed to see a project. The default setting is &lsquo;Everyone&rsquo;, i.e. everyone within an organisation can see the project and all its releases.</p> +<h5 id="q-how-can-i-change-the-clearing-state-of-a-release"><strong>Q</strong>: How can I change the &lsquo;Clearing State&rsquo; of a release?</h5> +<p><strong>A</strong>: There is no direct way to do it. If there is no clearing report available, the clearing state will be &lsquo;New&rsquo;. If a clearing report available it will be &lsquo;Clearing report available&rsquo;. If at least one clearing report has been approved, the clearing state will be &lsquo;Approved&rsquo;.</p> +<h5 id="q-i-cant-find-a-specific-release-inside-my-project--what-can-i-do"><strong>Q</strong>: I can&rsquo;t find a specific release inside my project – what can I do?</h5> +<p><strong>A</strong>: You can sort each column by clicking on the column name, i.e. you can sort the entries by name, project origin, clearing state, mainline state or project mainline state – normally that helps finding a certain release.</p> +<h5 id="q-i-cant-delete-my-component-called-toms-test-component"><strong>Q</strong>: I can&rsquo;t delete my component called &lsquo;Tom&rsquo;s Test Component&rsquo;.</h5> +<p><strong>A</strong>: Do not use special characters like single or double quotes. To be able to delete such a component or release you&rsquo;ll first have to rename it…</p> +<h5 id="q-what-is-copyleft-effect"><strong>Q</strong>: What is Copyleft Effect?</h5> +<p><strong>A</strong>: <strong>Copyleft</strong> effect is the reverse idea of <strong>copyright</strong>. Goal is that software licensed under such license is always free and can never get a privatised software asset. The user gets the freedom to run, copy, modify and distribute the software, but it is not possible to add any further restrictions. This implies that <strong>modified software</strong> must also be free and becomes available to the community.</p> +<h5 id="q-different-classification-of-the-open-source-licenses"><strong>Q</strong>: Different Classification of the Open Source Licenses.</h5> +<p><strong>A</strong>: There are hundreds of OSS licenses, the following table will give a brief overview about the most common OSS licenses, the risks and the obligations that need to be fulfilled when using them:</p> +<table> +<thead> +<tr> +<th></th> +<th>License Class</th> +<th>License Name(s)</th> +<th>Risks</th> +<th>Obligations</th> +</tr> +</thead> +<tbody> +<tr> +<td><span style="color:white;font-size:2em;">⚫</span></td> +<td><strong>White Licenses</strong></td> +<td>MIT, BSD (except for BSD-4-Clause), BSL-1.0, CPOL-1.02, MsPL, zLib, Apache-1.1, Apache-2.0 (if no code changes are done)</td> +<td><strong>low risk</strong></td> +<td>Mostly standard obligations: display license text, display copyrights</td> +</tr> +<tr> +<td><span style="color:yellow;font-size:2em;">⚫</span></td> +<td><strong>Yellow Licenses</strong></td> +<td>CDDL-1.0, CPL-1.0, EPL-1.0, eCos License, MPL, NPL</td> +<td><strong>medium risk</strong> - because of non-standard obligtions in some cases</td> +<td>Display license text; display copyrights; all changes of the component code must become OSS as well; possible license incompatibility with red licenses</td> +</tr> +<tr> +<td><span style="color:red;font-size:2em;">⚫</span></td> +<td><strong>Red Licenses</strong></td> +<td>GPL-2.0, GPL-3.0, LGPL-2.1, LGPL-3.0, AGPL</td> +<td><strong>check before use</strong> some special obligation which might be not in line with your lans</td> +<td>Display license text; display copyrights; take care about copyleft effect - get in contact with your software clearing experts; all distributions must clearly state that (L)GPL license code is used</td> +</tr> +<tr> +<td><span style="color:red;font-size:2em;">⚫</span></td> +<td><strong>Red Licenses</strong></td> +<td>SleepyCat, Aladdin Free Public License; Berkeley DB licenses</td> +<td><strong>really check before use</strong> because of nearly unlimited copy left effect</td> +<td>Before thinking about components licensed under these license, get in contact with your software licensing experts!</td> +</tr> +</tbody> +</table>Docs: Dependency Network Featurehttps://www.eclipse.org/sw360/docs/userguide/dependency_network/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/dependency_network/ +<h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> +<p>To use this function, please:</p> +<ol> +<li> +<p>Build the source code and deploy.</p> +</li> +<li> +<p>Add config <strong>enable.flexible.project.release.relationship=true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> +</li> +</ol> +<p>The following changes will work when <strong>enable.flexible.project.release.relationship=true</strong> only.</p> +<ol start="3"> +<li>Use the migration script (<strong>056_migrate_project_dependency_network.py</strong>) we provided to mograte the database.</li> +</ol> +<p>Before you run the script, please change two places in the script:</p> +<p>(1) Line 30: <code>DRY_RUN = True</code> -&gt; <code>DRY_RUN = False</code></p> +<p>(2) Line 32: <code>COUCHSERVER = 'http://localhost:5984/'</code> -&gt; <code>COUCHSERVER = 'http://admin:password@localhost:5984/'</code></p> +<p><code>admin</code> and <code>password</code> should be your username and password for CouchDB.</p> +<h1 id="1-introduction"><strong>1. Introduction</strong></h1> +<p>The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.</p> +<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> +<p>This feature modify the GUI of the “Linked Releases And Projects” on the “project edits” page. +Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.</p> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/new_edit_GUI.png"/> +</figure> +<h2 id="21-the-changes-of-edit-project-gui"><strong>2.1. The changes of edit project GUI</strong></h2> +<p>In this section, we will introduce the changes in GUI behaviors. We modified or added 5 sub-functions below:</p> +<h4 id="a-modify-the-add-releases-button-this-button-will-add-a-direct-dependency-release-in-the-dependency-graph-of-this-project"><strong>a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_root_release_button.png"/> +</figure> +<h4 id="b-a-new-icon-button-to-add-a-dependency-release-to-another-dependency-release-in-the-dependency-graph-note-that-this-dependency-added-is-seen-as-the-transitive-dependency-of-this-project"><strong>b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Add_transitive_releases_buttons.png"/> +</figure> +<h4 id="c-a-new-icon-button-to-load-the-default-dependency-graph-of-a-dependency-release-by-importing-the-dependency-information-stored-on-the-component-page-note-that-this-button-will-load-all-dependencies-both-direct-and-transitive-ones-of-the-corresponding-dependency-release"><strong>c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Load_default_network_from_releases.png"/> +</figure> +<h4 id="d-the-combo-box-allows-the-user-to-modify-the-version-of-a-dependency"><strong>d. The combo box allows the user to modify the version of a dependency.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Select_version_box.png"/> +</figure> +<h4 id="e-the-check-dependency-network-button-will-compare-and-show-the-different-dependency-information-which-is-not-consistent-with-the-default-one-stored-on-the-component-page-by-highlighting-them-the-inconsistency-usually-happens-after-users-modified-the-dependency-graph-or-imported-an-old-project"><strong>e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.</strong></h4> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/dependency_network/Check_diff_button.png"/> +</figure> +<h2 id="23-rest-api-changes"><strong>2.3 Rest API changes</strong></h2> +<h3 id="new-rest-apis">New Rest APIs</h3> +<p><strong>a. 3.3.35. Get a single project with dependencies network</strong></p> +<p>The response will include the dependencyNetwork field(It will show the dependency network of project (direct and indirect releases)):</p> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> &#34;name&#34; : &#34;Emerald Web&#34;, +</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;6a8250852362462095c57535294039e4&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;TO_BE_REPLACED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;PHASEOUT&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>b. 3.3.36. Creating a project with dependencies network</strong></p> +<p>If the <strong>dependencyNetwork</strong> field is included in the request body, a dependency network will be registered for the project.</p> +<ul> +<li>Simple example request (modify releaseIds to the existing release ids in sw360):</li> +</ul> +<div class="highlight"><pre tabindex="0" style="background-color:#f0f3f3;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-fallback" data-lang="fallback"><span style="display:flex;"><span>{ +</span></span><span style="display:flex;"><span> &#34;name&#34;: &#34;TestProject1&#34;, +</span></span><span style="display:flex;"><span> &#34;dependencyNetwork&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;9efc5766cd0c41d4a40547b99f5b91ac&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;3bed97a1c7ac4c32846ef4be985b648c&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [ +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;INTERNAL_USE&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;STATICALLY_LINKED&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;MAINLINE&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> }, +</span></span><span style="display:flex;"><span> { +</span></span><span style="display:flex;"><span> &#34;releaseId&#34;: &#34;f1d860e7576a44798ee3daff57a3a886&#34;, +</span></span><span style="display:flex;"><span> &#34;releaseLink&#34;: [], +</span></span><span style="display:flex;"><span> &#34;releaseRelationship&#34;: &#34;OPTIONAL&#34;, +</span></span><span style="display:flex;"><span> &#34;mainlineState&#34;: &#34;OPEN&#34;, +</span></span><span style="display:flex;"><span> &#34;comment&#34;: &#34;Test Comment&#34;, +</span></span><span style="display:flex;"><span> &#34;createOn&#34;: &#34;2023-05-15&#34;, +</span></span><span style="display:flex;"><span> &#34;createBy&#34;: &#34;admin@sw360.org&#34; +</span></span><span style="display:flex;"><span> } +</span></span><span style="display:flex;"><span> ] +</span></span><span style="display:flex;"><span>} +</span></span></code></pre></div><p><strong>c. 3.3.37. Update a project with dependencies network</strong></p> +<p>Same request body as &ldquo;Creating a project with dependencies network&rdquo;.</p>Docs: SPDX Documenthttps://www.eclipse.org/sw360/docs/userguide/spdx_document/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/spdx_document/ +<h1 id="how-to-enable-this-feature"><strong>How to enable this feature</strong></h1> +<p>To use this function, please:</p> +<ol> +<li> +<p>Build the source code and deploy.</p> +</li> +<li> +<p>Add config <strong>spdx.document.enabled = true</strong> (/etc/sw360/sw360.properties) to enable the feature.</p> +</li> +</ol> +<p>The following changes will work when <strong>spdx.document.enabled = true</strong> only.</p> +<h1 id="1-introduction"><strong>1. Introduction</strong></h1> +<p>SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations</p> +<h1 id="2-how-to-use"><strong>2. How to use?</strong></h1> +<p><strong>1. File Test Import</strong>: <a href="https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf">https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf</a></p> +<p><strong>2. Import SPDX in Page Component</strong></p> +<h4 id="import">Import</h4> +<ul> +<li>Support RDF/XML, SPDX.</li> +<li>Import all Packages in the SPDX file (main package and dependent packages)</li> +<li>Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported)</li> +</ul> +<h4 id="steps">Steps</h4> +<ol> +<li>Go to component page</li> +<li>Click &ldquo;Import SPDX BOM&rdquo; button</li> +<li>Upload SPDXRdfExample-v2.3.spdx.rdf</li> +</ol> +<h4 id="validate">Validate</h4> +<ul> +<li>&ldquo;Apache Commons Lang&rdquo;, &ldquo;glibc&rdquo;, &ldquo;Jena&rdquo; and &ldquo;Saxon&rdquo; components were created</li> +<li>&ldquo;glibc (2.11.1)&rdquo;, &ldquo;Saxon(8.8)&rdquo; and &quot; Jena (3.12.0) &quot; releases were created</li> +<li>Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8)</li> +</ul> +<h4 id="result">Result</h4> +<h5 id="tab-spdx-document---full-page-of-release-glibc2111">Tab SPDX Document - Full Page of Release Glibc(2.11.1)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Glibc.png"/> +</figure> +<h5 id="tab-spdx-document---lite-page-of-release-glibc2111">Tab SPDX Document - Lite Page of Release Glibc(2.11.1)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Glibc%282.11.1%29.png"/> +</figure> +<h5 id="tab-spdx-document----full-page-of-release-jena-3120">Tab SPDX Document - Full Page of Release Jena (3.12.0)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Jena_%283.12.0%29.png"/> +</figure> +<h5 id="tab-spdx-document---lite-page-of-release--jena-3120">Tab SPDX Document - Lite Page of Release Jena (3.12.0)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Jena_%283.12.0%29.png"/> +</figure> +<h5 id="tab-spdx-document----full-page-of-release-saxon-88">Tab SPDX Document - Full Page of Release Saxon (8.8)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Full_Page_of_Release_Saxon_%288.8%29.png"/> +</figure> +<h5 id="tab-spdx-document---lite-page-of-release--saxon-88">Tab SPDX Document - Lite Page of Release Saxon (8.8)</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Lite_Page_of_Release_Saxon_%288.8%29.png"/> +</figure> +<p><strong>3. Feature: Edit , Add tab SPDX Document in Release</strong></p> +<h5 id="edit-tab-spdx-document---full-page">Edit tab SPDX Document - Full Page</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Full_Page.png"/> +</figure> +<h5 id="edit-tab-spdx-document---lite-page">Edit tab SPDX Document - Lite Page</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Edit_tab_SPDX_Document_Lite_Page.png"/> +</figure> +<h5 id="add-tab-spdx-document">Add tab SPDX Document</h5> +<figure> +<img src="https://www.eclipse.org/sw360/sw360/img/sw360screenshots/spdx_document/Add_tab_SPDX_Document.png"/> +</figure>Docs: SW360 Best Practiceshttps://www.eclipse.org/sw360/docs/userguide/bestpractices/Mon, 01 Jan 0001 00:00:00 +0000https://www.eclipse.org/sw360/docs/userguide/bestpractices/ +<h2 id="sw360-usage-and-handling-of-components">SW360 Usage and Handling of Components</h2> +<p>The above mentioned data model has consequences for the usage of SW360:</p> +<ul> +<li>If you create a component entry, most likely you will go ahead with a release entry, otherwise, the component stays an empty shell</li> +<li>Uploading source packages / actual software as attachment makes sense at the release, not at the component</li> +<li>If you have created a component and release entry, you can go ahead and assign a vendor to a release.</li> +</ul> +<p>This very clear approach enables a number of issues, please keep the following goals in mind:</p> +<ul> +<li>Duplicate entries need to be removed</li> +<li>Separating vendor from components names and release tags brings clarity to component naming</li> +<li>Interaction with other systems is a must today. As such we need to support the CPE standard which also implement this 3-parts separation</li> +<li>Having the clear modeling of data enables better search and filtering abilities of the component catalogue.</li> +</ul> +<h2 id="how-to-create-component-entries">How to Create (Component) Entries?</h2> +<p>In order to have a clean and useful catalogue, data hygiene is very important. The main goal is to have clean component / release datasets that allow for versatile use and seamless integration with other systems (see the Handling of Components above). When creating a component, please consider the following rules:</p> +<ul> +<li>What is the name of the vendor, the name of the component and what is the release designator?</li> +<li>For the Vendor +<ul> +<li>Does a CPE entry exist? +<ul> +<li>Look here: <a href="https://nvd.nist.gov/cpe.cfm"><span style="color:red">↗</span> https://nvd.nist.gov/cpe.cfm</a> or <a href="http://scap.nist.gov/specifications/cpe/dictionary.html"><span style="color:red">↗</span> http://scap.nist.gov/specifications/cpe/dictionary.html</a></li> +<li>Use the same writing as found in the CPE dictionary</li> +</ul> +</li> +<li>A CPE does not exist? +<ul> +<li>Who is the copyright holder: an organization? +<ul> +<li>Use this organization name without &ldquo;inc&rdquo;, &ldquo;Gmbh&rdquo;, etc.</li> +</ul> +</li> +<li>A person +<ul> +<li>Look at the CPE dictionaries for example</li> +<li>They use first name last name with &ldquo;_&rdquo;, for example &ldquo;Wedge_Antilles</li> +</ul> +</li> +</ul> +</li> +</ul> +</li> +<li>For a component +<ul> +<li>Again, does a CPE entry exist?</li> +<li>Separate Component name from release designation</li> +</ul> +</li> +<li>For a release +<ul> +<li>Do not repeat the component name</li> +<li>Use the release designation as provided by the software package</li> +<li>Avoid prefixes, such as &ldquo;version&rdquo;, &ldquo;v&rdquo; etc</li> +</ul> +</li> +<li>For special cases: +<ul> +<li>If you upload a part of a release software package, create a <strong>separate</strong> release for this</li> +<li>For example &ldquo;2.0-MODIFIED&rdquo;</li> +<li>Consider that leaving items out from a software release is actually a modification</li> +</ul> +</li> +</ul> +<h2 id="how-to-create-vendors">How to Create Vendors</h2> +<p>In order to have a vendor record in the sw360, then choosing a name is important. The vendor in SW360 is the real &ldquo;manufacturer&rdquo; independently from where you download it.</p> +<p>There are different cases:</p> +<ol> +<li> +<p>COTS:</p> +<ul> +<li> +<p>Obvious case: use vendor short name in CPE style and long name for the actual company name (Apple Inc. vs. Apple)</p> +</li> +<li> +<p>You could even search for an existing vendor entry in the CPE dictionary to get existing vendor naming rules and use this as short name.</p> +</li> +<li> +<p>Consider the following link: <a href="https://nvd.nist.gov/products/cpe/search"><span style="color:red">↗</span> https://nvd.nist.gov/products/cpe/search</a></p> +</li> +<li> +<p>Vendor is actually entity that is contract partner, but is confusing: for Microsoft products, there could be a Microsoft certified solution partner which is the vendor, this must mapped differently in the SW360.</p> +</li> +<li> +<p><strong>General rule</strong>: Vendor is meant to be manufacturing party not distributing / delivering party.</p> +</li> +</ul> +</li> +<li> +<p>Freeware</p> +<ul> +<li>Problem is that freeware has an author, but also different &ldquo;vendors&rdquo; in terms of where it could be downloaded from. This is difficult because different download Web site may involve different licensing conditions.</li> +</ul> +</li> +<li> +<p>OSS:</p> +<ul> +<li> +<p>Community name, e.g. zlib project for zlib.</p> +</li> +<li> +<p>Or the org name of the github orgname or sourceforge group name</p> +</li> +<li> +<p>Do not use &ldquo;Github&rdquo; or &ldquo;Sourceforge&rdquo; as vendor</p> +</li> +<li> +<p>However, foundations, publishing the software would be a vendor, e.g. &ldquo;Apache&rdquo;, &ldquo;Eclipse&rdquo;</p> +</li> +<li> +<p>But eclipse has a github organization anyway, for example</p> +</li> +<li> +<p>With single author projects should you take the author name. A &ldquo;john_doe&rdquo; from John Doe as short name.</p> +</li> +</ul> +</li> +</ol> +<p>Note that very release has its own vendor. as a consequence:</p> +<ul> +<li>There could be a release from one Web page and one release downloaded from another Web page. If there is different licensing or sources involved, this could be a solution.</li> +</ul> \ No newline at end of file diff --git a/docs/userguide/licenses/index.html b/docs/userguide/licenses/index.html index 97bd8fb..9818795 100644 --- a/docs/userguide/licenses/index.html +++ b/docs/userguide/licenses/index.html @@ -1,935 +1,98 @@ - - - - - - - - - - - - - - - - - - - - -Licenses | Eclipse SW360 -Licenses | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Licenses

    - -
    - - - - - - - - - - - - - -
    -

    3.0 Licenses

    -

    3.1 Introduction

    -

    A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.

    -

    To open the License page, click on the License tab from the main menu bar. You can also add licenses in this page.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    Sl.No.Description
    1Quick Filter
    2Add License
    3Export Spreadsheet, refer to Project Page
    4License List
    -

    3.2 Quick Filter

    -

    You can use the Quick Filter to search for a License. To search for a particular license, use the type field.

    -

    3.3 License List

    -

    On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:

    -
      -
    • -

      License Shortname: Short name given for the license.

      -
      • -
    • -

      License Fullname: Full name given for the license.

      -
      • -
    • -

      Is checked: This column indicates if the license is checked or unchecked.

      - - - - - - - - - - - - - - - - - - - - -
      SymbolStatus
      -
      - -
      -      		Checked
      -
      - -
      -      		Unchecked
      -
      • -
    • -

      License Type: Type of the License.

      -
      • -
    -

    NOTE: CLICK ON TO SORT LICENSE INFORMATION ALPHABETICALLY.

    -

    3.4 Add License

    -

    To add a new License, click on Add License on the license page, which redirects you to another page -where you can add License details.

    -

    -
      -
    1. Enter Full Name of the license you want to add.
      2. -
    2. You can select if the license has an OSI (Open Source Initiative) approval. Select the values for OSI Approved? from the drop-down list. -
        -
      • n/a: Not applicable
        • -
      • Yes
        • -
      -
      3. -
    3. Enter the License Text.
      4. -
    4. Enter Short Name for the license.
      5. -
    5. You can select if the license is an FSF (Free Software Foundation) license. Select the values for FSF Free/Libre from the drop-down list. -
        -
      • n/a: Not applicable
        • -
      • Yes
        • -
      -
      6. -
    6. Check the box if the license is checked.
      7. -
    7. Select the License Type from the drop-down list.
      8. -
    8. Click on Create License to create a new license
      9. -
    9. If you do not want to add a license at any point of time, click on Cancel.
      10. -
    -

    3.5 View License

    -

    To open a view mode for a license:

    -
      -
    1. -

      Search for the License you want to view or navigate from the License list. Click on the License Shortname.

      -
      2. -
    2. -

      You are now in view mode of the license, and you can view all the details of the license like:

      -
        -
      • License Details
        • -
      • License Text
        • -
      • Obligation
        • -
      -

      -
      3. -
    -

    3.6 Edit License

    -

    The Edit License option is used to modify license details for existing licenses. To edit a license, follow the below procedure:

    -
      -
    1. -

      Search for the license you want to view or navigate from the License list. Click on the License Shortname.

      -
      2. -
    2. -

      You are now in view mode of the license, click on Edit License.

      -

      -
      3. -
    3. -

      Modify License Details as required. For more information on the fields, refer to 3.4 Add License.

      -
      4. -
    4. -

      You can also add license obligations in this view. To add License obligations, click on Linked Obligations.

      -
      5. -
    5. -

      Click on Add Obligation, a dialogue box will appear with a list of all the obligations that are available in SW360.

      -
      6. -
    6. -

      Use the search field to select the required obligation and click Add.

      -

      -
      7. -
    7. -

      To delete an obligation that is already linked, click .

      -
      8. -
    8. -

      If you do not want to make changes to the license at any point of time, click on Cancel.

      -
      9. -
    9. -

      If you want to delete the license, click on Delete License.

      -
      10. -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Sl.No. Description 1 Quick Filter 2 Add License 3 Export Spreadsheet, refer to Project Page 4 License List 3."> +

    Licenses

    3.0 Licenses

    3.1 Introduction

    A software license is a document that provides legally binding guidelines for the use and distribution of software. Licenses page lists all the available licenses in SW360.

    To open the License page, click on the License tab from the main menu bar. You can also add licenses in this page.

    Sl.No.Description
    1Quick Filter
    2Add License
    3Export Spreadsheet, refer to Project Page
    4License List

    3.2 Quick Filter

    You can use the Quick Filter to search for a License. To search for a particular license, use the type field.

    3.3 License List

    On the License page you can view all the licenses available in SW360. The licenses are listed with the following information:

    • License Shortname: Short name given for the license.

    • License Fullname: Full name given for the license.

    • Is checked: This column indicates if the license is checked or unchecked.

      SymbolStatus
      		Checked
      		Unchecked

    • License Type: Type of the License.

    NOTE: CLICK ON TO SORT LICENSE INFORMATION ALPHABETICALLY.

    3.4 Add License

    To add a new License, click on Add License on the license page, which redirects you to another page +where you can add License details.

    1. Enter Full Name of the license you want to add.
    2. You can select if the license has an OSI (Open Source Initiative) approval. Select the values for OSI Approved? from the drop-down list.
      • n/a: Not applicable
      • Yes
    3. Enter the License Text.
    4. Enter Short Name for the license.
    5. You can select if the license is an FSF (Free Software Foundation) license. Select the values for FSF Free/Libre from the drop-down list.
      • n/a: Not applicable
      • Yes
    6. Check the box if the license is checked.
    7. Select the License Type from the drop-down list.
    8. Click on Create License to create a new license
    9. If you do not want to add a license at any point of time, click on Cancel.

    3.5 View License

    To open a view mode for a license:

    1. Search for the License you want to view or navigate from the License list. Click on the License Shortname.

    2. You are now in view mode of the license, and you can view all the details of the license like:

      • License Details
      • License Text
      • Obligation

    3.6 Edit License

    The Edit License option is used to modify license details for existing licenses. To edit a license, follow the below procedure:

    1. Search for the license you want to view or navigate from the License list. Click on the License Shortname.

    2. You are now in view mode of the license, click on Edit License.

    3. Modify License Details as required. For more information on the fields, refer to 3.4 Add License.

    4. You can also add license obligations in this view. To add License obligations, click on Linked Obligations.

    5. Click on Add Obligation, a dialogue box will appear with a list of all the obligations that are available in SW360.

    6. Use the search field to select the required obligation and click Add.

    7. To delete an obligation that is already linked, click .

    8. If you do not want to make changes to the license at any point of time, click on Cancel.

    9. If you want to delete the license, click on Delete License.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/login/index.html b/docs/userguide/login/index.html index 21ad911..dc59720 100644 --- a/docs/userguide/login/index.html +++ b/docs/userguide/login/index.html @@ -1,781 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Login | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Login

    - -
    - - - - - - - - - - - - - -
    -

    You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.

    -

    You will see a “Welcome to SW360!” homepage which is a public area with Sign In and Create Account buttons. -The Sign In button will redirect to the private area in order to work with the portal.

    - -
    - -
    - -

    Your private area contains an overview of your Projects and Components.

    - -
    - -
    - -

    The idea of “Your” refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Login | Eclipse SW360 +

    Login

    You need a username and a password to access the software. After reaching the SW360 site you will be in the public area of your account. Liferay distinguishes between public and private area, where the private area is protected by login.

    You will see a “Welcome to SW360!” homepage which is a public area with Sign In and Create Account buttons. +The Sign In button will redirect to the private area in order to work with the portal.

    Your private area contains an overview of your Projects and Components.

    The idea of “Your” refers to the projects and components that you have created. Further there are the tasks you have submitted or which are assigned to you. Tasks are basically change requests of elements that are sent to the owner or moderator for approval. This is a basic concept for allowing change when providing a multiple set of users. On the right side of the screen you can see the last releases which have been added to SW360.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/preferrences/index.html b/docs/userguide/preferrences/index.html index 67b7c45..724cebb 100644 --- a/docs/userguide/preferrences/index.html +++ b/docs/userguide/preferrences/index.html @@ -1,827 +1,90 @@ - - - - - - - - - - - - - - - - - - - - -Preferences | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Preferences

    -
    SW360 Preferences
    -
    - - - - - - - - - - - - - -
    -

    8. Preferences

    -

    The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. -To open the Preferences page, click on the Preference tab from the main menu.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    Sl.No.Description
    1Email Notification Preferences
    2SW360 User Information
    3REST API Token
    -

    8.1 SW360 User Information

    -

    On the SW360 User section you can view the following information:

    -
      -
    • Name
      • -
    • E-mail
      • -
    • Primary Department
      • -
    • External ID: This is your organization ID.
      • -
    • Primary Department Role: This is the role you are assigned in SW360.
      • -
    • Secondary Departments and Roles: Any other roles which are assigned.
      • -
    -

    8.2 Email Notification preferences

    -

    To modify your email notifications, follow the procedure:

    -

    -
      -
    1. Check the Enable E-mail notifications box which activates Email notifications.
      2. -
    2. Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the Project section. This section will display an expanded view of the available roles.
      3. -
    3. Select the roles that you want to be notified.
      4. -
    4. You can repeat the above procedure for other sections, i.e., Component, Release, Moderation and, Clearing.
      5. -
    5. Click on Update Settings to update the changes done.
      6. -
    -

    8.3 REST API Tokens

    -

    REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.

    -

    You can generate a REST API token for read access, by following the procedure:

    -
      -
    1. Enter a token Name.
      2. -
    2. Check the Authorities box if you wish to give read access.
      3. -
    3. Set an Expiration Date for the token.
      4. -
    4. Click on Generate Token.
      5. -
    -

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Preferences | Eclipse SW360 +

    Preferences

    SW360 Preferences

    8. Preferences

    The Preferences page allows you to modify the E-mail notification preferences for changes that occur to project/component/release/license. +To open the Preferences page, click on the Preference tab from the main menu.

    Sl.No.Description
    1Email Notification Preferences
    2SW360 User Information
    3REST API Token

    8.1 SW360 User Information

    On the SW360 User section you can view the following information:

    • Name
    • E-mail
    • Primary Department
    • External ID: This is your organization ID.
    • Primary Department Role: This is the role you are assigned in SW360.
    • Secondary Departments and Roles: Any other roles which are assigned.

    8.2 Email Notification preferences

    To modify your email notifications, follow the procedure:

    1. Check the Enable E-mail notifications box which activates Email notifications.
    2. Click on the particular section for which you want to change the preference. For e.g., if you want to change the preference for projects, click on the Project section. This section will display an expanded view of the available roles.
    3. Select the roles that you want to be notified.
    4. You can repeat the above procedure for other sections, i.e., Component, Release, Moderation and, Clearing.
    5. Click on Update Settings to update the changes done.

    8.3 REST API Tokens

    REST API is an interface that two computer systems use to exchange information securely over the internet. Via REST endpoint data can be read or written in the database. As a normal user only read token can be generated.

    You can generate a REST API token for read access, by following the procedure:

    1. Enter a token Name.
    2. Check the Authorities box if you wish to give read access.
    3. Set an Expiration Date for the token.
    4. Click on Generate Token.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/project/index.html b/docs/userguide/project/index.html index 8b6d74b..e9ce592 100644 --- a/docs/userguide/project/index.html +++ b/docs/userguide/project/index.html @@ -1,1857 +1,95 @@ - - - - - - - - - - - - - - - - - - - - -Project | Eclipse SW360 -Project | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Project

    - -
    - - - - - - - - - - - - - -
    -

    1.0 Project Page

    -

    1.01 Introduction

    -

    Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.

    - -
    - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Sl.No.Description
    1Advanced Search
    2Add Project
    3Import SPDX BOM
    4Export Spreadsheet
    5Project List
    -

    1.02 Project List

    -

    The Project List lists all the relevant projects with the following information:

    -
      -
    • -

      Project name: All the projects are listed with their names.

      -
      • -
    • -

      Description: The description for the project is displayed here.

      -
      • -
    • -

      Project responsible: The email address of the person responsible for the project is displayed.

      -
      • -
    • -

      State: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      ColorProject State (PS)Project Clearing State (CS)
      Green ActiveClosed
      Yellow Not ApplicableIn-progress
      Red OpenOpen
      Grey Phase out/ UnknownNot Applicable
      -
      • -
    • -

      License Clearing displays the clearing states for releases for the project including sub projects.

      -
      • -
    • -

      Actions: you can perform the following actions for a project:

      - - - - - - - - - - - - - - - - - - - - - - - - - -
      ActionDescription
      -
      - -
      -      		To edit a Project
      -
      - -
      -      		To create clearing request the OSS clearing team
      -
      - -
      -      		To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.
      -
      - -
      -      		To delete the project from SW360.
      -
      • -
    -

    NOTE: CLICK ON -

    - -
    - TO SORT LICENSE INFORMATION ALPHABETICALLY.

    - -

    Advanced search dialogue box allows you to search for a particular project. To search for a project follow the procedure:

    -
      -
    1. Enter the Project name and Version of the project that you want to search.
      2. -
    2. Select the Project Type from the drop-down list. For more information regarding the project type, refer to paragraph 4. of General Information.
      3. -
    3. Search the project by Project Responsible email.
      4. -
    4. Search projects by their Group, select the group from the drop-down list.
      NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.
      5. -
    5. Search projects by their project State, select the options available from the drop-down list. For more information regarding project state, refer to 1.02 Project List.
      6. -
    6. You can search the projects by their Clearing State, select the options available from the drop-down list. For more information regarding project state, refer to 1.02 Project List.
      7. -
    7. You can search projects by their Tags. If there are multiple tags that you want to search, use a comma to separate.
      8. -
    8. You can search projects by Additional Data.
      9. -
    -

    1.04 Add Project

    -

    To add a new project, click on the Add Project on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:

    -
      -
    • Summary
      • -
    • Administration
      • -
    • Linked Releases and Projects
      • -
    -

    1. Summary

    -

    A. General Information

    -

    NOTE: FIELDS MARKED "*" ARE MANDATORY

    - -
    - -
    - -
      -
    1. -

      Enter the Name of the project you want to create.

      -
      2. -
    2. -

      The field Created by is set automatically to the creator/owner of the project.

      -
      3. -
    3. -

      Version of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.

      -
      4. -
    4. -

      Select the Project Type from the drop-down list.

      -
        -
      • Customer: Delivered to the customer
        • -
      • Internal: Internally used but can also be used in other projects as a sub-project
        • -
      • Product: Developed as a product and delivered to the customer
        • -
      • Services: Developed as a service and delivered to the customer
        • -
      • Inner Source: OSS within a particular organization
        • -
      -
      5. -
    5. -

      Project Visibility describes if the project is visible to all or only selected personnel. The default is set to “everyone”, you can select the project visibility from the drop-down list.

      -
        -
      • Private: Only visible to creator or admin
        • -
      • Me and Moderators: Visible to creator, moderators and admins
        • -
      • Group and Moderators: Visible to all users of the same group and the moderators
        • -
      • Everyone: All logged in users
        • -
      -
      6. -
    6. -

      Tags are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.

      -
      7. -
    7. -

      Check or uncheck the following fields as required:

      -
        -
      • Enable Security Vulnerability Monitoring (activated only if security responsible are added), refer to C. Roles.
        • -
      • Do not create monitoring list, but use from the external id, refer to E. External IDs.
        • -
      • Enable Displaying Vulnerabilities if you want the vulnerabilities to be visible.
        • -
      -
      8. -
    8. -

      Modified on date will be set automatically on creating the project.

      -
      9. -
    9. -

      Description: You can enter details of your project.

      -
      10. -
    10. -

      Modified by will be set automatically.

      -
      11. -
    11. -

      Select the Domain for your project from the drop-down list.

      -
        -
      • Application software
        • -
      • Documentation
        • -
      • Embedded Software
        • -
      • Hardware
        • -
      • Test and diagnostics
        • -
      -
      12. -
    12. -

      Click on the field to select the Vendor for your project.

      -
        -
      • This opens a dialogue box, use the type field to search for the vendors.
        • -
      • Select the vendors
        • -
      • Click on Add Vendor.
        • -
      -
      13. -
    -

    B. External URLs

    -

    Click on Click to add row to external URLs to add URLs of your project.
    - -

    - -
    -

    -
      -
    1. -

      Select External URL Key from the drop-down list.

      -
        -
      • Homepage: Link for homepage
        • -
      • Wiki page: Link for wiki page
        • -
      • Clearing:
        • -
      -
      2. -
    2. -

      Enter External URL Value. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.
      - -

      - -
      -

      -
      3. -
    3. -

      To delete an external URL, click on -

      - -
      -.

      -
      4. -
    -

    C. Roles

    - -
    - -
    - -
      -
    1. -

      Group is the department you/project owner belongs to. Click on the group field to select a Group for your project.

      -
        -
      • This opens a dialogue box, use the type field to search for the group.
        • -
      • Select the group.
        • -
      • Click on Select
        • -
      - -
      - -
      - -
      2. -
    2. -

      Enter the Owners Accounting Unit.

      -
      3. -
    3. -

      Project manager is the user who manages the project. Click on the field to select Project Manager.

      -
        -
      • This opens a dialogue box, use the type field to search for the Project Manager.
        • -
      • Select the Users.
        • -
      • Click on Select Users.
        • -
      - -
      - -
      - -
      4. -
    4. -

      Enter the Owners Billing Group.

      -
      5. -
    5. -

      Project Owner holds the project. Click on the field to select Project Owner.

      -
        -
      • This opens a dialogue box, use the type field to search for the Project Owner.
        • -
      • Select the Users.
        • -
      • Click on Select Users.
        • -
      -
      6. -
    6. -

      Select the Owner Country from the drop-down list.

      -
      7. -
    7. -

      Security responsible is the list of users responsible for the security of the project. Click on the field to select Security responsible.

      -
        -
      • This opens a dialogue box, use the type field to search for the Security responsible.
        • -
      • Select the Users
        • -
      • Click on Select Users.
        • -
      -
      8. -
    8. -

      Click on the field to select Lead Architect.

      -
        -
      • This opens a dialogue box, use the type field to search for the Lead Architect.
        • -
      • Select the Users.
        • -
      • Click on Select Users.
        • -
      -
      9. -
    9. -

      Moderator is the user responsible for the project. Click on the field to select moderators.

      -
        -
      • This opens a dialogue box, use the type field to search for the Moderators.
        • -
      • Select the Users.
        • -
      • Click on Select Users.
        • -
      -
      10. -
    10. -

      Click on the field to select Contributors.

      -
        -
      • This opens a dialogue box, use the type field to search for the Contributors.
        • -
      • Select the Users.
        • -
      • Click on Select Users.
        • -
      -
      11. -
    -

    D. Additional Roles

    -

    To assign more roles to your project, use Click to Add Additional Roles.

    - -
    - -
    - -
      -
    1. -

      Select the type of Role from the drop-down list.

      -
        -
      • Stakeholder
        • -
      • Analyst
        • -
      • Contributor
        • -
      • Accountant
        • -
      • End user
        • -
      • Quality manager
        • -
      • Test Manager
        • -
      • Technical writer
        • -
      • Key user
        • -
      -
      2. -
    2. -

      Enter Email address of the responsible personnel. To add multiple additional roles, repeat the same procedure.

      - -
      - -
      - -
      3. -
    3. -

      To delete an additional role, click on -

      - -
      -.

      -
      4. -
    -

    E. External Ids

    -

    Click on Click to add row to External Ids to add external Ids to your project.

    - -
    - -
    - -
      -
    1. Click on field to enter External Id Key and select from the drop-down list.
      2. -
    2. Enter External Id Value. To add multiple external Ids, repeat the same procedure.
      3. -
    - -
    - -
    - -
      -
    1. To delete an External Id, click on -
      - -
      -.
      2. -
    -

    F. Additional Data

    -

    You can add data keys and corresponding data values for your project.

    -

    To add more additional data keys, click on Click to add rows to additional data.

    - -
    - -
    - -
      -
    1. -

      Enter additional data key.

      -
      2. -
    2. -

      Enter additional data value. To add multiple additional data, repeat the same procedure.

      -

      -

      - -
      -.

      -
      3. -
    3. -

      To delete an additional data, click on -

      - -
      -.

      -
      4. -
    -

    2. Administration

    -

    Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on “Administration”, use navigation section.

    - -
    - -
    - -

    A. Clearing information

    - -
    - -
    - -

    To add clearing information for your project:

    -
      -
    1. -

      Select the values for Project Clearing State from the drop-down list.

      -
        -
      • Open Project
        • -
      • In progress
        • -
      • Closed
        • -
      -
      2. -
    2. -

      Clearing team is responsible for project clearing. To assign a clearing team, select the values for Clearing team from the drop-down list.

      -
      3. -
    3. -

      Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set Deadline for pre-evaluation date.

      -
      4. -
    4. -

      Following information should be entered manually:

      -
        -
      • Clearing summary: Overview of the clearing for the project management.
        • -
      • Special risk open source software: Risks which occur out from usage of specific OSS components.
        • -
      • General risk 3rd party software: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.
        • -
      • Special risk 3rd party software: Specific risks which occur by using specific projects, including commercial projects.
        • -
      • Sales and delivery channels: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.
        • -
      • Remarks and additional requirements: Any additional relevant requirement.
        • -
      -

      NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.

      -
      5. -
    -

    B. Lifecycle information

    - -
    - -
    - -

    To add lifecycle information for your project:

    -
      -
    1. -

      Select the values for Project state from the drop-down list.

      -
        -
      • Active
        • -
      • Phase-out
        • -
      • Unknown
        • -
      -
      2. -
    2. -

      Set System test begin and System test end dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.

      -
      3. -
    3. -

      Set Delivery start and Phase out dates. After the phase out date, maintenance is not required for the project.

      -

      NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.

      -
      4. -
    -

    C. License Info Header

    -

    The license info header can be set as a default header. However, you can edit this field as required.

    -

    3. Linked Releases and Projects

    -

    You can link other projects and releases to the project that you are adding. Click on Linked Releases and Projects, use navigation section.

    - -
    - -
    - -

    A. Linking Projects

    -

    To add existing projects as a sub-project:

    -
      -
    1. -

      Click on Add Projects, this action opens a dialogue box.

      - -
      - -
      - -
      2. -
    2. -

      Search and select the projects which you would like to link.

      -
      3. -
    3. -

      Click on Link Projects.

      - -
      - -
      - -
      4. -
    4. -

      After the project is linked, you can select the Project Relation for your sub-project from the drop-down list.

      -
        -
      • Sub-project
        • -
      • Duplicate
        • -
      • Unknown
        • -
      • Related
        • -
      -
      5. -
    5. -

      Check or uncheck Enable SVM as required.

      - -
      - -
      - -
      6. -
    6. -

      To link multiple projects, repeat the same procedure.

      -
      7. -
    7. -

      To delete a linked project, click on -

      - -
      -.

      -
      8. -
    -

    B. Linking releases

    -

    To add releases to your project:

    -
      -
    1. -

      Click on Add Releases, this action opens a dialogue box.

      - -
      - -
      - -
      2. -
    2. -

      Search for the releases which you want to link or click on Releases of linked projects to view all the releases which are linked to the project.

      -
      3. -
    3. -

      Select all the releases which you want to link and click on Link releases.

      - -
      - -
      - -
      4. -
    4. -

      After the release is linked, you can select the value for the Release relation from the drop-down list.

      -
        -
      • Unknown
        • -
      • Contained
        • -
      • Related
        • -
      • Dynamically linked
        • -
      • Statically linked
        • -
      • Side by side
        • -
      • Standalone
        • -
      • Internal Use
        • -
      • Optional
        • -
      • To be replaced
        • -
      • Code snippet
        • -
      -
      5. -
    5. -

      Select the value for the Release Mainline State from the drop-down list.

      -
        -
      • Open
        • -
      • Mainline
        • -
      • Specific
        • -
      • Phaseout
        • -
      • Denied
        • -
      -
      6. -
    6. -

      Add Comments, if required.

      - -
      - -
      - -
      7. -
    7. -

      To link multiple releases/components, repeat the same procedure.

      -
      8. -
    8. -

      To delete a linked release, click on -

      - -
      -.

      -
      9. -
    -

    After all the information for the new project is filled out. Click on “Create Project” at the top.

    -

    If you do not want to create a project on any point of time, click on “Cancel” at the top.

    -

    1.05 Import SBOM

    -

    SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:

    -
      -
    1. -

      Click on Import SBOM on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).

      -
      2. -
    2. -

      Drag and drop the file from your local system to the dialogue box or click on Browse File and select the file you want to import.

      - -
      - -
      - -

      NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.

      -
      3. -
    3. -

      After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.

      -
      4. -
    -

    1.06 Edit Project

    -

    You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:

    -
      -
    1. -

      Search for the projects you want to edit or navigate from the project list.

      -
      2. -
    2. -

      Click on -

      - -
      - from the actions column. You can also edit a project by clicking on the project and click on Edit Project.

      -
      3. -
    3. -

      Change the data for the project as required. For more information, refer to 1.04 Add Project.

      -
      4. -
    4. -

      In this view, you can also add attachments for the project in this view, click on Attachments, use navigation section.
      - -

      - -
      -

      -
        -
      • Click on Add Attachment, this action opens a dialogue box.
        • -
      • Browse and select the files which you want to upload or drag and drop them into the area.
        • -
      • Click on Upload.
        • -
      • Select the type of file from the drop-down list.
        • -
      • Select the status from the drop-down list.
        • -
      • If required, add comments
        • -
      - -
      - -
      - -
        -
      • To delete an attachment, click on -
        - -
        -.
        • -
      -
      5. -
    5. -

      After you modify the required fields, click on “Update Project”.

      -
      6. -
    6. -

      To delete the project, click on “Delete Project”.

      -
      7. -
    7. -

      To cancel any changes that you made click on “Cancel”.

      -
      8. -
    -

    1.07 Duplicate a Project

    -

    Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:

    -
      -
    1. Search for the projects you want to duplicate or navigate from the project list.
      2. -
    2. Click on -
      - -
      - from the actions column to duplicate the project.
      3. -
    3. Modify the data for the duplicate project as required. For more information, refer to 1.04 Add Project.
      4. -
    4. Click on “Create Project” after all changes are made.
      5. -
    5. To cancel any changes that you made click on “Cancel”.
      6. -
    -

    1.08 Deleting a Project

    -

    You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:

    -

    WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.

    -
      -
    1. -

      Search for the projects you want to delete or navigate from the project list.

      -
      2. -
    2. -

      Click on -

      - -
      - from the actions column to delete the project.

      -
      3. -
    3. -

      The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.

      -
      4. -
    4. -

      Click on Delete Project.

      -
      5. -
    5. -

      To cancel any changes that you made click on Cancel.

      - -
      - -
      - -
      6. -
    -

    1.09 Linking A Project

    -

    There are multiple ways that you can link a project to another.

    -

    A. Linking to a parent project

    -
      -
    1. -

      Search for the projects you want to link or navigate from the project list. Click on the required project.

      -
      2. -
    2. -

      This will display the view mode of the selected project. Click on “Link Projects” on the top. This will open a dialogue box to search for the projects.

      - -
      - -
      - -
      3. -
    3. -

      Search for the projects which you want to link.

      -
      4. -
    4. -

      Select the projects and click on Link Projects.

      -
      5. -
    5. -

      Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the click here to edit the project relation on the green prompt.

      - -
      - -
      - -
      6. -
    6. -

      Again, the project opens up in edit mode.

      -
      7. -
    7. -

      Modify the project details as required for the linked project. Refer to Link Projects.

      -
      8. -
    8. -

      Click on “Update Project” to save your changes.

      -
      9. -
    -

    B. Linking a child project

    -

    To add child projects to a parent project, refer to 3. Linked Releases and Projects.

    -

    1.10 Linking Components or Releases

    -

    You can directly link a component or release to a parent project, refer to 3. Linked Releases and Projects.

    - -

    You can also link a component to a project while editing a project.

    -
      -
    1. -

      Search for the projects you want to delete or navigate from the project list. Click on the required project.

      -
      2. -
    2. -

      This will display the view mode of the selected project, click on license clearing, use navigation section.

      - -
      - -
      - -
      3. -
    3. -

      Select the component/release from the list displayed. After which, which redirects you to its component page.

      -
      4. -
    4. -

      Click on “Link to Projects” to link this release/component to a project. This will open a dialogue box to search for the projects.

      - -
      - -
      - -
      5. -
    5. -

      If you want to view the projects which are already linked to the components/release, check the box for show already linked projects.

      -
      6. -
    6. -

      Select the project which you want to link the component / release to and then click on link to project.

      -
      7. -
    -

    1.11 Security Vulnerability tracking for Projects

    -

    You can view all the security vulnerabilities for your project. To view vulnerability tracking status:

    -
      -
    1. -

      Search for the projects or navigate from the project list. Click on the required project.

      -
      2. -
    2. -

      This will display the view mode of the selected project, click on Vulnerability Tracking Status.

      -
      3. -
    3. -

      Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the “security responsible” is assigned. Refer to paragraphs C. Roles.

      -
      4. -
    4. -

      You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.

      - -
      - -
      - -
      5. -
    5. -

      To view all the listed vulnerabilities for sub-projects of the parent project click on Vulnerabilities.

      - -
      - -
      - -
      6. -
    6. -

      If you want to view the complete data for a vulnerability, refer to 5. Vulnerability.

      -
      7. -
    -

    1.12 Clearing Requests

    -

    Each project needs license clearing and it is a project level activity.

    -

    A. Create Clearing Requests

    -

    To create a clearing request:

    -
      -
    1. -

      Search for the projects or navigate from the project list. Click on -

      - -
      - or,

      -
      2. -
    2. -

      Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on License Clearing, use navigation section.

      -
      3. -
    3. -

      Click on Create Clearing Request, a dialogue box will appear.

      - -
      - -
      - -
      4. -
    4. -

      Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on Select Users.

      -
      5. -
    5. -

      Select the Preferred Clearing Date.

      -
      6. -
    6. -

      If required, add Comments.

      - -
      - -
      - -
      7. -
    7. -

      Click on “Create Request”.

      -
      8. -
    8. -

      To cancel any changes that you made click on Cancel.

      -
      9. -
    -

    B. View Clearing Requests

    -

    You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:

    -
      -
    1. -

      Search for the projects or navigate from the project list. Click on -

      - -
      - or,

      -
      2. -
    2. -

      Click on the required project.

      -
      3. -
    3. -

      Select License Clearing, use navigation section.

      -
      4. -
    4. -

      Click on View Clearing Request.

      - -
      - -
      - -
      5. -
    5. -

      A new dialogue box with the clearing request information will be displayed.

      - -
      - -
      - -
      6. -
    -

    C. Edit Clearing Requests

    -

    For more information on how to edit the existing clearing requests, refer to 6. Requests.

    -

    1.13 Export Spreadsheet

    -

    You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group “SHS”.

    -
      -
    1. -

      Go to project home page.

      -
      2. -
    2. -

      If required, you can filter the projects using the advanced search options. Refer to 1.02 Project Search.

      -
      3. -
    3. -

      After the search gives a result, click on Export Spreadsheet and select the option from the drop-down list.

      -
        -
      • Projects only
        • -
      • Projects with linked releases
        • -
      -
      4. -
    4. -

      A file will now be downloaded to your local system with the required information.

      - -
      - -
      - -
      5. -
    -

    NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.

    -

    1.14 Generate License Info

    -

    You can generate a read me OSS file of all the license information for a project. To generate license information:

    -
      -
    1. -

      Search for the projects or navigate from the project list. Click on the required project.

      -
      2. -
    2. -

      Select License Clearing, use navigation section.

      -
      3. -
    3. -

      The page displays the list of all the releases listed and their respective release clearing state in the state column. Each of the releases has license information in the form of CLI files. You can view this information in the main licenses or other licenses column. -Generating a license info will create a read me OSS document combining all the licenses.

      -
      4. -
    4. -

      Click on Generate license info and select the options from the drop-down list.

      -
        -
      • Project only
        • -
      • Project with sub project
        • -
      - -
      - -
      - -
      5. -
    5. -

      After your selection, you are redirected to another page where you can further modify the output of the license information.

      -
      6. -
    6. -

      Select Show all to view all the license information or Only Approved to view approved licenses.

      -
      7. -
    7. -

      Select which CLI you want to publish the information from the list displayed below.

      - -
      - -
      - -
      8. -
    8. -

      Click on Download. A new Dialogue box will appear asking for your preferences.

      -
      9. -
    9. -

      Check the required boxes and select an output format.

      -
      10. -
    10. -

      Click on Download to get a Readme.OSS file.

      - -
      - -
      - -
      11. -
    -

    1.15 Generate Source Code Bundle

    -

    Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:

    -
      -
    1. -

      To select the project, use the search option or navigate from the project list and click on it.

      -
      2. -
    2. -

      Select License Clearing, use navigation section.

      -
      3. -
    3. -

      The window shows a list of all the releases listed. Click on Generate Source Code Bundle and select the option from the drop-down list.

      -
        -
      • Project only
        • -
      • Project with sub project
        • -
      - -
      - -
      - -
      4. -
    4. -

      After you select, you are redirected to another page which lists all the source code information.

      -
      5. -
    5. -

      Select the required source code and click Download.

      -
      6. -
    6. -

      A combined zip file comprising of all the select source code will be downloaded.

      - -
      - -
      - -
      7. -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with …"> +

    Project

    1.0 Project Page

    1.01 Introduction

    Navigate to your project overview by clicking the menu item Projects. Here you can find the list of projects with description and other related details. On the left side of project list you can find a advanced filters to filter out specific project.

    Sl.No.Description
    1Advanced Search
    2Add Project
    3Import SPDX BOM
    4Export Spreadsheet
    5Project List

    1.02 Project List

    The Project List lists all the relevant projects with the following information:

    • Project name: All the projects are listed with their names.

    • Description: The description for the project is displayed here.

    • Project responsible: The email address of the person responsible for the project is displayed.

    • State: Displays the state of the project and clearing requests. The status for PS and CS is indicated by colors.

      ColorProject State (PS)Project Clearing State (CS)
      GreenActiveClosed
      YellowNot ApplicableIn-progress
      RedOpenOpen
      GreyPhase out/ UnknownNot Applicable

    • License Clearing displays the clearing states for releases for the project including sub projects.

    • Actions: you can perform the following actions for a project:

      ActionDescription
      		To edit a Project
      		To create clearing request the OSS clearing team
      		To duplicate current version of existing project. This action will also duplicate all the linked projects, releases along with the general information and is used to create different versions of the project.
      		To delete the project from SW360.

    NOTE: CLICK ON

    TO SORT LICENSE INFORMATION ALPHABETICALLY.

    Advanced search dialogue box allows you to search for a particular project. To search for a project follow the procedure:

    1. Enter the Project name and Version of the project that you want to search.
    2. Select the Project Type from the drop-down list. For more information regarding the project type, refer to paragraph 4. of General Information.
    3. Search the project by Project Responsible email.
    4. Search projects by their Group, select the group from the drop-down list.
      NOTE: BY DEFAULT, THE SEARCH RETURNS ONLY THE RESULTS OF YOUR GROUP. HOWEVER, YOU CAN ALSO SELECT THE GROUPS FROM THE DROP-DOWN LIST.
    5. Search projects by their project State, select the options available from the drop-down list. For more information regarding project state, refer to 1.02 Project List.
    6. You can search the projects by their Clearing State, select the options available from the drop-down list. For more information regarding project state, refer to 1.02 Project List.
    7. You can search projects by their Tags. If there are multiple tags that you want to search, use a comma to separate.
    8. You can search projects by Additional Data.

    1.04 Add Project

    To add a new project, click on the Add Project on the project page, this redirects you to another page that allows you to add project information add project information for the project you want to create. Following are the three sections where you must enter information:

    • Summary
    • Administration
    • Linked Releases and Projects

    1. Summary

    A. General Information

    NOTE: FIELDS MARKED "*" ARE MANDATORY

    1. Enter the Name of the project you want to create.

    2. The field Created by is set automatically to the creator/owner of the project.

    3. Version of a project indicates there are new changes compared to the previous version of the project. Enter the version for your project as required.

    4. Select the Project Type from the drop-down list.

      • Customer: Delivered to the customer
      • Internal: Internally used but can also be used in other projects as a sub-project
      • Product: Developed as a product and delivered to the customer
      • Services: Developed as a service and delivered to the customer
      • Inner Source: OSS within a particular organization

    5. Project Visibility describes if the project is visible to all or only selected personnel. The default is set to “everyone”, you can select the project visibility from the drop-down list.

      • Private: Only visible to creator or admin
      • Me and Moderators: Visible to creator, moderators and admins
      • Group and Moderators: Visible to all users of the same group and the moderators
      • Everyone: All logged in users

    6. Tags are words assigned to a project that assist in quick searching. You can create a tag by assigning a word to your project.

    7. Check or uncheck the following fields as required:

      • Enable Security Vulnerability Monitoring (activated only if security responsible are added), refer to C. Roles.
      • Do not create monitoring list, but use from the external id, refer to E. External IDs.
      • Enable Displaying Vulnerabilities if you want the vulnerabilities to be visible.

    8. Modified on date will be set automatically on creating the project.

    9. Description: You can enter details of your project.

    10. Modified by will be set automatically.

    11. Select the Domain for your project from the drop-down list.

      • Application software
      • Documentation
      • Embedded Software
      • Hardware
      • Test and diagnostics

    12. Click on the field to select the Vendor for your project.

      • This opens a dialogue box, use the type field to search for the vendors.
      • Select the vendors
      • Click on Add Vendor.

    B. External URLs

    Click on Click to add row to external URLs to add URLs of your project.

    1. Select External URL Key from the drop-down list.

      • Homepage: Link for homepage
      • Wiki page: Link for wiki page
      • Clearing:

    2. Enter External URL Value. It is the web address for the above mentioned external URL key. To add multiple external URLs, repeat the same procedure.

    3. To delete an external URL, click on

      .

    C. Roles

    1. Group is the department you/project owner belongs to. Click on the group field to select a Group for your project.

      • This opens a dialogue box, use the type field to search for the group.
      • Select the group.
      • Click on Select

    2. Enter the Owners Accounting Unit.

    3. Project manager is the user who manages the project. Click on the field to select Project Manager.

      • This opens a dialogue box, use the type field to search for the Project Manager.
      • Select the Users.
      • Click on Select Users.

    4. Enter the Owners Billing Group.

    5. Project Owner holds the project. Click on the field to select Project Owner.

      • This opens a dialogue box, use the type field to search for the Project Owner.
      • Select the Users.
      • Click on Select Users.

    6. Select the Owner Country from the drop-down list.

    7. Security responsible is the list of users responsible for the security of the project. Click on the field to select Security responsible.

      • This opens a dialogue box, use the type field to search for the Security responsible.
      • Select the Users
      • Click on Select Users.

    8. Click on the field to select Lead Architect.

      • This opens a dialogue box, use the type field to search for the Lead Architect.
      • Select the Users.
      • Click on Select Users.

    9. Moderator is the user responsible for the project. Click on the field to select moderators.

      • This opens a dialogue box, use the type field to search for the Moderators.
      • Select the Users.
      • Click on Select Users.

    10. Click on the field to select Contributors.

      • This opens a dialogue box, use the type field to search for the Contributors.
      • Select the Users.
      • Click on Select Users.

    D. Additional Roles

    To assign more roles to your project, use Click to Add Additional Roles.

    1. Select the type of Role from the drop-down list.

      • Stakeholder
      • Analyst
      • Contributor
      • Accountant
      • End user
      • Quality manager
      • Test Manager
      • Technical writer
      • Key user

    2. Enter Email address of the responsible personnel. To add multiple additional roles, repeat the same procedure.

    3. To delete an additional role, click on

      .

    E. External Ids

    Click on Click to add row to External Ids to add external Ids to your project.

    1. Click on field to enter External Id Key and select from the drop-down list.
    2. Enter External Id Value. To add multiple external Ids, repeat the same procedure.
    1. To delete an External Id, click on
      .

    F. Additional Data

    You can add data keys and corresponding data values for your project.

    To add more additional data keys, click on Click to add rows to additional data.

    1. Enter additional data key.

    2. Enter additional data value. To add multiple additional data, repeat the same procedure.

      .

    3. To delete an additional data, click on

      .

    2. Administration

    Administration section contains license clearing and lifecycle information of the project. To edit these fields, click on “Administration”, use navigation section.

    A. Clearing information

    To add clearing information for your project:

    1. Select the values for Project Clearing State from the drop-down list.

      • Open Project
      • In progress
      • Closed

    2. Clearing team is responsible for project clearing. To assign a clearing team, select the values for Clearing team from the drop-down list.

    3. Pre-evaluation is important for the project development to understand the status of the license and estimate the effort for clearing activities. Set Deadline for pre-evaluation date.

    4. Following information should be entered manually:

      • Clearing summary: Overview of the clearing for the project management.
      • Special risk open source software: Risks which occur out from usage of specific OSS components.
      • General risk 3rd party software: General risk which occur always from using OSS and commercial SW like for e.g., patent infringements.
      • Special risk 3rd party software: Specific risks which occur by using specific projects, including commercial projects.
      • Sales and delivery channels: To know when the software will be delivered via resellers as a reseller license has to be procured and to decide how to fulfill the obligations of the licenses.
      • Remarks and additional requirements: Any additional relevant requirement.

      NOTE: THE ABOVE INFORMATION IS NECESSARY FOR PROJECT MANAGEMENT TO UNDERSTAND THE STATUS OF THE LICENSE AND ESTIMATE THE EFFORT FOR CLEARING ACTIVITIES.

    B. Lifecycle information

    To add lifecycle information for your project:

    1. Select the values for Project state from the drop-down list.

      • Active
      • Phase-out
      • Unknown

    2. Set System test begin and System test end dates. System test begin date can be used in licensing and risk perspective. System test end date is the latest date for component releases.

    3. Set Delivery start and Phase out dates. After the phase out date, maintenance is not required for the project.

      NOTE: LICENSE CLEARING FOR THE PROJECT MUST BE FINISHED BEFORE THE PROJECT DELIVERY DATE.

    C. License Info Header

    The license info header can be set as a default header. However, you can edit this field as required.

    3. Linked Releases and Projects

    You can link other projects and releases to the project that you are adding. Click on Linked Releases and Projects, use navigation section.

    A. Linking Projects

    To add existing projects as a sub-project:

    1. Click on Add Projects, this action opens a dialogue box.

    2. Search and select the projects which you would like to link.

    3. Click on Link Projects.

    4. After the project is linked, you can select the Project Relation for your sub-project from the drop-down list.

      • Sub-project
      • Duplicate
      • Unknown
      • Related

    5. Check or uncheck Enable SVM as required.

    6. To link multiple projects, repeat the same procedure.

    7. To delete a linked project, click on

      .

    B. Linking releases

    To add releases to your project:

    1. Click on Add Releases, this action opens a dialogue box.

    2. Search for the releases which you want to link or click on Releases of linked projects to view all the releases which are linked to the project.

    3. Select all the releases which you want to link and click on Link releases.

    4. After the release is linked, you can select the value for the Release relation from the drop-down list.

      • Unknown
      • Contained
      • Related
      • Dynamically linked
      • Statically linked
      • Side by side
      • Standalone
      • Internal Use
      • Optional
      • To be replaced
      • Code snippet

    5. Select the value for the Release Mainline State from the drop-down list.

      • Open
      • Mainline
      • Specific
      • Phaseout
      • Denied

    6. Add Comments, if required.

    7. To link multiple releases/components, repeat the same procedure.

    8. To delete a linked release, click on

      .

    After all the information for the new project is filled out. Click on “Create Project” at the top.

    If you do not want to create a project on any point of time, click on “Cancel” at the top.

    1.05 Import SBOM

    SPDX is a common format for communicating compliance information or list of components across all suppliers. Importing an SBOM will create a project/component. To import a SBOM:

    1. Click on Import SBOM on the project page. This will open a dialogue box for you to upload the Bill Of Materials (BOM).

    2. Drag and drop the file from your local system to the dialogue box or click on Browse File and select the file you want to import.

      NOTE: ONLY SPDX RDF/XML FILES WITH UNIQUE DESCRIBED TOP LEVEL NODE ARE SUPPORTED.

    3. After uploading is done SW360 checks for duplicates, if there are no duplicates found, a Component from the uploaded SBOM is created.

    1.06 Edit Project

    You can edit an existing project in SW360, provided you have required rights. To edit a project follow the procedure:

    1. Search for the projects you want to edit or navigate from the project list.

    2. Click on

      from the actions column. You can also edit a project by clicking on the project and click on Edit Project.

    3. Change the data for the project as required. For more information, refer to 1.04 Add Project.

    4. In this view, you can also add attachments for the project in this view, click on Attachments, use navigation section.


      • Click on Add Attachment, this action opens a dialogue box.
      • Browse and select the files which you want to upload or drag and drop them into the area.
      • Click on Upload.
      • Select the type of file from the drop-down list.
      • Select the status from the drop-down list.
      • If required, add comments
      • To delete an attachment, click on
        .

    5. After you modify the required fields, click on “Update Project”.

    6. To delete the project, click on “Delete Project”.

    7. To cancel any changes that you made click on “Cancel”.

    1.07 Duplicate a Project

    Duplicating a project is commonly used to create different versions of the project. This helps in reducing efforts as fewer modifications are required to create a new version. To duplicate a project:

    1. Search for the projects you want to duplicate or navigate from the project list.
    2. Click on
      from the actions column to duplicate the project.
    3. Modify the data for the duplicate project as required. For more information, refer to 1.04 Add Project.
    4. Click on “Create Project” after all changes are made.
    5. To cancel any changes that you made click on “Cancel”.

    1.08 Deleting a Project

    You can delete an existing project in SW360, provided you have required rights. To delete a project follow the procedure:

    WARNING: DELETING A PROJECT CAN ONLY BE DONE IF THERE ARE NO LINKED PROJECTS OR COMPONENTS. IF NOT, THERE WILL BE MISSING LINKS FOR THE PROJECTS.

    1. Search for the projects you want to delete or navigate from the project list.

    2. Click on

      from the actions column to delete the project.

    3. The software will prompt for a confirmation of deleting the project. You can also add comments for the action in the prompt box before deleting.

    4. Click on Delete Project.

    5. To cancel any changes that you made click on Cancel.

    1.09 Linking A Project

    There are multiple ways that you can link a project to another.

    A. Linking to a parent project

    1. Search for the projects you want to link or navigate from the project list. Click on the required project.

    2. This will display the view mode of the selected project. Click on “Link Projects” on the top. This will open a dialogue box to search for the projects.

    3. Search for the projects which you want to link.

    4. Select the projects and click on Link Projects.

    5. Once the project is successfully linked, you will see the prompt in green. If you want to edit the project further, click on the click here to edit the project relation on the green prompt.

    6. Again, the project opens up in edit mode.

    7. Modify the project details as required for the linked project. Refer to Link Projects.

    8. Click on “Update Project” to save your changes.

    B. Linking a child project

    To add child projects to a parent project, refer to 3. Linked Releases and Projects.

    1.10 Linking Components or Releases

    You can directly link a component or release to a parent project, refer to 3. Linked Releases and Projects.

    You can also link a component to a project while editing a project.

    1. Search for the projects you want to delete or navigate from the project list. Click on the required project.

    2. This will display the view mode of the selected project, click on license clearing, use navigation section.

    3. Select the component/release from the list displayed. After which, which redirects you to its component page.

    4. Click on “Link to Projects” to link this release/component to a project. This will open a dialogue box to search for the projects.

    5. If you want to view the projects which are already linked to the components/release, check the box for show already linked projects.

    6. Select the project which you want to link the component / release to and then click on link to project.

    1.11 Security Vulnerability tracking for Projects

    You can view all the security vulnerabilities for your project. To view vulnerability tracking status:

    1. Search for the projects or navigate from the project list. Click on the required project.

    2. This will display the view mode of the selected project, click on Vulnerability Tracking Status.

    3. Here you can view Security Vulnerability Monitoring is enabled or not. The Security Vulnerabilities are only visible in the edit project mode when the “security responsible” is assigned. Refer to paragraphs C. Roles.

    4. You can track the vulnerabilities by name, project origin, SVM tracking status, short status and type.

    5. To view all the listed vulnerabilities for sub-projects of the parent project click on Vulnerabilities.

    6. If you want to view the complete data for a vulnerability, refer to 5. Vulnerability.

    1.12 Clearing Requests

    Each project needs license clearing and it is a project level activity.

    A. Create Clearing Requests

    To create a clearing request:

    1. Search for the projects or navigate from the project list. Click on

      or,

    2. Search for the projects or navigate from the project list. Click on the required project, this will display the view mode of the of the selected project. Click on License Clearing, use navigation section.

    3. Click on Create Clearing Request, a dialogue box will appear.

    4. Enter the clearing team email id by clicking on the field and searching for the email of the clearing team. Select the contact from the list and click on Select Users.

    5. Select the Preferred Clearing Date.

    6. If required, add Comments.

    7. Click on “Create Request”.

    8. To cancel any changes that you made click on Cancel.

    B. View Clearing Requests

    You can view the existing clearing requests which are already created for a project. To view the clearing requests, follow the procedure:

    1. Search for the projects or navigate from the project list. Click on

      or,

    2. Click on the required project.

    3. Select License Clearing, use navigation section.

    4. Click on View Clearing Request.

    5. A new dialogue box with the clearing request information will be displayed.

    C. Edit Clearing Requests

    For more information on how to edit the existing clearing requests, refer to 6. Requests.

    1.13 Export Spreadsheet

    You can generate the excel sheet for an advanced search. For e.g., List of all projects created for group “SHS”.

    1. Go to project home page.

    2. If required, you can filter the projects using the advanced search options. Refer to 1.02 Project Search.

    3. After the search gives a result, click on Export Spreadsheet and select the option from the drop-down list.

      • Projects only
      • Projects with linked releases

    4. A file will now be downloaded to your local system with the required information.

    NOTE: YOU CAN ALSO USE THE EXPORT SPREADSHEET OPTION ON MULTIPLE PAGES, LIKE LICENSE CLEARING PAGE OF A PROJECT/COMPONENT, EDIT VIEW OF A COMPONENT, ECC PAGE OF PROJECT ETC.

    1.14 Generate License Info

    You can generate a read me OSS file of all the license information for a project. To generate license information:

    1. Search for the projects or navigate from the project list. Click on the required project.

    2. Select License Clearing, use navigation section.

    3. The page displays the list of all the releases listed and their respective release clearing state in the state column. Each of the releases has license information in the form of CLI files. You can view this information in the main licenses or other licenses column. +Generating a license info will create a read me OSS document combining all the licenses.

    4. Click on Generate license info and select the options from the drop-down list.

      • Project only
      • Project with sub project

    5. After your selection, you are redirected to another page where you can further modify the output of the license information.

    6. Select Show all to view all the license information or Only Approved to view approved licenses.

    7. Select which CLI you want to publish the information from the list displayed below.

    8. Click on Download. A new Dialogue box will appear asking for your preferences.

    9. Check the required boxes and select an output format.

    10. Click on Download to get a Readme.OSS file.

    1.15 Generate Source Code Bundle

    Few components have obligations, for example, sharing source code. The organization must share the source code to the user in a disc format. To generate Source Code Bundle:

    1. To select the project, use the search option or navigate from the project list and click on it.

    2. Select License Clearing, use navigation section.

    3. The window shows a list of all the releases listed. Click on Generate Source Code Bundle and select the option from the drop-down list.

      • Project only
      • Project with sub project

    4. After you select, you are redirected to another page which lists all the source code information.

    5. Select the required source code and click Download.

    6. A combined zip file comprising of all the select source code will be downloaded.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/requests/index.html b/docs/userguide/requests/index.html index 6cf3ddf..9bb3e83 100644 --- a/docs/userguide/requests/index.html +++ b/docs/userguide/requests/index.html @@ -1,1029 +1,96 @@ - - - - - - - - - - - - - - - - - - - - -Requests | Eclipse SW360 -Requests | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Requests

    - -
    - - - - - - - - - - - - - -
    -

    6. Requests

    -

    Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:

    -
      -
    1. Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page.
      -
        -
      • My Task Assignments: Moderation requests that are pending for your approval.
        • -
      • My Task Submissions: Moderation requests that are created by you.
        • -
      -
      2. -
    2. Clearing Request: For more information on clearing requests, refer to 1.12 Clearing Requests, Project Page.
      3. -
    -

    To open the Requests page, click on the Requests tab from the main menu.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    Sl.No.Description
    1Moderation Requests or Clearing Requests
    2Search Moderation Requests or Search Clearing Request
    3Moderation Request List or Clearing Request List
    -

    6.1 Moderation Requests

    -

    1. Moderation Request list

    -

    Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. -Moderation requests are further categorized into two types:

    -
      -
    • Open Moderation Requests: The moderation requests which are pending for approval. To view the list of open requests, click Open Moderation Requests.
      • -
    • Closed Moderation Requests: The moderation requests which are approved. To view the list of closed requests, click Closed Moderation Requests.
      • -
    -

    -

    The moderation requests are listed with the following information:

    -
      -
    • Date: Date of the creation of the request.
      • -
    • Type: The document type for the moderation request created.
      • -
    • Document Name: Name of the document (Project/Component/Release).
      • -
    • Requesting User: Email Id of the user who created the moderation request.
      • -
    • Department: Department of the requesting user.
      • -
    • Moderators: List of the moderators for that project/component/release.
      • -
    • State: State (In Progress/Pending/Approved/Rejected) of the moderation request.
      • -
    • Actions
      • -
    -

    NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

    -

    1. Search Moderation Requests

    -
      -
    1. Search with Date the request was created.
      2. -
    2. Search the request with the document Type and select from the drop-down list. -
        -
      • OSS
        • -
      • COTS
        • -
      • Internal
        • -
      • Inner Source
        • -
      • Service
        • -
      • Freeware
        • -
      • Code Snippet
        • -
      -
      3. -
    3. Search the request with Document Name.
      4. -
    4. Search the request with Requesting User.
      5. -
    5. Search the request with Department.
      6. -
    6. Search the request with State and select from the drop-down list. -
        -
      • Approved
        • -
      • Pending
        • -
      • Rejected
        • -
      • In Progress
        • -
      -
      7. -
    -

    3. Edit Moderation Requests

    -

    To edit a moderation request, click on Open Moderation Request / Closed Moderation Request on the request page.

    -
      -
    1. -

      Search for the request you want to edit or navigate from the request list.

      -
      2. -
    2. -

      Click on the request you want to edit. You will now be redirected to another page with details of the request.

      -
      3. -
    3. -

      You can view the following moderation request information:

      -
        -
      • Requesting user
        • -
      • Submitted on
        • -
      • Comment from the requested user
        • -
      • Status of the request
        • -
      • Moderator assigned
        • -
      • Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.
        • -
      -

      -
      4. -
    4. -

      Click on Proposed Changes to view:

      -
        -
      • Field name the changes are requested for
        • -
      • Current Value of the field
        • -
      • Former Value of the field
        • -
      • Suggested Value for the field
        • -
      • Attachments, if added
        • -
      -

      -
      5. -
    5. -

      To preview the current document, click on Current Release/Current Project.

      -

      -
      6. -
    6. -

      To accept the changes of the moderation request, click on Accept Request.

      -
      7. -
    7. -

      To reject changes for the moderation request, click on Decline Request.

      -
      8. -
    8. -

      To postpone a moderation request, click on Postpone request.

      -
      9. -
    9. -

      If you do not want to be a moderator for this request, click on Remove Me from Moderators.

      -
      10. -
    10. -

      If you do not want to make changes at any point of time, click on Cancel.

      -
      11. -
    -

    6.2 Clearing Request

    -

    1. Clearing Requests list

    -

    Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.

    -
      -
    • Open Clearing Requests: The clearing requests which are pending approval. To view the list of open requests, click Open Clearing Requests.
      • -
    • Closed Clearing Requests: The clearing requests which are approved. To view the list of closed requests, click Closed Clearing Requests.
      • -
    -

    -

    The clearing requests are listed with the following information:

    -
      -
    • Request Id: Request ID number of the clearing request.
      • -
    • BA/BL Group:
      • -
    • Project: Name of the project the clearing request belongs to.
      • -
    • Status: Status of the clearing request, rejected or closed.
      • -
    • Requesting User: Username of the user who created the clearing request.
      • -
    • Clearing Team: Person responsible for the approval of the clearing request.
      • -
    • Created on: Creation date of the clearing request.
      • -
    • Preferred Clearing Date: The proposed date of completion of clearing request.
      • -
    • Agreed Clearing Date: The agreed date of completion for clearing request.
      • -
    • Request Closed on: The actual date the clearing request is closed.
      • -
    • Clearing Progress (Only applicable for open clearing requests)
      • -
    • Actions: Click on to edit the clearing request.
      • -
    -

    NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

    -

    2. Search Clearing Requests:

    -
      -
    1. Search the request with Select date type and range.
      2. -
    2. Search the request with Priority and select from the drop-down list. -
        -
      • Low
        • -
      • Medium
        • -
      • High
        • -
      • Critical
        • -
      -
      3. -
    3. Search the request with BA BL group.
      4. -
    4. Search the request with Status and select from the drop-down list. -
        -
      • New
        • -
      • Accepted
        • -
      • In Queue
        • -
      • In Progress
        • -
      • Awaiting Response
        • -
      -
      5. -
    -

    3. Edit Clearing Requests

    -

    To edit a clearing request, click on Open Clearing Request / Closed Clearing Request on the request page.

    -
      -
    1. -

      Search for the request you want to edit or navigate from the request list.

      -
      2. -
    2. -

      You can also use Quick Filter to search for a request.

      -
      3. -
    3. -

      Click on the request you want to edit, this will redirect you to another page with details of the request.

      -
      4. -
    4. -

      To modify the clearing request, click on Edit Request.

      -
      5. -
    5. -

      You can view the following clearing request information for the project:

      -
        -
      • Requesting User
        • -
      • Created On
        • -
      • Preferred Clearing Date
        • -
      • Business Area/Line
        • -
      • Requester Comment
        • -
      • Clearing
        • -
      • Request Status: You can modify the request status as required. Select the required value from the drop-down list. -
          -
        • New
          • -
        • Accepted
          • -
        • Rejected
          • -
        • In Queue
          • -
        • In Progress
          • -
        • Closed
          • -
        • Awaiting Response
          • -
        -
        • -
      • Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list. -
          -
        • Low: Clearing date is greater than 4 weeks
          • -
        • Medium: Clearing time is less than 2-4 weeks
          • -
        • High: Clearing time is less than 2 weeks
          • -
        • Critical: Clearing time is less than 1 week
          - NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.
          • -
        -
        • -
      • Clearing team: Click on the field to select the Clearing Team for the request. This opens a dialogue box, search and select the clearing expert and click on Select Users.
        • -
      • Agreed Clearing Date: Click on the field to set the clearing date
        • -
      • Last Updated on
        • -
      -

      -
      6. -
    6. -

      Click on Clearing request comments to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click Add Comment.

      -

      -
      7. -
    7. -

      After making the changes, click on Update Request.

      -
      8. -
    8. -

      If you do not want to make changes at any point of time, click on Cancel.

      -
      9. -
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Moderation Requests: The …"> +

    Requests

    6. Requests

    Requests page lists all the requests that are generated by the users in SW360. There are two kind of requests:

    1. Moderation Requests: The requests that are created when a user with limited rights requests a change in a Project/Component/Release. These requests need to be approved by another user with higher rights (Project Owner/ Project Responsible) for the changes to appear in a particular Project/Component/Release. You can also view these requests as tasks in your home page.
      • My Task Assignments: Moderation requests that are pending for your approval.
      • My Task Submissions: Moderation requests that are created by you.
    2. Clearing Request: For more information on clearing requests, refer to 1.12 Clearing Requests, Project Page.

    To open the Requests page, click on the Requests tab from the main menu.

    Sl.No.Description
    1Moderation Requests or Clearing Requests
    2Search Moderation Requests or Search Clearing Request
    3Moderation Request List or Clearing Request List

    6.1 Moderation Requests

    1. Moderation Request list

    Moderation requests must be approved by another user with higher rights (Admin, Clearing expert) for the changes to appear in a Project/Component/Release. +Moderation requests are further categorized into two types:

    • Open Moderation Requests: The moderation requests which are pending for approval. To view the list of open requests, click Open Moderation Requests.
    • Closed Moderation Requests: The moderation requests which are approved. To view the list of closed requests, click Closed Moderation Requests.

    The moderation requests are listed with the following information:

    • Date: Date of the creation of the request.
    • Type: The document type for the moderation request created.
    • Document Name: Name of the document (Project/Component/Release).
    • Requesting User: Email Id of the user who created the moderation request.
    • Department: Department of the requesting user.
    • Moderators: List of the moderators for that project/component/release.
    • State: State (In Progress/Pending/Approved/Rejected) of the moderation request.
    • Actions

    NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

    1. Search Moderation Requests

    1. Search with Date the request was created.
    2. Search the request with the document Type and select from the drop-down list.
      • OSS
      • COTS
      • Internal
      • Inner Source
      • Service
      • Freeware
      • Code Snippet
    3. Search the request with Document Name.
    4. Search the request with Requesting User.
    5. Search the request with Department.
    6. Search the request with State and select from the drop-down list.
      • Approved
      • Pending
      • Rejected
      • In Progress

    3. Edit Moderation Requests

    To edit a moderation request, click on Open Moderation Request / Closed Moderation Request on the request page.

    1. Search for the request you want to edit or navigate from the request list.

    2. Click on the request you want to edit. You will now be redirected to another page with details of the request.

    3. You can view the following moderation request information:

      • Requesting user
      • Submitted on
      • Comment from the requested user
      • Status of the request
      • Moderator assigned
      • Comment on moderation decision: A moderator can add comments to this request before accepting or declining the changes.

    4. Click on Proposed Changes to view:

      • Field name the changes are requested for
      • Current Value of the field
      • Former Value of the field
      • Suggested Value for the field
      • Attachments, if added

    5. To preview the current document, click on Current Release/Current Project.

    6. To accept the changes of the moderation request, click on Accept Request.

    7. To reject changes for the moderation request, click on Decline Request.

    8. To postpone a moderation request, click on Postpone request.

    9. If you do not want to be a moderator for this request, click on Remove Me from Moderators.

    10. If you do not want to make changes at any point of time, click on Cancel.

    6.2 Clearing Request

    1. Clearing Requests list

    Clearing Requests are created by project manager and sent to clearing experts to perform license clearing, which are then approved. Clearing Requests are further categorized into two types.

    • Open Clearing Requests: The clearing requests which are pending approval. To view the list of open requests, click Open Clearing Requests.
    • Closed Clearing Requests: The clearing requests which are approved. To view the list of closed requests, click Closed Clearing Requests.

    The clearing requests are listed with the following information:

    • Request Id: Request ID number of the clearing request.
    • BA/BL Group:
    • Project: Name of the project the clearing request belongs to.
    • Status: Status of the clearing request, rejected or closed.
    • Requesting User: Username of the user who created the clearing request.
    • Clearing Team: Person responsible for the approval of the clearing request.
    • Created on: Creation date of the clearing request.
    • Preferred Clearing Date: The proposed date of completion of clearing request.
    • Agreed Clearing Date: The agreed date of completion for clearing request.
    • Request Closed on: The actual date the clearing request is closed.
    • Clearing Progress (Only applicable for open clearing requests)
    • Actions: Click on to edit the clearing request.

    NOTE: USE TO SORT THE LIST ALPHABETICALLY OR IN ASCENDING/DESCENDING ORDER.

    2. Search Clearing Requests:

    1. Search the request with Select date type and range.
    2. Search the request with Priority and select from the drop-down list.
      • Low
      • Medium
      • High
      • Critical
    3. Search the request with BA BL group.
    4. Search the request with Status and select from the drop-down list.
      • New
      • Accepted
      • In Queue
      • In Progress
      • Awaiting Response

    3. Edit Clearing Requests

    To edit a clearing request, click on Open Clearing Request / Closed Clearing Request on the request page.

    1. Search for the request you want to edit or navigate from the request list.

    2. You can also use Quick Filter to search for a request.

    3. Click on the request you want to edit, this will redirect you to another page with details of the request.

    4. To modify the clearing request, click on Edit Request.

    5. You can view the following clearing request information for the project:

      • Requesting User
      • Created On
      • Preferred Clearing Date
      • Business Area/Line
      • Requester Comment
      • Clearing
      • Request Status: You can modify the request status as required. Select the required value from the drop-down list.
        • New
        • Accepted
        • Rejected
        • In Queue
        • In Progress
        • Closed
        • Awaiting Response
      • Priority: You can modify the priority of the clearing request as required. Select the required value from the drop-down list.
        • Low: Clearing date is greater than 4 weeks
        • Medium: Clearing time is less than 2-4 weeks
        • High: Clearing time is less than 2 weeks
        • Critical: Clearing time is less than 1 week
          NOTE: THERE CAN ONLY BE 2 CRITICAL CLEARING REQUESTS.
      • Clearing team: Click on the field to select the Clearing Team for the request. This opens a dialogue box, search and select the clearing expert and click on Select Users.
      • Agreed Clearing Date: Click on the field to set the clearing date
      • Last Updated on

    6. Click on Clearing request comments to check the clearing request information. The information displayed here is a combination of manual entry comments and automated entries by SW360. Automated entries give information regarding the changes that are done on the clearing request. You can mention comments by typing in the text field and click Add Comment.

    7. After making the changes, click on Update Request.

    8. If you do not want to make changes at any point of time, click on Cancel.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/search/index.html b/docs/userguide/search/index.html index 6e6ad42..46cf6b9 100644 --- a/docs/userguide/search/index.html +++ b/docs/userguide/search/index.html @@ -1,784 +1,98 @@ - - - - - - - - - - - - - - - - - - - - -Search | Eclipse SW360 -Search | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Search

    - -
    - - - - - - - - - - - - - -
    -

    7. Search

    -

    On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.

    -

    -

    To search for a particular (object), click on Search tab and follow the procedure:

    -
      -
    1. Type the keyword in the text field.
      2. -
    2. The checkbox in Restrict To Type allows you to further restrict your search to a specific (object), you can choose to restrict the type to projects, components, licenses etc.
      3. -
    3. Click on Search to get the search results
      4. -
    4. Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.
      5. -
    -

    Wildcards

    -

    The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use ‘?’ and for multiple character wildcard he can use ‘*’. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.

    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Type the keyword in the text field. The checkbox in Restrict To Type allows you to further restrict your search to a specific (object), you can choose to restrict the type to projects, components, licenses etc. Click on Search to get the search results Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page."> +

    Search

    7. Search

    On the search page, you can search for Projects, Components, Licenses, Releases, Obligations, Users, Vendors, etc. in SW360.

    To search for a particular (object), click on Search tab and follow the procedure:

    1. Type the keyword in the text field.
    2. The checkbox in Restrict To Type allows you to further restrict your search to a specific (object), you can choose to restrict the type to projects, components, licenses etc.
    3. Click on Search to get the search results
    4. Click on the component/project/license/obligation/user/vendor/release to be redirected to their respective page.

    Wildcards

    The user can search with wildcards. A wildcard is a character which substitue for zero or more characters in a string. For a single character users can use ‘?’ and for multiple character wildcard he can use ‘*’. The Wildcard can stand in the middle of characters or at the end, but not at the beginning.

    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/docs/userguide/spdx_document/index.html b/docs/userguide/spdx_document/index.html index 4e7e2bc..abbc181 100644 --- a/docs/userguide/spdx_document/index.html +++ b/docs/userguide/spdx_document/index.html @@ -1,853 +1,89 @@ - - - - - - - - - - - - - - - - - - - - -SPDX Document | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    SPDX Document

    -
    SPDX Document
    -
    - - - - - - - - - - - - - -
    -

    How to enable this feature

    -

    To use this function, please:

    -
      -
    1. -

      Build the source code and deploy.

      -
      2. -
    2. -

      Add config spdx.document.enabled = true (/etc/sw360/sw360.properties) to enable the feature.

      -
      3. -
    -

    The following changes will work when spdx.document.enabled = true only.

    -

    1. Introduction

    -

    SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations

    -

    2. How to use?

    -

    1. File Test Import: https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf

    -

    2. Import SPDX in Page Component

    -

    Import

    -
      -
    • Support RDF/XML, SPDX.
      • -
    • Import all Packages in the SPDX file (main package and dependent packages)
      • -
    • Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported)
      • -
    -

    Steps

    -
      -
    1. Go to component page
      2. -
    2. Click “Import SPDX BOM” button
      3. -
    3. Upload SPDXRdfExample-v2.3.spdx.rdf
      4. -
    -

    Validate

    -
      -
    • “Apache Commons Lang”, “glibc”, “Jena” and “Saxon” components were created
      • -
    • “glibc (2.11.1)”, “Saxon(8.8)” and " Jena (3.12.0) " releases were created
      • -
    • Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8)
      • -
    -

    Result

    -
    Tab SPDX Document - Full Page of Release Glibc(2.11.1)
    - -
    - -
    - -
    Tab SPDX Document - Lite Page of Release Glibc(2.11.1)
    - -
    - -
    - -
    Tab SPDX Document - Full Page of Release Jena (3.12.0)
    - -
    - -
    - -
    Tab SPDX Document - Lite Page of Release Jena (3.12.0)
    - -
    - -
    - -
    Tab SPDX Document - Full Page of Release Saxon (8.8)
    - -
    - -
    - -
    Tab SPDX Document - Lite Page of Release Saxon (8.8)
    - -
    - -
    - -

    3. Feature: Edit , Add tab SPDX Document in Release

    -
    Edit tab SPDX Document - Full Page
    - -
    - -
    - -
    Edit tab SPDX Document - Lite Page
    - -
    - -
    - -
    Add tab SPDX Document
    - -
    - -
    - - - - -
    - Last modified October 3, 2023: Update and rename SPDX_documnent.md to SPDX_document.md (aa22da5) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +SPDX Document | Eclipse SW360 +

    SPDX Document

    SPDX Document

    How to enable this feature

    To use this function, please:

    1. Build the source code and deploy.

    2. Add config spdx.document.enabled = true (/etc/sw360/sw360.properties) to enable the feature.

    The following changes will work when spdx.document.enabled = true only.

    1. Introduction

    SPDX Document manages Document Creation Information, Package Information, Other Licensing Information Detected, Relationships between SPDX Elements, Annotations

    2. How to use?

    1. File Test Import: https://github.com/spdx/tools-java/blob/master/testResources/SPDXRdfExample-v2.3.spdx.rdf

    2. Import SPDX in Page Component

    Import

    • Support RDF/XML, SPDX.
    • Import all Packages in the SPDX file (main package and dependent packages)
    • Import relationships related to Packages and SPDX Documents (relationships related to File and Snippet are not imported)

    Steps

    1. Go to component page
    2. Click “Import SPDX BOM” button
    3. Upload SPDXRdfExample-v2.3.spdx.rdf

    Validate

    • “Apache Commons Lang”, “glibc”, “Jena” and “Saxon” components were created
    • “glibc (2.11.1)”, “Saxon(8.8)” and " Jena (3.12.0) " releases were created
    • Tab SPDX Document exits in release glibc (2.11.1), Jena (3.12.0) and Saxon (8.8)

    Result

    Tab SPDX Document - Full Page of Release Glibc(2.11.1)
    Tab SPDX Document - Lite Page of Release Glibc(2.11.1)
    Tab SPDX Document - Full Page of Release Jena (3.12.0)
    Tab SPDX Document - Lite Page of Release Jena (3.12.0)
    Tab SPDX Document - Full Page of Release Saxon (8.8)
    Tab SPDX Document - Lite Page of Release Saxon (8.8)

    3. Feature: Edit , Add tab SPDX Document in Release

    Edit tab SPDX Document - Full Page
    Edit tab SPDX Document - Lite Page
    Add tab SPDX Document
    Last modified October 3, 2023: Update and rename SPDX_documnent.md to SPDX_document.md (aa22da5)
    + + + \ No newline at end of file diff --git a/docs/userguide/sw360-homepage/index.html b/docs/userguide/sw360-homepage/index.html index 1731977..0d5e814 100644 --- a/docs/userguide/sw360-homepage/index.html +++ b/docs/userguide/sw360-homepage/index.html @@ -1,835 +1,93 @@ - - - - - - - - - - - - - - - - - - - - -Home Page | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    -
    - - -
    - - - - - -
    -

    Home Page

    - -
    - - - - - - - - - - - - - -
    -

    Home Page

    -

    The private area of the home page contains an overview of projects and components which are specific to you and other general information.

    - -
    - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Sl.NoNameDescription
    1Main MenuMain menu consists primarily of the various tasks you can perform.
    2My ProjectsDisplays the list of projects for a specific role or clearing state.
    3My Task AssignmentsDisplays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.
    4My ComponentsDisplays the list of components that are created by you.
    5My Task SubmissionsThese are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.
    6Search BarYou can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.
    7My ProfileYou can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:
    - My sites, will redirect you to a page where you can view all the sites you have opened in the past.
    - My profile, will redirect you to a page where you can view your vcard.
    - My dashboard, will redirect you to a page where you can view summary of your profile.
    - Notifications, will redirect you to a page where you can view all the latest updates.
    - Shared content, will redirect you to a page where you can view all the shared content which are shared with you or shared by you.
    - My submissions, will redirect you to a page where you can view all of your submissions.
    - My workflow tasks, will redirect you to a page where you can view the tasks which are assined to you or your roles.
    - Account settings, will redirect you to a page where you can modify general information, passwords, addresses and contact information and alert preferences as needed.
    - My connected applications, will redirect you to a page where you can view connected applications.
    - My organization, will redirect you to a page where you can view your organization information.
    - You can sign out of SW360 using sign out option.
    8My SubscriptionsDisplays a list of various components and releases you have subscribed to.
    NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.
    9Recent ComponentsDisplays a list of recent components which are added to SW360.
    10Recent ReleasesDisplays a list of recent releases which are added to SW360.
    - - - -
    - Last modified March 29, 2023: upd(project): Major updates (3fc96db) -
    - -
    - - -
    -
    -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Home Page | Eclipse SW360 +

    Home Page

    Home Page

    The private area of the home page contains an overview of projects and components which are specific to you and other general information.

    Sl.NoNameDescription
    1Main MenuMain menu consists primarily of the various tasks you can perform.
    2My ProjectsDisplays the list of projects for a specific role or clearing state.
    3My Task AssignmentsDisplays the tasks or moderation requests that are assigned to you. These can be change requests submitted for approval related to the “projects, components or releases” for which you are a creator or a moderator.
    4My ComponentsDisplays the list of components that are created by you.
    5My Task SubmissionsThese are the change requests that are submitted by you for an approval to change any aspect of a “project, component or release” for which you are not a creator or moderator.
    6Search BarYou can find the search bar on the right top corner of the application. Search bar enables you to search for a specific project/component/release.
    7My ProfileYou can find the profile icon on the right top corner of the application. You can perform the following actions in my profile:
    - My sites, will redirect you to a page where you can view all the sites you have opened in the past.
    - My profile, will redirect you to a page where you can view your vcard.
    - My dashboard, will redirect you to a page where you can view summary of your profile.
    - Notifications, will redirect you to a page where you can view all the latest updates.
    - Shared content, will redirect you to a page where you can view all the shared content which are shared with you or shared by you.
    - My submissions, will redirect you to a page where you can view all of your submissions.
    - My workflow tasks, will redirect you to a page where you can view the tasks which are assined to you or your roles.
    - Account settings, will redirect you to a page where you can modify general information, passwords, addresses and contact information and alert preferences as needed.
    - My connected applications, will redirect you to a page where you can view connected applications.
    - My organization, will redirect you to a page where you can view your organization information.
    - You can sign out of SW360 using sign out option.
    8My SubscriptionsDisplays a list of various components and releases you have subscribed to.
    NOTE: YOU CANNOT SUBSCRIBE TO A PROJECT.
    9Recent ComponentsDisplays a list of recent components which are added to SW360.
    10Recent ReleasesDisplays a list of recent releases which are added to SW360.
    Last modified March 29, 2023: upd(project): Major updates (3fc96db)
    + + + \ No newline at end of file diff --git a/img/clients/BoschSI.png b/img/clients/BoschSI.png deleted file mode 100644 index d9b4f96..0000000 Binary files a/img/clients/BoschSI.png and /dev/null differ diff --git a/img/clients/Toshiba.png b/img/clients/Toshiba.png deleted file mode 100644 index e12d7e5..0000000 Binary files a/img/clients/Toshiba.png and /dev/null differ diff --git a/img/clients/Verifa.png b/img/clients/Verifa.png deleted file mode 100644 index c004b88..0000000 Binary files a/img/clients/Verifa.png and /dev/null differ diff --git a/index.html b/index.html index 4241908..51fda7e 100644 --- a/index.html +++ b/index.html @@ -1,26 +1,4 @@ - - - - - - - - - - - - - - - - - - - - - -Eclipse SW360 -Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    - - - - - - - - - - - - - - -
    -
    -
    -
    -
    - - -
    - - -
    -
    -

    - -
    - -
    - -

    - Software supply chain management done right ! -

    -

    -
    - -
    - -
    -

    - SW360 is an open source software project licensed under the EPL-2.0 that - provides both a web application and a repository to collect, organize and - make available information about software components. It establishes a - central hub for software components in an organization. -

    -
    - -
    - - Our Vision - -
    - - - -
    -
    -
    -
    -
    - -
    - - - - -
    -
    -
    -
    -
    - -
    -

    Central SW Component Database

    -
    - -360 degree coverage for SW development beside the ‚Coding‘ as the Central SW - component database - -
    - -
    - - -
    -
    - -
    -

    E2E Integration for Software Compliance

    -
    - -Having a stable, precise, transparent, controllable and easy extendable OSS toolchain for - long term running - -
    - -
    - - -
    -
    -
    -
    - -
    -

    Long Term Controlled OSS Toolchain

    -
    - -As automated - as possible, end-to-end compliance (Legal, Security/SBOM, Export Control) - tool-chain, seamlessly integrated in the SW development process (e.g. - DevOps) - -
    - -
    - - -
    -
    - -
    -

    Embracing New Technologies

    -
    - -Enable easy onboarding of - new technolgies and new tools (e.g. container, new kind of packages) - -
    - -
    - -
    -
    -
    - - - -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file + …"> +

    Software supply chain management done right !

    SW360 is an open source software project licensed under the EPL-2.0 that +provides both a web application and a repository to collect, organize and +make available information about software components. It establishes a +central hub for software components in an organization.

    Our Vision

    Central SW Component Database

    360 degree coverage for SW development beside the ‚Coding‘ as the Central SW +component database

    E2E Integration for Software Compliance

    Having a stable, precise, transparent, controllable and easy extendable OSS toolchain for +long term running

    Long Term Controlled OSS Toolchain

    As automated +as possible, end-to-end compliance (Legal, Security/SBOM, Export Control) +tool-chain, seamlessly integrated in the SW development process (e.g. +DevOps)

    Embracing New Technologies

    Enable easy onboarding of +new technolgies and new tools (e.g. container, new kind of packages)
    + + + \ No newline at end of file diff --git a/index.xml b/index.xml index b44cd76..fff4180 100644 --- a/index.xml +++ b/index.xml @@ -1,16 +1 @@ - - - Eclipse SW360 – SW360 - https://www.eclipse.org/sw360/ - Recent content in SW360 on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - +Eclipse SW360 – SW360https://www.eclipse.org/sw360/Recent content in SW360 on Eclipse SW360Hugo -- gohugo.io \ No newline at end of file diff --git a/presentations/index.html b/presentations/index.html index b0582bd..3d6371c 100644 --- a/presentations/index.html +++ b/presentations/index.html @@ -1,26 +1,4 @@ - - - - - - - - - - - - - - - - - - - - - -Events and Presentations | Eclipse SW360 -Events and Presentations | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    - - - - - - - - - - - - - -
    -
    -
    -
    -
    - - -
    - -
    -

    Events and Presentations

    - - -
    -
    -
    -
    -
    - -
    - -
    -
    -
    -

    2022

    - -

    2021

    - -

    2019

    -

    2018

    • Bitkom Forum Open Source 2018: “Eclipse SW360 – Lessons Learned From Automated License Compliance” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG)
    • Inner Source Commons 2018: “Committing to Change: Inner Source at Siemens” (Karsten Gerloff, Siemens AG)
    • The Free Software Legal and Licensing Workshop 2018: “Eclipse SW360: Generating License Information for Products with SDPX Docs” (Michael C. Jaeger, Siemens AG)
    • Yanking the Chain: Open Source Software Compliance in the Supply Chain: “Eclipse SW360 – Open Source Management with Open Source” (Michael C. Jaeger, Siemens AG)
    • Bitkom AK Open Source: “Eclipse SW360 – Automatisierte License Compliance” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG)

    2017

    • EclipseCon Europe 2017: “Leveraging Open Source Projects for Open Source Management” (Marcel Kurzmann, Bosch Software Innovations GmbH) [slides] [video]
    • EclipseCon France 2017: “SW360 – The Component Management Hub” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG) [slides] [video]
    • Open Compliance Summit 2017 : “Open Source with Open Source: Component Management with SW360” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG)
    • Open Source Summit Europe 2017: “OSS Compliance Automation with SW360” (Michael C. Jaeger, Siemens AG & Steffen Evers, Bosch Software Innovations GmbH)
    • Open Source Leadership Summit 2017: “SW360 - An Open Component Hub” (Steffen Evers, Bosch Software Innovations GmbH)
    • The Seoul Copyright Forum 2017: “License compliance: FOSS tools for speed and scale” (Karsten Gerloff, Siemens AG)

    2016

    • Bitkom AK Open Source: “SW360 – Your Open Component Hub” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG)
    • JAXenter: “Neu im Eclipse-Universum: SW360 – das Katalogisierungsprogramm für Software-Komponenten” (Dominik Mohilo, JAXenter)
    • EclipseCon Europe 2016: “Open Source Component Management – Unconference Session” (Johannes Kristan, Bosch Software Innovations GmbH & Michael C. Jaeger, Siemens AG)
    • Linux Foundation Collab Summit 2016: “SW360: A Place like Home for OSS” (Michael C. Jaeger, Siemens AG)
    + + + \ No newline at end of file diff --git a/presentations/index.xml b/presentations/index.xml index a339c2e..32468bb 100644 --- a/presentations/index.xml +++ b/presentations/index.xml @@ -1,17 +1 @@ - - - Eclipse SW360 – Events and Presentations - https://www.eclipse.org/sw360/presentations/ - Recent content in Events and Presentations on Eclipse SW360 - Hugo -- gohugo.io - - - - - - - - - - - +Eclipse SW360 – Events and Presentationshttps://www.eclipse.org/sw360/presentations/Recent content in Events and Presentations on Eclipse SW360Hugo -- gohugo.io \ No newline at end of file diff --git a/screenshots/index.html b/screenshots/index.html index ee435c8..f7a027a 100644 --- a/screenshots/index.html +++ b/screenshots/index.html @@ -1,509 +1,11 @@ - - - - - - - - - - - - - - - - - - - - -Screenshots | Eclipse SW360 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - - - -
    -
    -
    - - - - - - - - - - - - - -
    -
    -
    -
    -
    - - -
    - -
    -

    Screenshots

    A picture is worth a thousand words

    -
    - - -
    -
    -
    -
    -
    - -
    - -
    -

    The SW360 application is divided into several sections around managing a catalogue of software components and the software bill-of-material of your software projects, products or services. The menu bar as shown on home screen cover the following main sections.

    -
    -

    Home

    -

    A dashboard listing the components and projects created by the user logged in. With this overview, the own projects and components can be directly accessed.

    - - -
    - - -
    - Card image cap -
    -
    Home
    -

    - -

    -
    -
    -     - - - -
    - -

    Project

    -

    As for individual projects, a number of subsections is provided, allowing for managing different aspects of a project: license compliance, export control (ECC), vulnerabilities, locking of attachments for project use, and vulnerabilities. -For each project, a number of attributes can be maintained, most notably external ids, which allow for a mapping to the dataset in SW360 with external systems.

    -

    The main area of work in the projects section. SW360 uses the term project as synonym for products, services, or internal projects. The projects area starts with a listing of all projects which are visible to the user, according to the visibility setting of the project.

    -

    For the license compliance, SW360 allows for maintaining a global clearing status for each release of a component. In addition, a clearing status can be set for use at each individual project.

    -

    Not only the clearing status for each use of a release can be captured by SW360. Also, the type of usage (contained, side-by-side installation, etc.) can be saved as attribute.

    - - -
    - - -
    - Card image cap -
    -
    Main area
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    Summary
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    Clearing Status
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    ECC Clearing Status
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    Releases and Projects
    -

    -

    -
    -
    -     - - -
    - -

    Components

    -

    Components in SW360 can have multiple types, such as OSS, commercial component or a service (and more types), since license compliance matters for type of software, not only OSS. Components are in fact a container for releases, because license compliance information and other attributes change between different releases of a component.

    -

    At each release, basic attributes can be stored, some of them are informal, but can give relevant input to usage statistics of software in an organisation.

    - - -
    - - -
    - Card image cap -
    -
    Component
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    Component Edit
    -

    -

    -
    -
    -     - - - -
    - Card image cap -
    -
    Component Clearance
    -

    -

    -
    -
    -     - - - -
    - - -

    SW360 provides an index for all data, thus searching for keywords will yield results for all different datasets, such as projects, components, licenses, etc. Search for terms can be filtered by data set types.

    - - -
    - - -
    - Card image cap -
    -
    Search
    -

    -

    -
    -
    -     - - - -
    - -
    - - - -
    - - - -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file +Screenshots | Eclipse SW360 +

    Screenshots

    A picture is worth a thousand words

    The SW360 application is divided into several sections around managing a catalogue of software components and the software bill-of-material of your software projects, products or services. The menu bar as shown on home screen cover the following main sections.


    Home

    A dashboard listing the components and projects created by the user logged in. With this overview, the own projects and components can be directly accessed.

    +
    Card image cap
    Home

    Project

    As for individual projects, a number of subsections is provided, allowing for managing different aspects of a project: license compliance, export control (ECC), vulnerabilities, locking of attachments for project use, and vulnerabilities. +For each project, a number of attributes can be maintained, most notably external ids, which allow for a mapping to the dataset in SW360 with external systems.

    The main area of work in the projects section. SW360 uses the term project as synonym for products, services, or internal projects. The projects area starts with a listing of all projects which are visible to the user, according to the visibility setting of the project.

    For the license compliance, SW360 allows for maintaining a global clearing status for each release of a component. In addition, a clearing status can be set for use at each individual project.

    Not only the clearing status for each use of a release can be captured by SW360. Also, the type of usage (contained, side-by-side installation, etc.) can be saved as attribute.

    +
    Card image cap
    Main area

    Card image cap
    Summary

    Card image cap
    Clearing Status

    Card image cap
    ECC Clearing Status

    Card image cap
    Releases and Projects

    Components

    Components in SW360 can have multiple types, such as OSS, commercial component or a service (and more types), since license compliance matters for type of software, not only OSS. Components are in fact a container for releases, because license compliance information and other attributes change between different releases of a component.

    At each release, basic attributes can be stored, some of them are informal, but can give relevant input to usage statistics of software in an organisation.

    +
    Card image cap
    Component

    Card image cap
    Component Edit

    Card image cap
    Component Clearance

    SW360 provides an index for all data, thus searching for keywords will yield results for all different datasets, such as projects, components, licenses, etc. Search for terms can be filtered by data set types.

    +
    Card image cap
    Search

    + + + \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index b28ff65..4c95887 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -1,257 +1 @@ - - - - https://www.eclipse.org/sw360/docs/userguide/login/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/development/restapi/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/userguide/project/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/development/testcases/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/userguide/components/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/licenses/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/requests/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/search/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/preferrences/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/menu/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/ - 2023-01-16T09:30:53+01:00 - - https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/ - 2023-01-16T09:30:53+01:00 - - https://www.eclipse.org/sw360/docs/development/restapi/access/ - 2022-06-28T22:06:55+02:00 - - https://www.eclipse.org/sw360/docs/deployment/baremetal/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-branches/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/ - 2024-03-01T14:13:57+07:00 - - https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/ - 2023-01-16T09:30:53+01:00 - - https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/userguide/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/administrationguide/ - 2022-06-28T22:06:55+02:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/properties/ - 2022-06-28T22:06:55+02:00 - - https://www.eclipse.org/sw360/docs/deployment/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/ - 2022-06-28T18:31:48+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/faq/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/development/ - 2023-01-16T09:30:53+01:00 - - https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/ - 2022-06-28T20:46:15+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/userguide/dependency_network/ - 2023-09-15T15:01:02+07:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/ - 2022-06-28T18:31:48+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/ - 2022-07-08T12:29:11+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/ - 2022-07-08T12:18:26+02:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/userguide/spdx_document/ - 2023-10-03T14:42:00+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/ - 2022-06-28T18:31:48+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/deployment/deploy-requirements/ - 2022-06-22T22:10:18+02:00 - - https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/ - 2022-11-24T16:37:26+01:00 - - https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/ - 2024-04-09T18:22:28+02:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/ - 2022-07-07T09:02:59+07:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/ - 2023-01-13T17:23:07+07:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/ - 2023-07-19T11:47:56+02:00 - - https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/ - 2024-02-28T09:35:24+07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/ - 2023-03-29T03:48:06-07:00 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/about/ - 2022-06-30T15:56:51+09:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/docs/ - 2023-03-29T01:57:54-07:00 - - https://www.eclipse.org/sw360/ - 2022-06-30T15:54:06+09:00 - - https://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/ - 2022-06-28T22:06:55+02:00 - - https://www.eclipse.org/sw360/presentations/ - 2022-12-21T09:51:26+09:00 - - https://www.eclipse.org/sw360/screenshots/ - 2022-06-28T22:06:55+02:00 - - https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/ - 2023-03-29T01:57:54-07:00 - - +https://www.eclipse.org/sw360/docs/userguide/login/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/sw360-homepage/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/development/restapi/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/userguide/project/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/development/testcases/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/userguide/components/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/licenses/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/requests/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/search/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/preferrences/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/administrationguide/menu/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-backend/2023-01-16T09:30:53+01:00https://www.eclipse.org/sw360/docs/development/dev-adding-a-new-portlet-frontend/2023-01-16T09:30:53+01:00https://www.eclipse.org/sw360/docs/development/restapi/access/2022-06-28T22:06:55+02:00https://www.eclipse.org/sw360/docs/deployment/baremetal/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/development/dev-branches/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-adding-new-fields-to-existing-classes/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/testcases/test-cases-components/2024-03-01T14:13:57+07:00https://www.eclipse.org/sw360/docs/development/dev-external-documents-with-couchdb/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-database-migration-using-costco/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-dod-and-style/2023-01-16T09:30:53+01:00https://www.eclipse.org/sw360/docs/development/dev-filtering-in-portlets/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-fossology-integration/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/testcases/test-cases-licenses/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-liferay-friendly-url/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/testcases/test-cases-moderations/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-moderation-requests/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/testcases/test-cases-projects/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-releasing-sw360/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-role-authorisation-model/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-semantic-commits/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-testing-frameworks/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/development/dev-troubleshooting/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/userguide/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/administrationguide/user-management-roles/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/development/dev-using-requirejs-for-javascript-modules/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/administrationguide/2022-06-28T22:06:55+02:00https://www.eclipse.org/sw360/docs/deployment/upgrading/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/administrationguide/user-scheduling-cve-search-by-admins/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/administrationguide/user-data-model-enumerations/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/administrationguide/properties/2022-06-28T22:06:55+02:00https://www.eclipse.org/sw360/docs/deployment/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/2022-06-28T18:31:48+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/workflows/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/faq/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/component-naming/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/user-attachment-file-types/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/good-record-creation-structure/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/development/2023-01-16T09:30:53+01:00https://www.eclipse.org/sw360/docs/development/restapi/dev-rest-api/2022-06-28T20:46:15+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-authorization-concept/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-files/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-configuration-country-codes/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-cve-search/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/userguide/dependency_network/2023-09-15T15:01:02+07:00https://www.eclipse.org/sw360/docs/deployment/deploy-export-and-import/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay/2022-06-28T18:31:48+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7/2022-07-08T12:29:11+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-liferay7.3/2022-07-08T12:18:26+02:00https://www.eclipse.org/sw360/docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-secure-deployment/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/userguide/spdx_document/2023-10-03T14:42:00+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-specialdeployment/2022-06-28T18:31:48+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-initial-setup18/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/deployment/deploy-requirements/2022-06-22T22:10:18+02:00https://www.eclipse.org/sw360/docs/deployment/legacy/deploy-natively-11/2022-11-24T16:37:26+01:00https://www.eclipse.org/sw360/docs/deployment/baremetal/deploy-natively/2024-04-09T18:22:28+02:00https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/2022-07-07T09:02:59+07:00https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_15_to_16/2023-01-13T17:23:07+07:00https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_16_to_17/2023-07-19T11:47:56+02:00https://www.eclipse.org/sw360/docs/deployment/upgrading/upgrade_version_sw360_17_to_18/2024-02-28T09:35:24+07:00https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/vulnerabilities/2023-03-29T03:48:06-07:00https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/about/2022-06-30T15:56:51+09:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/docs/2023-03-29T01:57:54-07:00https://www.eclipse.org/sw360/2022-06-30T15:54:06+09:00https://www.eclipse.org/sw360/docs/userguide/bestpractices/license-naming/2022-06-28T22:06:55+02:00https://www.eclipse.org/sw360/presentations/2022-12-21T09:51:26+09:00https://www.eclipse.org/sw360/screenshots/2022-06-28T22:06:55+02:00https://www.eclipse.org/sw360/docs/administrationguide/vulnerabilitymanagement/2023-03-29T01:57:54-07:00 \ No newline at end of file + echo 'Changes have been detected, publishing to repo '\''www.eclipse.org/sw360'\''' Changes have been detected, publishing to repo 'www.eclipse.org/sw360' + git config user.email sw360-bot@eclipse.org + git config user.name 'SW360 Bot' + git commit -m 'Website build sw360.website-171' [main 43422cb] Website build sw360.website-171 104 files changed, 29913 insertions(+), 101171 deletions(-) rewrite 404.html (100%) rewrite about/index.html (96%) rewrite docs/administrationguide/index.html (98%) rewrite docs/administrationguide/index.xml (98%) rewrite docs/administrationguide/menu/index.html (97%) rewrite docs/administrationguide/properties/index.html (95%) rewrite docs/administrationguide/user-data-model-enumerations/index.html (98%) rewrite docs/administrationguide/user-management-roles/index.html (98%) rewrite docs/administrationguide/user-scheduling-cve-search-by-admins/index.html (97%) rewrite docs/administrationguide/vulnerabilitymanagement/index.html (97%) rewrite docs/administrationguide/vulnerabilitymanagement/index.xml (95%) rewrite docs/administrationguide/vulnerabilitymanagement/user-check-vulnerabilities-for-your-project/index.html (96%) rewrite docs/administrationguide/vulnerabilitymanagement/vulnerabilities/index.html (98%) rewrite docs/deployment/baremetal/deploy-natively/index.html (98%) rewrite docs/deployment/baremetal/index.html (98%) rewrite docs/deployment/baremetal/index.xml (100%) rewrite docs/deployment/deploy-authorization-concept/index.html (98%) rewrite docs/deployment/deploy-configuration-country-codes/index.html (98%) rewrite docs/deployment/deploy-configuration-files/index.html (98%) rewrite docs/deployment/deploy-cve-search/index.html (98%) rewrite docs/deployment/deploy-export-and-import/index.html (97%) rewrite docs/deployment/deploy-initial-setup18/index.html (97%) rewrite docs/deployment/deploy-requirements/index.html (98%) rewrite docs/deployment/deploy-secure-deployment/index.html (99%) rewrite docs/deployment/deploy-specialdeployment/index.html (98%) rewrite docs/deployment/index.html (98%) rewrite docs/deployment/index.xml (98%) rewrite docs/deployment/legacy/deploy-liferay/index.html (97%) rewrite docs/deployment/legacy/deploy-liferay7.3/index.html (97%) rewrite docs/deployment/legacy/deploy-liferay7/index.html (98%) rewrite docs/deployment/legacy/deploy-natively-11/index.html (97%) rewrite docs/deployment/legacy/index.html (98%) rewrite docs/deployment/legacy/index.xml (99%) rewrite docs/deployment/legacy/nativeinstall/index.html (98%) rewrite docs/deployment/legacy/nativeinstall/index.xml (98%) rewrite docs/deployment/legacy/nativeinstall/native-install-sw360-version-14.0.0-and-16.0.0/index.html (96%) rewrite docs/deployment/legacy/nativeinstall/native-install-sw360-version-17.0.0/index.html (97%) rewrite docs/deployment/upgrading/deploy-upgrade-to-liferay-7.3-and-java-11/index.html (98%) rewrite docs/deployment/upgrading/index.html (98%) rewrite docs/deployment/upgrading/index.xml (98%) rewrite docs/deployment/upgrading/upgrade-sw360-from-14.0.0-to-15.0.0/index.html (98%) rewrite docs/deployment/upgrading/upgrade_version_sw360_15_to_16/index.html (97%) rewrite docs/deployment/upgrading/upgrade_version_sw360_16_to_17/index.html (96%) rewrite docs/deployment/upgrading/upgrade_version_sw360_17_to_18/index.html (96%) rewrite docs/development/dev-adding-a-new-portlet-backend/index.html (97%) rewrite docs/development/dev-adding-a-new-portlet-frontend/index.html (94%) rewrite docs/development/dev-adding-new-fields-to-existing-classes/index.html (97%) rewrite docs/development/dev-branches/index.html (99%) rewrite docs/development/dev-database-migration-using-costco/index.html (97%) rewrite docs/development/dev-dod-and-style/index.html (98%) rewrite docs/development/dev-external-documents-with-couchdb/index.html (97%) rewrite docs/development/dev-filtering-in-portlets/index.html (97%) rewrite docs/development/dev-fossology-integration/index.html (98%) rewrite docs/development/dev-liferay-friendly-url/index.html (98%) rewrite docs/development/dev-moderation-requests/index.html (96%) rewrite docs/development/dev-releasing-sw360/index.html (98%) rewrite docs/development/dev-role-authorisation-model/index.html (98%) rewrite docs/development/dev-semantic-commits/index.html (97%) rewrite docs/development/dev-testing-frameworks/index.html (98%) rewrite docs/development/dev-troubleshooting/index.html (98%) rewrite docs/development/dev-using-requirejs-for-javascript-modules/index.html (96%) rewrite docs/development/index.html (98%) rewrite docs/development/index.xml (97%) rewrite docs/development/restapi/access/index.html (96%) rewrite docs/development/restapi/dev-rest-api/index.html (95%) rewrite docs/development/restapi/index.html (98%) rewrite docs/development/restapi/index.xml (98%) rewrite docs/development/testcases/index.html (98%) rewrite docs/development/testcases/index.xml (99%) rewrite docs/development/testcases/test-cases-components/index.html (98%) rewrite docs/development/testcases/test-cases-licenses/index.html (98%) rewrite docs/development/testcases/test-cases-moderations/index.html (98%) rewrite docs/development/testcases/test-cases-projects/index.html (98%) rewrite docs/index.html (98%) rewrite docs/index.xml (95%) rewrite docs/userguide/bestpractices/component-naming/index.html (97%) rewrite docs/userguide/bestpractices/good-record-creation-structure/index.html (98%) rewrite docs/userguide/bestpractices/index.html (98%) rewrite docs/userguide/bestpractices/index.xml (99%) rewrite docs/userguide/bestpractices/license-naming/index.html (97%) rewrite docs/userguide/bestpractices/user-attachment-file-types/index.html (98%) rewrite docs/userguide/bestpractices/workflows/index.html (98%) rewrite docs/userguide/components/index.html (97%) rewrite docs/userguide/dependency_network/index.html (98%) rewrite docs/userguide/faq/index.html (98%) rewrite docs/userguide/index.html (98%) rewrite docs/userguide/index.xml (98%) rewrite docs/userguide/licenses/index.html (98%) rewrite docs/userguide/login/index.html (98%) rewrite docs/userguide/preferrences/index.html (98%) rewrite docs/userguide/project/index.html (98%) rewrite docs/userguide/requests/index.html (97%) rewrite docs/userguide/search/index.html (97%) rewrite docs/userguide/spdx_document/index.html (99%) rewrite docs/userguide/sw360-homepage/index.html (97%) delete mode 100644 img/clients/BoschSI.png delete mode 100644 img/clients/Toshiba.png delete mode 100644 img/clients/Verifa.png rewrite index.html (99%) rewrite index.xml (100%) rewrite presentations/index.html (99%) rewrite presentations/index.xml (100%) rewrite screenshots/index.html (99%) rewrite sitemap.xml (100%) + git log --graph --abbrev-commit --date=relative -n 5 * commit 43422cb | Author: SW360 Bot | Date: 4 seconds ago | | Website build sw360.website-171 | * commit 68f4ee7 | Author: SW360 Bot | Date: 2 hours ago | | Website build sw360.website-169 | * commit d7e65f9 | Author: SW360 Bot | Date: 3 months ago | | Website build sw360.website-165 | * commit e2b6017 | Author: SW360 Bot | Date: 4 months ago | | Website build sw360.website-162 | * commit d81c5a1 | Author: SW360 Bot | Date: 6 months ago | | Website build sw360.website-161 + git push origin HEAD:main To github.com:eclipse-sw360/sw360.website.published.git 68f4ee7..43422cb HEAD -> main [Pipeline] } $ ssh-agent -k unset SSH_AUTH_SOCK; unset SSH_AGENT_PID; echo Agent pid 198 killed; [ssh-agent] Stopped. [Pipeline] // sshagent [Pipeline] } [Pipeline] // dir [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] } [Pipeline] // podTemplate [Pipeline] End of Pipeline Finished: SUCCESS