From 0ee37030fb60916b1c4eb02c34980db3d5ebbbb7 Mon Sep 17 00:00:00 2001
From: Andreas Lay <andreas.lay@sodgeit.de>
Date: Wed, 11 Sep 2024 14:23:48 +0200
Subject: [PATCH] refactor: remove input argument from sbom generate

This is currently a burden during development.
Documentation is hard to write as many undocumented things happen in the background.
This will be reintroduced in a later stage.
---
 cmake/sbom.cmake       | 85 +++++++++++++-----------------------------
 readme.md              | 27 ++++----------
 test/CMakeLists.txt    |  1 -
 test/input_doc.cmake   | 13 -------
 test/input_doc.spdx.in | 25 -------------
 5 files changed, 33 insertions(+), 118 deletions(-)
 delete mode 100644 test/input_doc.cmake
 delete mode 100644 test/input_doc.spdx.in

diff --git a/cmake/sbom.cmake b/cmake/sbom.cmake
index 83131b1..c2989c2 100644
--- a/cmake/sbom.cmake
+++ b/cmake/sbom.cmake
@@ -563,7 +563,7 @@ function(sbom_generate)
 		PACKAGE_COPYRIGHT
 		ENABLE_CHECKS
 	)
-	set(multiValueArgs INPUT CREATOR PACKAGE_NOTES PACKAGE_PURPOSE)
+	set(multiValueArgs CREATOR PACKAGE_NOTES PACKAGE_PURPOSE)
 	cmake_parse_arguments(
 		SBOM_GENERATE "" "${oneValueArgs}" "${multiValueArgs}" ${ARGN}
 	)
@@ -576,33 +576,31 @@ function(sbom_generate)
 		set(SBOM_GENERATE_PACKAGE_NAME ${PROJECT_NAME})
 	endif()
 
-	if(NOT DEFINED SBOM_GENERATE_INPUT)
-		if(NOT DEFINED SBOM_GENERATE_CREATOR)
-			message(FATAL_ERROR "Specify a CREATOR or pass INPUT files")
-		endif()
+	if(NOT DEFINED SBOM_GENERATE_CREATOR)
+		message(FATAL_ERROR "Missing required argument CREATOR.")
+	endif()
 
-		cmake_parse_arguments(SBOM_GENERATE_CREATOR "" "PERSON;ORGANIZATION;EMAIL" "" ${SBOM_GENERATE_CREATOR})
-		if(SBOM_GENERATE_CREATOR_UNPARSED_ARGUMENTS)
-			message(FATAL_ERROR "Unknown subarguments: ${SBOM_GENERATE_CREATOR_UNPARSED_ARGUMENTS} for CREATOR.")
-		endif()
-		if((NOT DEFINED SBOM_GENERATE_CREATOR_PERSON) AND (NOT DEFINED SBOM_GENERATE_CREATOR_ORGANIZATION))
-			message(FATAL_ERROR "Missing <PERSON|ORGANIZATION> <name> for argument CREATOR.")
-		elseif(DEFINED SBOM_GENERATE_CREATOR_PERSON AND DEFINED SBOM_GENERATE_CREATOR_ORGANIZATION)
-			message(FATAL_ERROR "Specify either PERSON or ORGANIZATION, not both.")
-		endif()
+	cmake_parse_arguments(SBOM_GENERATE_CREATOR "" "PERSON;ORGANIZATION;EMAIL" "" ${SBOM_GENERATE_CREATOR})
+	if(SBOM_GENERATE_CREATOR_UNPARSED_ARGUMENTS)
+		message(FATAL_ERROR "Unknown subarguments: ${SBOM_GENERATE_CREATOR_UNPARSED_ARGUMENTS} for CREATOR.")
+	endif()
+	if((NOT DEFINED SBOM_GENERATE_CREATOR_PERSON) AND (NOT DEFINED SBOM_GENERATE_CREATOR_ORGANIZATION))
+		message(FATAL_ERROR "Missing <PERSON|ORGANIZATION> <name> for argument CREATOR.")
+	elseif(DEFINED SBOM_GENERATE_CREATOR_PERSON AND DEFINED SBOM_GENERATE_CREATOR_ORGANIZATION)
+		message(FATAL_ERROR "Specify either PERSON or ORGANIZATION, not both.")
+	endif()
 
-		if(NOT DEFINED SBOM_GENERATE_PACKAGE_URL)
-			if(NOT DEFINED SBOM_GENERATE_NAMESPACE)
-				message(FATAL_ERROR "Specify NAMESPACE when PACKAGE_URL is omitted.")
-			endif()
+	if(NOT DEFINED SBOM_GENERATE_PACKAGE_URL)
+		if(NOT DEFINED SBOM_GENERATE_NAMESPACE)
+			message(FATAL_ERROR "Specify NAMESPACE when PACKAGE_URL is omitted.")
 		endif()
+	endif()
 
-		if(NOT DEFINED SBOM_GENERATE_NAMESPACE)
-			if((NOT DEFINED SBOM_GENERATE_PACKAGE_URL) OR (SBOM_GENERATE_PACKAGE_URL STREQUAL "NONE") OR (SBOM_GENERATE_PACKAGE_URL STREQUAL "NOASSERTION"))
-				message(FATAL_ERROR "Specifiy PACKAGE_URL <url> when NAMESPACE is omitted.")
-			endif()
-			set(SBOM_GENERATE_NAMESPACE "${SBOM_GENERATE_PACKAGE_URL}/spdxdocs/${SBOM_GENERATE_PACKAGE_NAME}-${SBOM_GENERATE_PACKAGE_VERSION}")
+	if(NOT DEFINED SBOM_GENERATE_NAMESPACE)
+		if((NOT DEFINED SBOM_GENERATE_PACKAGE_URL) OR (SBOM_GENERATE_PACKAGE_URL STREQUAL "NONE") OR (SBOM_GENERATE_PACKAGE_URL STREQUAL "NOASSERTION"))
+			message(FATAL_ERROR "Specifiy PACKAGE_URL <url> when NAMESPACE is omitted.")
 		endif()
+		set(SBOM_GENERATE_NAMESPACE "${SBOM_GENERATE_PACKAGE_URL}/spdxdocs/${SBOM_GENERATE_PACKAGE_NAME}-${SBOM_GENERATE_PACKAGE_VERSION}")
 	endif()
 
 	if(NOT DEFINED GIT_VERSION)
@@ -709,36 +707,13 @@ function(sbom_generate)
 	set(_sbom_intermediate_file "$<CONFIG>/sbom.spdx.in")
 	set(_sbom_document_template "SPDXRef-DOCUMENT.spdx.in")
 	set(_sbom_export_path "${SBOM_GENERATE_OUTPUT}")
-	set(_sbom_provided_input false)
 
 	if(NOT IS_ABSOLUTE "${SBOM_GENERATE_OUTPUT}")
 		set(_sbom_export_path "\${CMAKE_INSTALL_PREFIX}/${SBOM_GENERATE_OUTPUT}")
 	endif()
 
-	if(NOT DEFINED SBOM_GENERATE_INPUT)
-		_sbom_generate_document_template()
-		set(SBOM_LAST_SPDXID "SPDXRef-${SBOM_GENERATE_PACKAGE_NAME}" PARENT_SCOPE)
-	else()
-		set(_sbom_provided_input true)
-		set(_sbom_provided_input_files "")
-		foreach(_f IN LISTS SBOM_GENERATE_INPUT)
-			if( NOT IS_ABSOLUTE "${_f}" )
-				message(FATAL_ERROR "Input file must be an absolute path: ${_f}")
-			endif()
-			get_filename_component(_f_name "${_f}" NAME) #REFAC(>=3.20): Use cmake_path() instead of get_filename_component().
-			set(_f_in "${SBOM_BINARY_DIR}/${_f_name}")
-			set(_f_in_gen "${_f_in}_gen")
-			configure_file("${_f}" "${_f_in}" @ONLY)
-			file(
-				GENERATE
-				OUTPUT "${_f_in_gen}"
-				INPUT "${_f_in}"
-			)
-			list(APPEND _sbom_provided_input_files "${_f_in_gen}")
-		endforeach()
-
-		set(SBOM_LAST_SPDXID "" PARENT_SCOPE)
-	endif()
+	_sbom_generate_document_template()
+	set(SBOM_LAST_SPDXID "SPDXRef-${SBOM_GENERATE_PACKAGE_NAME}" PARENT_SCOPE)
 
 	_sbom_append_sbom_snippet("setup.cmake")
 	file(GENERATE
@@ -755,18 +730,8 @@ message(STATUS \"Installing: \${SBOM_EXPORT_FILENAME}\")
 set(SBOM_INTERMEDIATE_FILE \"\${SBOM_BINARY_DIR}/sbom-build/${_sbom_intermediate_file}\")
 file(WRITE \${SBOM_INTERMEDIATE_FILE} \"\")
 
-set(SBOM_PROVIDED_INPUT_FILES \"${_sbom_provided_input_files}\")
-set(SBOM_PROVIDED_INPUT ${_sbom_provided_input})
-
-if(NOT SBOM_PROVIDED_INPUT)
-	file(READ \"\${SBOM_SNIPPET_DIR}/\${SBOM_DOCUMENT_TEMPLATE}\" _f_contents)
-	file(APPEND \"\${SBOM_INTERMEDIATE_FILE}\" \"\${_f_contents}\")
-else()
-	foreach(_f IN LISTS SBOM_PROVIDED_INPUT_FILES)
-		file(READ \"\${_f}\" _f_contents)
-		file(APPEND \"\${SBOM_INTERMEDIATE_FILE}\" \"\${_f_contents}\")
-	endforeach()
-endif()
+file(READ \"\${SBOM_SNIPPET_DIR}/\${SBOM_DOCUMENT_TEMPLATE}\" _f_contents)
+file(APPEND \"\${SBOM_INTERMEDIATE_FILE}\" \"\${_f_contents}\")
 
 set(SBOM_VERIFICATION_CODES \"\")
 "
diff --git a/readme.md b/readme.md
index f52a92c..f786f53 100644
--- a/readme.md
+++ b/readme.md
@@ -178,10 +178,9 @@ Generates the SBOM creator information and the package information of the packag
 
 ```cmake
 sbom_generate(
-   [INPUT <filename>...]
+   CREATOR <PERSON|ORGANIZATION> <name> [EMAIL <email>]
    [OUTPUT <filename>]
    [NAMESPACE <URI>]
-   [CREATOR <PERSON|ORGANIZATION> <name> [EMAIL <email>]]
    [PACKAGE_NAME <package_name>]
    [PACKAGE_VERSION <version_string>]
    [PACKAGE_FILENAME <filename>]
@@ -198,23 +197,7 @@ sbom_generate(
 )
 ```
 
-- `INPUT`: One or more file names, which are concatenated into the SBOM output file.
-  - ***Restrictions:***
-    - Absolute paths only.
-  - Variables and generator expressions are supported in these files.
-  - Variables in the form `@var@` are replaced during config, `${var}` during install.
-  - When omitted, a standard document/package SBOM is generated.
-  - The other parameters can be referenced in the input files, prefixed with `SBOM_GENERATE_`.
-- `OUTPUT`: Output filename.
-  - Can be absolute or relative to `CMAKE_INSTALL_PREFIX`.
-  - Default location is `${CMAKE_INSTALL_PREFIX}/share/${PACKAGE_NAME}-sbom-${GIT_VERSION_PATH}.spdx`.
-  - `--prefix` option is honoured when added to the install command.
-  - `--prefix` and `${CMAKE_INSTALL_PREFIX}` have no effect when `OUTPUT` is an absolute path.
-- `NAMESPACE`: Document namespace.
-  - may be omitted when any `INPUT` is given.
-  - If not specified, default to a URL based on `PACKAGE_URL`, `PACKAGE_NAME` and `PACKAGE_VERSION`.
 - `CREATOR`: Supplier of the Package and Creator of the sbom
-  - May be omitted when any `INPUT` is given.
   - See [SPDX clause 6.8](https://spdx.github.io/spdx-spec/v2.3/document-creation-information/#68-creator-field) & [SPDX clause 7.5](https://spdx.github.io/spdx-spec/v2.3/package-information/#75-package-supplier-field) for more information.
   - One of the `<PERSON|ORGANIZATION>` keywords must be provided.
   - `EMAIL` is optional.
@@ -224,6 +207,13 @@ sbom_generate(
   - ***Note:***
     - The SPDX specification differentiates between the creator of the SBOM and the supplier of the package it describes. However, this project treats them as the same entity. This is based on the assumption that whoever uses this project, uses it to generate a SBOM for a package they are building. In this case, the creator of the SBOM and the supplier of the package are the same entity.
     - The SBOM-Builder is always added as an additional creator of the SBOM.
+- `OUTPUT`: Output filename.
+  - Can be absolute or relative to `CMAKE_INSTALL_PREFIX`.
+  - Default location is `${CMAKE_INSTALL_PREFIX}/share/${PACKAGE_NAME}-sbom-${GIT_VERSION_PATH}.spdx`.
+  - `--prefix` option is honoured when added to the install command.
+  - `--prefix` and `${CMAKE_INSTALL_PREFIX}` have no effect when `OUTPUT` is an absolute path.
+- `NAMESPACE`: Document namespace.
+  - If not specified, default to a URL based on `PACKAGE_URL`, `PACKAGE_NAME` and `PACKAGE_VERSION`.
 - `PACKAGE_NAME`: Package name.
   - Defaults to `${PROJECT_NAME}`.
   - See [SPDX clause 7.1](https://spdx.github.io/spdx-spec/v2.3/package-information/#71-package-name-field) for more information.
@@ -238,7 +228,6 @@ sbom_generate(
   - Defaults to `NOASSERTION`.
   - See [SPDX clause 7.7](https://spdx.github.io/spdx-spec/v2.3/package-information/#77-package-download-location-field) for more information.
 - `PACKAGE_URL`: Package home page.
-  - may be omitted when any `INPUT` is given.
   - `NONE` or `NOASSERTION` require that `NAMESPACE` is provided.
   - otherwise `<url>` is required.
   - See [SPDX clause 7.11](https://spdx.github.io/spdx-spec/v2.3/package-information/#711-package-home-page-field) for more information.
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index e4f3a94..f007c55 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -67,7 +67,6 @@ endfunction()
 test(minimal)
 test(minimal2)
 test(full_doc)
-test(input_doc)
 test(file)
 test(package)
 test(dir)
diff --git a/test/input_doc.cmake b/test/input_doc.cmake
deleted file mode 100644
index 148461d..0000000
--- a/test/input_doc.cmake
+++ /dev/null
@@ -1,13 +0,0 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
-#
-# SPDX-License-Identifier: MIT
-
-@TEST_PREAMBLE@
-
-include(sbom)
-
-sbom_generate(INPUT @CMAKE_CURRENT_LIST_DIR@/input_doc.spdx.in PACKAGE_COPYRIGHT "2023 me")
-
-sbom_finalize()
-
-@TEST_VERIFY@
diff --git a/test/input_doc.spdx.in b/test/input_doc.spdx.in
deleted file mode 100644
index 55a4d1f..0000000
--- a/test/input_doc.spdx.in
+++ /dev/null
@@ -1,25 +0,0 @@
-# SPDX-FileCopyrightText: 2023-2024 Jochem Rutgers
-#
-# SPDX-License-Identifier: CC0-1.0
-
-SPDXVersion: SPDX-2.3
-DataLicense: CC0-1.0
-SPDXID: SPDXRef-DOCUMENT
-DocumentName: @PROJECT_NAME@
-DocumentNamespace: https://test.com/spdxdoc/@PROJECT_NAME@
-Creator: Organization: TestOrg
-Creator: Tool: cmake-sbom
-Created: @NOW_UTC@
-
-PackageName: @PROJECT_NAME@
-SPDXID: SPDXRef-Package-test
-PackageVersion: 1
-PackageSupplier: Organization: TestOrg
-PackageDownloadLocation: NOASSERTION
-PackageLicenseConcluded: NOASSERTION
-PackageLicenseDeclared: NOASSERTION
-PackageCopyrightText: @SBOM_GENERATE_COPYRIGHT@
-PackageHomePage: https://www.testOrg.com
-BuiltDate: @NOW_UTC@
-PackageVerificationCode: ${SBOM_VERIFICATION_CODE}
-Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-test